I have attached the malware screenshot that one of my users has sent me. Anyone know whats going on or whats causing this, or better yet, how to fix what ever has gone wrong.

Try downloading the files form your customer area at vB.com, for the exact version you are using, and upload those files to your server, allowing overwrite, then test again.

I bet it's coming from one of your third party adverts.

I don't see any of that in the Sucuri report, http://sitecheck.sucuri.net/results/hanging-out.net

I bet it's coming from one of your third party adverts.

I dont run any advertisements at all.

You have it set where you must be logged in to view the board? Must be hell on your SEO.

Even at that, look here - you have alot of 404 errors AND third party links abound.

http://www.webpagetest.org/result/140117_CT_28M/1/details/

If you click on any link on the site the address bar for FF in the lower left hand corner briefly show that is transfering data from komedes.at....

screenshot attached

If you click on any link on the site the address bar for FF in the lower left hand corner briefly show that is transfering data from komedes.at....

screenshot attachedThat's one of the third party links in your pageload waterfall i linked you to.

Your site has been infected somehow, this could be from an outdated script or just a poorly coded plugin.
I'd suggest you upgrade your forum, upgrade your plugins and scan your public styles for any malware code listed in the report by the OP.

You have it set where you must be logged in to view the board? Must be hell on your SEO.

Even at that, look here - you have alot of 404 errors AND third party links abound.

http://www.webpagetest.org/result/140117_CT_28M/1/details/


I dont do any SEO. Im an organic chemist, so honestly I dont have any idea what this means. I can tell its not good, but how to I clean it up.

Turn off the plugin/hook system in adminCP and re-run the test I gave you, if the suspicious 3rd party links go away then you know it is a product, mod or plugin.

Turn off the plugin/hook system in adminCP and re-run the test I gave you, if the suspicious 3rd party links go away then you know it is a product, mod or plugin.


I turned everything off (pluggins) and its still there according to the link you gave me after I tested it

Try downloading the files form your customer area at vB.com, for the exact version you are using, and upload those files to your server, allowing overwrite, then test again.

Try downloading the files form your customer area at vB.com, for the exact version you are using, and upload those files to your server, allowing overwrite, then test again.


ill give it a try. Im not sure I really understand how to do this...but what do I have to lose. lol

Did you not install the site yourself, and load the files through your FTP?

Did you not install the site yourself, and load the files through your FTP?



Yea, that was several years ago.

What version of vB3 are you running?

What version of vB3 are you running?It's 3.8.7 and it looks like his clientscript folder is injected with malware.

Yeah still best to load all new files and then see if the issues still persist.

Uploading files now

--------------- Added 1389924649 at 1389924649 ---------------

Didnt work...that redirect is still there and it still there according to that test link? Any ideas?

Delete the clientscript folder and replace it with a fresh one

Delete the clientscript folder and replace it with a fresh one



I did this and it looks like the redirect is gone. Thank you to all for your help.

Weird, when you loaded the new files, it should have fixed it as well, unless there was a extra file in there that did not belong. Glad to hear it seems fixed though. :)

Weird, when you loaded the new files, it should have fixed it as well, unless there was a extra file in there that did not belong. Glad to hear it seems fixed though. :)

This is the way I fixed someone elses before as there was a hidden file in there so had a feeling they done the same thing

Good call. :)

Happy to help someone out

Oddly, now you have a 404 error on your ame.js file... This is the Mod: Automatic Media Embedding.

Test result: http://www.webpagetest.org/result/140117_YN_QN8/1/details/

Looks like he still has some small errors need fixing