Is our site infected with malware ? Kindly help

[SaN-DeeP]

Some forum threads of Techarena are redirecting on other websites that are indexed in google. Some of the redirected websites are official sites like Lenovo, Asus, Nvidia, etc; but there are also other spam websites where the forum threads are redirecting such as Peel.com, Cognizant Infrastructure Services | Cognizant Technology Solutions, Exametc.com - Browse all India examination results and notifications of Secondary board, Higher secondary board, university, competitive examination and entrance examination, etc.

1. site:techarena.in forums techarena in - Google Search



2. site:techarena.in forums techarena in - Google Search



3. site:techarena.in forums techarena in - Google Search



4. https://www.google.co.in/search?safe...e=off&start=30



5. https://www.google.co.in/search?safe...e=off&start=40



6. https://www.google.co.in/search?safe...e=off&start=50



7. https://www.google.co.in/search?safe...=off&start=140



And there are many more issues following the same links of https://www.google.co.in/search?safe...=off&start=140

[SaN-DeeP]

Adding another screenshot, try searching following in google without quotes:

"site:forums.techarena.in redirecto"

You will note that users are jumping away from our content to other sites.

[SaN-DeeP]

We tried to run server scans as well. But nothing vulnerable on server software.

---------- SCAN SUMMARY -----------
Known viruses: 4313338
Engine version: 0.98.7
Scanned directories: 2276
Scanned files: 106245
Infected files: 0
Data scanned: 5928.69 MB
Data read: 9646.79 MB (ratio 0.61:1)
Time: 407.816 sec (6 m 47 s)

Scans that where done are maldet and clam Av scan, both finished negative.

[Dave]

I just checked but all of the links in your first post are fine to me. They all link to your forum just fine.

[SaN-DeeP]

Quote:

Originally Posted by Dave

I just checked but all of the links in your first post are fine to me. They all link to your forum just fine.

Thank You,
Kindly check detailed information again in post 2
https://vborg.vbsupport.ru/showpost....61&postcount=2

--------------- Added [DATE]1457451111[/DATE] at [TIME]1457451111[/TIME] ---------------

We thought at once it was after DBSEO Pro version.. which was installed last few months ago..

But we got a reply its not because of there DBSEO software script but something else..

"This is due to a malware on your site, which is checking the referrer and redirecting when you arrive on your site from Google."

[z3r0]

Have you checked your plugins? the redirect stuff l've seen like that in the past was using the global_complete location, so it's worth checking through.

[SaN-DeeP]

Quote:

Originally Posted by z3r0

Have you checked your plugins? the redirect stuff l've seen like that in the past was using the global_complete location, so it's worth checking through.

Thank You for reply.
I have following two plugins using global_complete hook location.
Will you kindly take few minutes, helping us fix this crucial issue.

1.
Product = DragonByte Tech: Seo (Pro)
Title = Process Content: Global
Execution Order = 32767
Plugin PhP Code =

Code:

require(DIR . '/dbtech/dbseo/hooks/global_complete.php');

(attached the file global_complete.php)

2.
Product = 8WR Micro Debug
Title = micro DEBUG stats
Execution Order = 5
Plugin PhP Code =

Code:

$totaltime = microtime(true) - TIMESTART;
$templatecache = vB_Template::$template_usage;

$microdebug .= '<div class="footer_morecopyright" style="margin-top: 0px">';
$microdebug .= 'Page Time: <b>' . vb_number_format($totaltime, 5) . '</b> seconds &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
$microdebug .= function_exists('memory_get_usage') ? 'Memory: <b>' . number_format(memory_get_usage() / 1024) . '</b> KB &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;' : '';
$microdebug .= 'Queries: <b>' . $vbulletin->db->querycount . '</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
$microdebug .= 'Templates: <b>' . sizeof($templatecache) . '</b>';

if ($vbulletin->userinfo['usergroupid'] == 6)
{
	$templatequeries = vB_Template::$template_queries;
	$microdebug .= $templatequeries ? ' (<b>' . sizeof($templatequeries) . '</b> uncached)' : '';

	if ($uptime = @exec(uptime))
	{
		$microdebug .= '<br />';
		preg_match_all('/([\d\.]+)/',$uptime,$srv);
		$srv = $srv[1];

		if ($srv[10])
		{
			$microdebug .= 'Server Uptime: <b>' . $srv[3] . ' months ' . $srv[4] . ' days ' . $srv[5] . ' hours ' . $srv[6] . ' mins</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
			$microdebug .= 'Server Load: <b>' . $srv[8] . '</b> : ' . $srv[9] . ' : ' . $srv[10];
		}
		else if ($srv[9])
		{
			$microdebug .= 'Server Uptime: <b>' . $srv[3] . ' days ' . $srv[4] . ' hours ' . $srv[5] . ' mins</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
			$microdebug .= 'Server Load: <b>' . $srv[7] . '</b> : ' . $srv[8] . ' : ' . $srv[9];
		}
		else if ($srv[8])
		{
			$microdebug .= 'Server Uptime: <b>' . $srv[3] . ' hours ' . $srv[4] . ' mins</b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
			$microdebug .= 'Server Load: <b>' . $srv[6] . '</b> : ' . $srv[7] . ' : ' . $srv[8];
		}
	}

	if ($templatequeries)
	{
		ksort($templatecache);
		$microdebug .= '<br /><table cellspacing="0" cellpadding="0" border="0" style="margin-left: auto; margin-right: auto;">';

		foreach ($templatecache AS $templatename => $times)
		{
			if ($templatequeries["$templatename"])
			{
				$microdebug .= '<tr><td style="color: red; text-align: left;"><b>' . $templatename . '</b></td><td style="padding-left: 10px;">(' . $times . ')</td></tr>';
			}
		}

		$microdebug .= '</table>';
	}
}

$microdebug .= "</div>";
$output = str_replace('</body>',$microdebug.'</body>', $output);

[z3r0]

They both look fine.

[RichieBoy67]

What does google webmaster tools show?

--------------- Added [DATE]1457580944[/DATE] at [TIME]1457580944[/TIME] ---------------

Check this in another browser, clear your cookies, check browser extensions, etc. I do not see any issues here with any of your indexed links.

Sounds like your pc has malware, not your site.

[SaN-DeeP]

Thank You for quick reply richie.
We thought about same first, but results appear same when tested with multiple PCs.
This is the result from a fresh Windows setup on chrome.

Kindly note the urls which are listed in Google.. When we click on them those take us to other site(s)