For the past one week, my forum and thread url has some strange characters at the end.
http://www.mysite.com/forums/forum.php#.UvGLWvs-2E0

Any idea what could be adding this at the end of the url ?

My hosting company gave me warning that my site is affecting other sites on the server. Could this be the one causing issues? Has anyone faced this before. My host is threatening to take permanent action :-(
Thanks for the help.


Thanks.

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked (http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked)

http://www.vbulletin.com/forum/blogs...vbulletin-site (http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site)

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5)
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3993204-vbulletin-5-connect-security-patches-released-all-versions)

These number #.UvGLWvs-2E0 are added by a hack to track who has copied your links etc.

e.g. addthis.com or tynt.com etc...

Have you recently added any of these kind of hacks?

Thanks a lot ozzy. I deleted the install folders few months back. I will read the blogs. Thanks a lot for the links.

--------------- Added 1391734998 at 1391734998 ---------------

These number #.UvGLWvs-2E0 are added by a hack to track who has copied your links etc.

e.g. addthis.com or tynt.com etc...

Have you recently added any of these kind of hacks?

Yes seven skins I have addthis.com. I can see online that it adds those additional characters. I found out how to remove those characters. By changing the code addressbar URL = false. Now the strange characters are gone.

Will ADD THIS also cause hostgator to give me this warning? Any ideas? Then I can remove it entirely.

Both of your help is much appreciated. Thanks.

Perhaps you have something else going on with your site, try a scan with this, http://sucuri.net/ and see if you get any results.

From addthis script remove this line and hostgator should leave you alone after this.

<script type="text/javascript">var addthis_config = {"data_track_addressbar":true};</script>

Perhaps you have something else going on with your site, try a scan with this, http://sucuri.net/ and see if you get any results.

I did the scan and there was no problem. Thanks Ozzy for the link. I am going to scan regularly.

From addthis script remove this line and hostgator should leave you alone after this.

<script type="text/javascript">var addthis_config = {"data_track_addressbar":true};</script>

By changing the code addressbar URL = false. Now the strange characters are gone.

Thanks Seven Skins, Add this was the problem. I waited for a week to give update because I waited to see if hostgator sends me any notification. Instead of removing this line, I changed the true to false.

Thank you both once again. :up: I was very tensed.

Perhaps you have something else going on with your site, try a scan with this, http://sucuri.net/ and see if you get any results.
You should read this about that site (http://security.stackexchange.com/questions/29573/sucuri-giving-false-positive-with-their-free-online-scanner-because-of-an-htacc)

Yeah, this looks like Tynt to me. Look for it in your headincludes template and delete it. i had this issue as well and it took me awhile to figure it out.

If it is Tynt I doubt it is effecting your server.

--------------- Added 1392319508 at 1392319508 ---------------

I did the scan and there was no problem. Thanks Ozzy for the link. I am going to scan regularly.





Thanks Seven Skins, Add this was the problem. I waited for a week to give update because I waited to see if hostgator sends me any notification. Instead of removing this line, I changed the true to false.

Thank you both once again. :up: I was very tensed.

Didn't see this. Glad you got it working. I had the same type of url with Tynt. I no longer use it as I do not want my link every where on any old site. :)

You should read this about that site (http://security.stackexchange.com/questions/29573/sucuri-giving-false-positive-with-their-free-online-scanner-because-of-an-htacc)

I have quite a bit in my htaccess and have not received any warnings from them, but I am sure that may not be true for everyone.

I tested my site with htaccess there and removed when it was there I got a warning of malware when removed warning went away

I tested my site with htaccess there and removed when it was there I got a warning of malware when removed warning went away

Wow, was there actually malware on your site? Did you see any issues or warnings in webmaster tools under the security tab?
I am a little confused about how a rewrite rule like that could be confused as malware.

--------------- Added 13 Feb 2014 at 15:28 ---------------

I see the intersting thing now I think you were getting at

From the link you supplied

We are reporting that site because something is redirecting your traffic to the domain when its visited. Has nothing to do with the htaccess file rule you referenced. Something is hijacking your traffic.
Cheers
Tony w/ Sucuri



and another reply to that

0 down vote
This is definitely a cheap trick by Sucuri to create fake insecurity threat and drum-up business. This is exactly the case and error with same http://mydomain.com/404testpage4525d2fdc security warning for a page which does not exist on my website. Also, what makes things more suspicious is the fact that unlike EVERY other such service they do not have a "False Alarm" reporting form/webpage.

Had the same warning and another one I knew it was wrong as the two files they said i did not have on my server that is why i looked into more