vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Is our site infected with malware ? Kindly help (https://vborg.vbsupport.ru/showthread.php?t=322053)

SaN-DeeP 03-08-2016 06:44 AM
Is our site infected with malware ? Kindly help
 
Some forum threads of Techarena are redirecting on other websites that are indexed in google. Some of the redirected websites are official sites like Lenovo, Asus, Nvidia, etc; but there are also other spam websites where the forum threads are redirecting such as Peel.com, Cognizant Infrastructure Services | Cognizant Technology Solutions, Exametc.com - Browse all India examination results and notifications of Secondary board, Higher secondary board, university, competitive examination and entrance examination, etc.

1. site:techarena.in forums techarena in - Google Search

https://vborg.vbsupport.ru/external/2016/03/13.jpg

2. site:techarena.in forums techarena in - Google Search

https://vborg.vbsupport.ru/external/2016/03/13.jpg

3. site:techarena.in forums techarena in - Google Search

https://vborg.vbsupport.ru/external/2016/03/14.jpg

4. https://www.google.co.in/search?safe...e=off&start=30

https://vborg.vbsupport.ru/external/2016/03/15.jpg

5. https://www.google.co.in/search?safe...e=off&start=40

https://vborg.vbsupport.ru/external/2016/03/16.jpg

6. https://www.google.co.in/search?safe...e=off&start=50

https://vborg.vbsupport.ru/external/2016/03/17.jpg

7. https://www.google.co.in/search?safe...=off&start=140

https://vborg.vbsupport.ru/external/2016/03/18.jpg

And there are many more issues following the same links of https://www.google.co.in/search?safe...=off&start=140

SaN-DeeP 03-08-2016 08:08 AM
1 Attachment(s)
Adding another screenshot, try searching following in google without quotes:

"site:forums.techarena.in redirecto"

You will note that users are jumping away from our content to other sites.

SaN-DeeP 03-08-2016 09:50 AM
We tried to run server scans as well. But nothing vulnerable on server software.

---------- SCAN SUMMARY -----------
Known viruses: 4313338
Engine version: 0.98.7
Scanned directories: 2276
Scanned files: 106245
Infected files: 0
Data scanned: 5928.69 MB
Data read: 9646.79 MB (ratio 0.61:1)
Time: 407.816 sec (6 m 47 s)

Scans that where done are maldet and clam Av scan, both finished negative.

Dave 03-08-2016 09:55 AM
I just checked but all of the links in your first post are fine to me. They all link to your forum just fine.

SaN-DeeP 03-08-2016 01:27 PM
Quote:
Originally Posted by Dave (Post 2566766)
I just checked but all of the links in your first post are fine to me. They all link to your forum just fine.
Thank You,
Kindly check detailed information again in post 2
https://vborg.vbsupport.ru/showpost....61&postcount=2

--------------- Added [DATE]1457451111[/DATE] at [TIME]1457451111[/TIME] ---------------

We thought at once it was after DBSEO Pro version.. which was installed last few months ago..

But we got a reply its not because of there DBSEO software script but something else..

"This is due to a malware on your site, which is checking the referrer and redirecting when you arrive on your site from Google."

z3r0 03-08-2016 01:59 PM
Have you checked your plugins? the redirect stuff l've seen like that in the past was using the global_complete location, so it's worth checking through.

SaN-DeeP 03-09-2016 07:45 AM
1 Attachment(s)
Quote:
Originally Posted by z3r0 (Post 2566781)
Have you checked your plugins? the redirect stuff l've seen like that in the past was using the global_complete location, so it's worth checking through.
Thank You for reply.
I have following two plugins using global_complete hook location.
Will you kindly take few minutes, helping us fix this crucial issue.

1.
Product = DragonByte Tech: Seo (Pro)
Title = Process Content: Global
Execution Order = 32767
Plugin PhP Code =
Code:
require(DIR . '/dbtech/dbseo/hooks/global_complete.php');
(attached the file global_complete.php)

2.
Product = 8WR Micro Debug
Title = micro DEBUG stats
Execution Order = 5
Plugin PhP Code =
Code:
$totaltime = microtime(true) - TIMESTART;
$templatecache = vB_Template::$template_usage;

$microdebug .= '<div class="footer_morecopyright" style="margin-top: 0px">';
$microdebug .= 'Page Time: <b>' . vb_number_format($totaltime, 5) . '</b> seconds &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
$microdebug .= function_exists('memory_get_usage') ? 'Memory: <b>' . number_format(memory_get_usage() / 1024) . '</b> KB &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;' : '';
$microdebug .= 'Queries: <b>' . $vbulletin->db->querycount . '</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
$microdebug .= 'Templates: <b>' . sizeof($templatecache) . '</b>';

if ($vbulletin->userinfo['usergroupid'] == 6)
{
        $templatequeries = vB_Template::$template_queries;
        $microdebug .= $templatequeries ? ' (<b>' . sizeof($templatequeries) . '</b> uncached)' : '';

        if ($uptime = @exec(uptime))
        {
                $microdebug .= '<br />';
                preg_match_all('/([\d\.]+)/',$uptime,$srv);
                $srv = $srv[1];

                if ($srv[10])
                {
                        $microdebug .= 'Server Uptime: <b>' . $srv[3] . ' months ' . $srv[4] . ' days ' . $srv[5] . ' hours ' . $srv[6] . ' mins</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
                        $microdebug .= 'Server Load: <b>' . $srv[8] . '</b> : ' . $srv[9] . ' : ' . $srv[10];
                }
                else if ($srv[9])
                {
                        $microdebug .= 'Server Uptime: <b>' . $srv[3] . ' days ' . $srv[4] . ' hours ' . $srv[5] . ' mins</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
                        $microdebug .= 'Server Load: <b>' . $srv[7] . '</b> : ' . $srv[8] . ' : ' . $srv[9];
                }
                else if ($srv[8])
                {
                        $microdebug .= 'Server Uptime: <b>' . $srv[3] . ' hours ' . $srv[4] . ' mins</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
                        $microdebug .= 'Server Load: <b>' . $srv[6] . '</b> : ' . $srv[7] . ' : ' . $srv[8];
                }
        }

        if ($templatequeries)
        {
                ksort($templatecache);
                $microdebug .= '<br /><table cellspacing="0" cellpadding="0" border="0" style="margin-left: auto; margin-right: auto;">';

                foreach ($templatecache AS $templatename => $times)
                {
                        if ($templatequeries["$templatename"])
                        {
                                $microdebug .= '<tr><td style="color: red; text-align: left;"><b>' . $templatename . '</b></td><td style="padding-left: 10px;">(' . $times . ')</td></tr>';
                        }
                }

                $microdebug .= '</table>';
        }
}

$microdebug .= "</div>";
$output = str_replace('</body>',$microdebug.'</body>', $output);

z3r0 03-09-2016 02:26 PM
They both look fine.

RichieBoy67 03-10-2016 01:33 AM
What does google webmaster tools show?

--------------- Added [DATE]1457580944[/DATE] at [TIME]1457580944[/TIME] ---------------

Check this in another browser, clear your cookies, check browser extensions, etc. I do not see any issues here with any of your indexed links.

Sounds like your pc has malware, not your site.

SaN-DeeP 03-10-2016 07:49 AM
1 Attachment(s)
Thank You for quick reply richie.
We thought about same first, but results appear same when tested with multiple PCs.
This is the result from a fresh Windows setup on chrome.

Kindly note the urls which are listed in Google.. When we click on them those take us to other site(s)


All times are GMT. The time now is 11:18 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01614 seconds
  • Memory Usage 1,758KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete