Malware warning issue

[K-fab]

I'm getting a malware warning when I click on links in the forum.
An example would be in this thread:
http://www.minibuggy.net/forum/proje...tml#post321638

If I click on the link (which I know is okay), I get a Google Malware Website Warning - bright red screen.

If I click on the show details button it tells me:
Current status: Partially dangerous
Some pages on www.minibuggy.net are not safe to visit right now.

It also shows:
Site Safety Details
Some pages on this website send visitors to the following dangerous websites: anesthesia books.co*. I've broken up the URL a tad, just to make sure it doesn't mess this up.

It looks like I'm not the only one on the site having the issue. I put up a thread to see if anyone else was having the problem and it seems to be across the board:

http://www.minibuggy.net/forum/minib...ick-links.html




Anyone have thoughts on this or would be interested in helping me out?

Thanks in advance

[Dave]

I checked the site in Chrome but I do not see the malware error (with the malware error warning enabled in Chrome's settings). I've seen something like this before when someone embedded a picture from a malicious site so in your case it might be because someone embedded an image from that anesthesia site.

Worst case you have malware on your server or infected files. It's hard to say from our end.

[Lynne]

Odd, I'm not getting any warning either. I clicked around on the site and never got the warning.

Are they only getting it when logged in?

[RichieBoy67]

You look good here..

https://sitecheck.sucuri.net/results/www.minibuggy.net/

Usually if you see that warning in a Google search result there is a little link there to submit a review. Have google review and if they find malware on your site they will tell you through Google Webmaster Tools.

[Kane@airrifle]

I assume this

Code:

www.minibuggy.net/forum/redirect-to

is the result of a link anonymizer/redirecter (dbseo?)?

Maybe start by searching your post table in phpmyadmin to find the link to the actual bad site:

Code:

anesthesiabooks.com

--------------- Added [DATE]1482053914[/DATE] at [TIME]1482053914[/TIME] ---------------

Also, I got a filestore72.info hit on a link from a google site search...

[K-fab]

It's interesting how some people get the malware warning and others do not. I've seen the same with a post on the forum asking "Anyone getting this?" Some do, some don't and it doesn't seem to be any particular, or not, browser.

I'll go give the ideas you've put up a try. Thanks!

[Dave]

I've seen the filestore72.info malware before. It supposedly only executes when someone comes from a search engine and I believe it infects the datastore cache. It's a pain to get rid of it. It creates a cookie so people will only see it once.

Check all of your plugins and hooks and I recommend overwriting all vbulletin files with fresh files downloaded from vbulletin.com.

[Kane@airrifle]

Yes, TheLastSuperman has written an extensive guide to disinfecting your forum of filestore72

https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html

[Bill Stuntz]

Quote:

Originally Posted by Dave

I've seen the filestore72.info malware before. It supposedly only executes when someone comes from a search engine and I believe it infects the datastore cache. It's a pain to get rid of it. It creates a cookie so people will only see it once.

Check all of your plugins and hooks and I recommend overwriting all vbulletin files with fresh files downloaded from vbulletin.com.

The research I did when our MB was infected said that the cookie keeps the redirect from happening for THAT USER/BROWSER more than once PER DAY. And that's what seemed to happen for me. It made it nearly impossible to track. If I'd seen the redirect from ONE infected post, other infected posts didn't redirect because I'd seen it that day from the other post. But the next day, I'd see the redirect - exactly once.

[K-fab]

I had my server provider (Liquid Web) do a search and they're finding nothing.

Quote:

Originally Posted by Liquid Web

The malware scan has come back. There were no results for malware.

To have google rescan the site, you will need to setup a webmaster tools/search console account:
https://www.google.com/webmasters/

Once that is set up, you go into the console, select the site, and then along the left "security issues"

Within that menu, you can run that.

I need to submit to Google that the site's all right - but I'm having issues.

Google wants me to upload a file into the main directory of the site, but I can't for the life of me figure out where that is:

Quote:

Originally Posted by Google

Recommended: HTML file upload
Upload an HTML file to your site.
1. Download this HTML verification file. [google21abb548c5c61411.html]
2. Upload the file to http://www.minibuggy.net/
3. Confirm successful upload by visiting http://www.minibuggy.net/google21abb548c5c61411.html in your browser.
4. Click Verify below.
To stay verified, don't remove the HTML file, even after verification succeeds.

I have the file downloaded and ready to install, but I can't figure out where to put it.

I've been all through the file manager and can't figure out where I'm supposed to put the file. Anyone have thoughts on how to find it? I realize this is a basic request but it's stifled me. I've worked on using FileZilla to upload but I can't get it to talk to the server. Arrrggghhh. :erm: