Seems like some of you have managed to get the "Google Redirect" virus. One of my other computers managed to get that. Search for something on google, click the link, get redirected to another site.
|
Seems like some of you have managed to get the "Google Redirect" virus. One of my other computers managed to get that. Search for something on google, click the link, get redirected to another site.
I just found this link on why the redirects might be happening on some forum sites. It is called mass code injecting that when the forum sites redirect you to a file download site it is putting code on your PC to turn it into a botnet so it can infect other sites as well. It is hit or miss depending how long you stay on the redirected page and if your PC downloads all of the code. If you do become infected your anti-virus wont detect it cause it hides itself as anti-virus program code unless you use something stronger (ie.combo-fix) in order to remove the infection. Here is the link to that explains what the hackers are doing:
h**p--community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx
Again, just want to stress the word might be cause I found the link and it sounded similar to what could be causing the redirects on some forum sites.
Last edited by moddman; 10-11-2011 at 04:15 AM.
Guys its back again.......I already sent Rocket a message just in case he didn't know yet......Wish there was a definite fix to end this fiasco that the haxters are trying to accomplish.
Finally the VBulletin people have figured out the cause of the problem:
With the help of the security people at RealWebHost*dot*net, we have now positively identified the method for injecting this exploit as well as specific vulnerabilities that permitted it on a 3.83, since updated to 3.87 PL2: As it turns out, it was a server configuration and security issue combined with some specific attributes of vBulletin installations which gave the intruder direct access to the MySQL database.
The key is first to check your settings in cPanel for Remote MySQL: Unless you are using a database on a remote server, i.e., NOT on localhost, this setting should say "There are no additional MySQL access hosts configured". If you have a specific database intentionally enabled, that too is okay. What should NEVER be there is the character % - this is a wildcard which allows ALL other servers to connect to the database. If you see the wildcard enabled, DELETE IT.
Then, make sure you change your passwords to strong passwords for both cPanel and MySQL to ensure that no one can change this setting back without your knowledge.
Then, pick any add-on, disable it, then re-enable it to clear the datastore.
Finally, download the file tool_reparse.php from h**p://***vbulletin*dot*org/forum/showthread*dot*php?t=220967 and let it find discrepancies in your compiled templates and rebuild them.
Figures it's SQL, always have problems with the SQL database at work. Glad there's finally a fix that sounds like it should be permanent. At least until the hackers find a different vulnerability.
Maybe this will help Rocket fix this reoccurring google redirect trend that has come back again. It is explained here exactly what is happening to this site "redirecting" to another url from google search.
My website listing in Google redirects to a different domain / attack site Report abuse
oakley56fila Level 1
1/24/12
I have read the FAQs and checked for similar issues: YES
My site's URL (web address) is: Website Offline
Description (including timeline of any changes made): When I do a search for the term 'dlightful celebrations' my website shows in the #1 spot in the search results. When clicked, instead of going to my domain name: Website Offline the domain: -- this is a disallowed URL apparently, so I cannot post it -- tries to load which has been identified as an attack site.
My first thought was that the site had been hacked / compromised and I had some cleaning up to do. Upon visiting the domain name directly, however, the website loaded normally without issue. I'm also not able to see any irregular code within the website. This issue has been reported by several people so I know that it isn't just me. I've run virus and malware scans just to be sure and they've come back clean.
This appears to be an issue with the redirecting that Google is doing. Any thoughts?
Best answers
redleg Top Contributor
Webmaster Help Bionic Poster
1/24/12
Best answer - oakley56fila (Asker) Go to this answer
Your site is currently doing what is called a conditional redirect with the condition being that the referring page is a search engine. When a request is made for a page on your site the request provides your server with some additional information beyond which page is being requested.
The information provided varies but typically the request will include information about the user agent, ie the browser being used to make the request, and the referring page, the page that contains the link that is being clicked on such as a search results page. These types of conditional hacks are frequently used by hackers because it normally takes longer for site owners to discover and remove the hack.
For sites hosted on Apache one of the most common ways this type of hack is accomplished is a hack of an Apache file named .htaccess. This file is typically located in the root directory of a site although there can be multiple .htaccess files on a site in multiple directories. On some sites .htaccess files may be located in directories/folders above the root directory of the site.
Check the .htaccess file for any suspicious redirects, redirects to http:// locationlook . ru /vis/index.php be sure to scroll all the way to the bottom of the file hackers sometimes add 100s of blank lines before the malicious code, "tab the code way over, and then add 100s more blank lines. On some servers the .htaccess file is a hidden file so you may need to select something like "Show hidden files".
I take it this last post was the fix...ie htaccess.....Cuz it not happening anymore........If u fixed it another way Rocket....fill us in....we'd all want to thank you for fixing the prob for good.......I'll be the first.......Thanks bro.....
Hi Rocket,
I'm a software engineer, I've got working knowledge of php and databases - would you like a hand?
If you want to make the redirect happen, you can open an incognito tab (Chrome) or private browsing session (Firefox) and it should trigger it - or delete your grandprixforums.net cookies.
I think i have it fixed now. Just a pita as they really knew how to leave so many backdoors back in. I must changed the passwords for the db 20 times over the last few days.
Now i got to figure out why the html/css got off for the menu.
- vBulletin has advised its customers to delete /install and /core/install directories in versions 4.x and 5.x respectively.
- For vBulletin users not able to delete these directories – it is advised to block access or redirect requests that hit upgrade.php through via either a WAF, or via web server access configuration.
were you able to do that?
« Previous Thread | Next Thread » |
Tags for this Thread |