The Arcive of Official vBulletin Modifications Site.

postcd · #1 01-07-2014, 05:39 PM

Im quite lost in this malicious redirect on my vbulletin 4.2.x forum.
This redirect happens only once per day (first visit, cookie?) and only when coming from google, not direct forum visit.

The issue disappers when i disabled one plugin, then reappear next day, then again disappeared when i disabled another plugin, but then reappeared. reason?

"Disabling any mod will flush the datastore and that will appear to banish the malware temporarily. It will be back after a day or two"

OK, i examined datastore. In my /includes/config.php is:

// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
Memcached is also commented out. so i asume i dont use any datastore? /includes/datastore files are almost empty, nothing important in it

But strange is that on some plugin disabling, the malicious filestore72.info redirect disappear - so there must be some cache?!(One need to use Chrome webbrowser anonymous window or similar so cache, cookies is cleared) otherwise this clever malware redirect dont happen.

Any ideas where is my datastore and how to track the infected Mod or file Please?
I can enable "vB_Datastore_Filecache" but im waiting You guys if you get any ideas on current state?

helpfullthread 1, 2

pityocamptes · #2 01-08-2014, 02:56 AM

Have you tried running your site through: http://sitecheck.sucuri.net

exyuteam · #3 03-06-2016, 11:25 AM

From time to time I still have similar redirect problem. I follow some fix solutions but after couple weeks/months hacker inject malware code in my forum.

Does ver. 5.xx is immune for this injection of malware code? If I upgrade forum to ver. 5 maybe I don't have this problem anymore?

the one · #4 03-06-2016, 04:56 PM

Quote:

Originally Posted by pityocamptes

Have you tried running your site through: http://sitecheck.sucuri.net

It amazes me that how many websites you search it always says Website Firewall Not Found Medium Risk PATCH AND PROTECT With Sucuri Firewall.It even say it for vbulletin.org

Thats ridiculous it even says it for my forum and we have a strong firewall .Its a selling con i tell you.

RichieBoy67 · #5 03-06-2016, 08:25 PM

If you guys are fixing your site and still getting the redirect than you are not fixing it. Not only do you have to clean every hacked file but you have to fix the vulnerability and make sure you change all log ins afterwords.

Use Google webmaster tools and your server tools for malware check.

postcd · #6 03-07-2016, 12:11 PM

To prevent idiots hacking your site, password protect your vbulletin admin area folder (admincp), google: password protect folder
They probably can go thru somehow normally, but they cant when you set additional non sql based (.htaccess .htpasswd based) password protection. I would also change hosting password + disvover latelly added/modiffied files if there are no bad files. There are also several other webpages showing tutorials on how to get rid of this hack. good luck

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03672 seconds Memory Usage 2,206KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (6)post_thanks_box (6)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (6)post_thanks_postbit_info (6)postbit (6)postbit_onlinestatus (6)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!