The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Malware - popup ads
Hi,
Recently I've noticed that when I click on the website, popup comes up, even though I never added such ads on the forum. URL: beneamata.com How can I find where the code was added and through where did they manage to do that? Thanks in advance --------------- Added [DATE]1593120925[/DATE] at [TIME]1593120925[/TIME] --------------- Ive upgraded version from 3.8.4 to 3.8.9, now there are no more popups, but I wanted to upgrade it to 3.8.11, it got stuck on 3.8.9 with the error: Database error in vBulletin 3.8.9: Invalid SQL: ALTER TABLE adminlog CHANGE ipaddress ipaddress VARCHAR(45) NOT NULL DEFAULT ''; MySQL Error : Table 'elebocom_beneamata.adminlog' doesn't exist Error Number : 1146 IP Address : IPADDRESS Username : Any ideas why? --------------- Added [DATE]1593125969[/DATE] at [TIME]1593125969[/TIME] --------------- Ive created the table, everything is now fixed, I've upgraded to 3.8.11, no more malware popups. Thread can go on lock. |
#2
|
|||
|
|||
It sounds like they might have injected malicious code on the local php files themselves. When you upgraded, you replaced those files with original vB files.
I've seen this happen to wordpress sites. I'd get your host to review your server to ensure it's not compromised. |
#3
|
||||
|
||||
Hi guys,
Malware came back, now I have no idea how to get rid of it. Is it possible it came through some of the plugins? I've removed a folder called 'nav' which was full of files with strange external domains, but still popups are here. Files were called 'nmd sela something'. Any help appreciated. |
#4
|
||||
|
||||
very likely, I browsed your forum and was unable to see any of these popups to pin point the ad (I dont use any adblockers)
If you could share a link to exactly where you are receiving these popups I could help. |
#5
|
||||
|
||||
Homepage, click on the side (blue background, one left mouse click is enough).
|
#6
|
||||
|
||||
Quote:
With that said this could be one of many issues: You yourself could be infected with malware You may have a malware infected browser extension (they're pretty common) Or it may be a vBulletin product with ads injected and only visible to you (which in the sense of adding hidden ads to a product would make no sense, you would want as many viewers as possible to make any kind of profit) Are any of your members reporting these popups? I would register but I do not know Andrea's surname lol |
#7
|
||||
|
||||
Quote:
I'm not logged in, so I dont think its only for users. Also, I dont get it on other websites so its not malware on pc. Forum is inactive now, but I want to keep it clean as an archive, so I dont get reports from other users. If you want to register, answer is 'Ranocchia'. Thanks for trying to help. |
#8
|
||||
|
||||
I have tried firefox, firefox private, chrome, chrome incognito, edge, and IE, all without adblocker. I'm just not getting any form of ads.
but what you can do when you see the ad inspect it in console. Find the top most div of the ad, see where that is in your style, search the words in the html of the ad in your styles, plugins, ect. |
#9
|
|||
|
|||
I'd agree with Dr., i've checked it as well.
Sometimes those ads are IP specific, which may be why you dont get every user complaining about it the popups. It looks like you have some scanning/checking to do in your file system & db. |
#10
|
||||
|
||||
Quote:
https://screencast-o-matic.com/watch/crn2DZSwqm Also, popup also comes up but after a while, so I didnt want to wait for it to record it. |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|