The Arcive of Official vBulletin Modifications Site.

mmvashonit · #1 07-29-2009, 02:38 PM

i've had a couple people tell me my site is infected. one of them sent me the report from the Google Safe Browsing addon for Firefox, below.

As near as i can tell, it's either been wrongly reported by someone to a blacklist or it is keying somehow on an updatedate function in the vBulletin code and taking that as the supposed host of malicious software, updatedate.cn. Or maybe someone else on that server is infected?

Anyone else had this happen? I'm contacting my host to see if they can tell if it's compromised but since that updatedate is in the vb code I thought i'd check here to see if others are getting hosed. False positives and kneejerk blacklisting are a royal pain I deal with a lot on the email side of my biz.

Thanks much.

---------------------------------------------
Safe Browsing
Diagnostic page for tbirdforums.com

What is the current listing status for tbirdforums.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-22, and the last time suspicious content was found on this site was on 2009-07-22.

Malicious software is hosted on 1 domain(s), including updatedate.cn/.

This site was hosted on 1 network(s) including AS2914 (NTT).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, tbirdforums.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
-----------------------------------------------

Marco van Herwaarden · #2 07-29-2009, 02:57 PM

Quote:

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

AFAIK this only means that at 1 time in the past 90 days there have been a mallicious page, or a link to a mallicious page on your site. This can very well have been a spam post that you already have deleted.

But i am not an expert in this field.

But have you requested a review as mentioned?

mmvashonit · #3 07-29-2009, 02:57 PM

oops, forgot to mention the site. www.tbirdforums.com/forums

motowebmaster · #4 07-30-2009, 01:37 AM

If you search your domain in the Google, or in the integrated Firefox search box, you will see the Google Search result with the alert you've described.

When you click on the alert link (not your site), a subsequent page has a link within it for site administrators. The URL is below:

http://www.google.com/support/webmas...y?answer=45432

You might try using the Diagnostics feature in the VB Admin Panel to search for suspect file versions. If malware has been installed as a file, or if a standard vb file has been modified, it should show up.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05032 seconds Memory Usage 2,188KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (4)post_thanks_box (4)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (4)post_thanks_postbit_info (4)postbit (4)postbit_onlinestatus (4)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!