vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Website Contains Malware!? (https://vborg.vbsupport.ru/showthread.php?t=302688)

Divvy 09-26-2013 05:11 PM
Website Contains Malware!?
 
Hi guys,

Maybe someone can help me with this...

If we enter in the website
PHP Code:
http://bukkakeforum.net 
Appears the following message:
Quote:
The Website Ahead Contains Malware!
Google Chrome has blocked access to bukkakeforum.net for now.

Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware.

Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.
Screenshot:
https://vborg.vbsupport.ru/external/2013/09/17.png

If we click "Details about problems on this website" we going to this explanation:
Google Safe Browsing diagnostic page for bukkakeforum.net

Screenshot:
https://vborg.vbsupport.ru/external/2013/09/18.png

I checked website index code source but could find anything suspicious, can someone please take a look?
Index (activity): Paste2.org - Viewing Paste bMAd5CZ5
Forum: Paste2.org - Viewing Paste Ps2VEcGV

Any ideas? Please advice!

Thanks!

Best regards,
Tim

ForceHSS 09-26-2013 05:39 PM
What version is ur tapatalk

--------------- Added 26 Sep 2013 at 19:54 ---------------

Got this after running some tests
The web site contains a remote javascript or iframe that is currently blacklisted. That can be used to infect visitors of your own web site and generate cross-site warnings. If you don't have access to the remote site, remove the link (or iframe or javascript) from your site pointing to it.

It also looks like google has blacklisted your site

--------------- Added 26 Sep 2013 at 20:21 ---------------

Check for
PHP Code:
http://abcactyness1973.tk/src.js 
in your header

warning no one click this link

Edit: Staff edit, replaced link by using php bb code that way no one can accidentally click on it regardless ;).

Divvy 09-27-2013 09:12 AM
Thank you so much buddy!

I already removed the malware code thanks to you through phpmyadmin, was in the template table.

Now I think that I need to Fill a review request through google webmasters right?
Or is enough to wait for google robots to check my website again?
This for google remove the warning page and the warning from google results.

Best regards

ozzy47 09-27-2013 09:27 AM
IIRC, you do need to fill a review request through google webmasters.

Divvy 09-27-2013 07:55 PM
I filled a review and they said that the website is still infected. :-(
Anymore ideas guys?

I really can't find it...

inphoenix 09-27-2013 10:18 PM
I am having the same issue with my site. www.tabletsupportforum.com. Chrome totally blocks it but IE still works with a warning. Any help would be appreciated.

EDIT : The FTP user Id won't work even after I've reset the password !!

This is what I see.

What happened when Google visited this site?
Of the 47 pages we tested on the site over the past 90 days, 18 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-09-26, and the last time suspicious content was found on this site was on 2013-09-26.
Malicious software is hosted on 2 domain(s), including embecafac1973.tk/, 1380214218.hopto.org/.

4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including googledrive.com/, denrenefku1970.tk/, embecafac1973.tk/.

This site was hosted on 1 network(s) including AS26496 (26496-GO-DADDY-COM-LLC).

--------------- Added [DATE]1380390836[/DATE] at [TIME]1380390836[/TIME] ---------------

I was able to get support from mods here and also from vBulletin. Greatly appreciate their help.

Resubmitted review request to Google. Hopefully I will be unblocked today.


All times are GMT. The time now is 12:30 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01470 seconds
  • Memory Usage 1,732KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete