vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   Strange URL - Urgent help (https://vborg.vbsupport.ru/showthread.php?t=307935)

evelynpriscilla 02-05-2014 12:18 AM
Strange URL - Urgent help
 
For the past one week, my forum and thread url has some strange characters at the end.
http://www.mysite.com/forums/forum.php#.UvGLWvs-2E0

Any idea what could be adding this at the end of the url ?

My hosting company gave me warning that my site is affecting other sites on the server. Could this be the one causing issues? Has anyone faced this before. My host is threatening to take permanent action :-(
Thanks for the help.


Thanks.

ozzy47 02-05-2014 11:07 AM
First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

Seven Skins 02-06-2014 12:12 PM
These number #.UvGLWvs-2E0 are added by a hack to track who has copied your links etc.

e.g. addthis.com or tynt.com etc...

Have you recently added any of these kind of hacks?

evelynpriscilla 02-07-2014 12:01 AM
Thanks a lot ozzy. I deleted the install folders few months back. I will read the blogs. Thanks a lot for the links.

--------------- Added [DATE]1391734998[/DATE] at [TIME]1391734998[/TIME] ---------------

Quote:
Originally Posted by Seven Skins (Post 2479360)
These number #.UvGLWvs-2E0 are added by a hack to track who has copied your links etc.

e.g. addthis.com or tynt.com etc...

Have you recently added any of these kind of hacks?
Yes seven skins I have addthis.com. I can see online that it adds those additional characters. I found out how to remove those characters. By changing the code addressbar URL = false. Now the strange characters are gone.

Will ADD THIS also cause hostgator to give me this warning? Any ideas? Then I can remove it entirely.

Both of your help is much appreciated. Thanks.

ozzy47 02-07-2014 12:50 AM
Perhaps you have something else going on with your site, try a scan with this, http://sucuri.net/ and see if you get any results.

Seven Skins 02-07-2014 10:50 AM
From addthis script remove this line and hostgator should leave you alone after this.

<script type="text/javascript">var addthis_config = {"data_track_addressbar":true};</script>

evelynpriscilla 02-13-2014 05:38 PM
Quote:
Originally Posted by ozzy47 (Post 2479448)
Perhaps you have something else going on with your site, try a scan with this, http://sucuri.net/ and see if you get any results.
I did the scan and there was no problem. Thanks Ozzy for the link. I am going to scan regularly.

Quote:
Originally Posted by Seven Skins (Post 2479515)
From addthis script remove this line and hostgator should leave you alone after this.

<script type="text/javascript">var addthis_config = {"data_track_addressbar":true};</script>
Quote:
Originally Posted by evelynpriscilla (Post 2479432)
By changing the code addressbar URL = false. Now the strange characters are gone.
Thanks Seven Skins, Add this was the problem. I waited for a week to give update because I waited to see if hostgator sends me any notification. Instead of removing this line, I changed the true to false.

Thank you both once again. :up: I was very tensed.

ForceHSS 02-13-2014 05:57 PM
Quote:
Originally Posted by ozzy47 (Post 2479448)
Perhaps you have something else going on with your site, try a scan with this, http://sucuri.net/ and see if you get any results.
You should read this about that site

RichieBoy67 02-13-2014 06:22 PM
Yeah, this looks like Tynt to me. Look for it in your headincludes template and delete it. i had this issue as well and it took me awhile to figure it out.

If it is Tynt I doubt it is effecting your server.

--------------- Added [DATE]1392319508[/DATE] at [TIME]1392319508[/TIME] ---------------

Quote:
Originally Posted by evelynpriscilla (Post 2480899)
I did the scan and there was no problem. Thanks Ozzy for the link. I am going to scan regularly.





Thanks Seven Skins, Add this was the problem. I waited for a week to give update because I waited to see if hostgator sends me any notification. Instead of removing this line, I changed the true to false.

Thank you both once again. :up: I was very tensed.
Didn't see this. Glad you got it working. I had the same type of url with Tynt. I no longer use it as I do not want my link every where on any old site. :)

ozzy47 02-13-2014 06:40 PM
Quote:
Originally Posted by ForceHSS (Post 2480912)
I have quite a bit in my htaccess and have not received any warnings from them, but I am sure that may not be true for everyone.

ForceHSS 02-13-2014 07:09 PM
I tested my site with htaccess there and removed when it was there I got a warning of malware when removed warning went away

RichieBoy67 02-13-2014 07:25 PM
Quote:
Originally Posted by ForceHSS (Post 2480933)
I tested my site with htaccess there and removed when it was there I got a warning of malware when removed warning went away
Wow, was there actually malware on your site? Did you see any issues or warnings in webmaster tools under the security tab?
I am a little confused about how a rewrite rule like that could be confused as malware.

--------------- Added 13 Feb 2014 at 15:28 ---------------

I see the intersting thing now I think you were getting at

From the link you supplied

Quote:
We are reporting that site because something is redirecting your traffic to the domain when its visited. Has nothing to do with the htaccess file rule you referenced. Something is hijacking your traffic.
Cheers
Tony w/ Sucuri
and another reply to that

Quote:
0 down vote
This is definitely a cheap trick by Sucuri to create fake insecurity threat and drum-up business. This is exactly the case and error with same http://mydomain.com/404testpage4525d2fdc security warning for a page which does not exist on my website. Also, what makes things more suspicious is the fact that unlike EVERY other such service they do not have a "False Alarm" reporting form/webpage.

ForceHSS 02-13-2014 09:26 PM
Had the same warning and another one I knew it was wrong as the two files they said i did not have on my server that is why i looked into more


All times are GMT. The time now is 02:52 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01215 seconds
  • Memory Usage 1,754KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (10)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (13)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete