Results 1 to 9 of 9

Thread: site infected with Redirect Security Exploit

  1. #1
    Join Date
    Apr 2009
    Posts
    45

    Default site infected with Redirect Security Exploit

    i think the new site is infected....

    i noticed this right when the new site went live and thought nothing of it, thought i clicked the wrong link.

    now i have gotten this multiple times and just got it now. it does not consistently happen, just every once in a while... very intermittent

    upon clicking google search result to mmanews.com/forums, you get redirected to myfilestore.com/download.php?id=5ad22559 where it attempts to download some malware.


    whoever admins the site, please review http://www.vbulletin.com/forum/forum...curity-exploit

    and its always a good idea to remove the the version... as you make it just a little bit easier to exploit "Powered by vBulletin® 4.2.1" (not like its hard to begin with as vbulletin is always security hole filled)
    Last edited by sergers; 07-29-2013 at 10:51 PM. Reason: added scope

  2. #2
    Join Date
    Aug 2009
    Location
    NY--->MIA
    Posts
    8,283

    Default

    yeah what the hell is going on?

  3. #3
    Join Date
    Nov 2006
    Location
    Indiana
    Posts
    9,504

    Default

    See if that helps.
    You say shark I say hey man, Jaws was never my scene and I don't like Star Wars

  4. #4
    Join Date
    Apr 2009
    Posts
    45

    Default

    Just got the redirect again.
    This might help.

    http://club.myce.com/f20/vbulletin-m...e-them-332219/

    vbulletin denies its a hole in their code in your version, it should have been patched in 4.1.3 and up.
    they say its an addon that may be causing it or someone gained access to admin cp/code and added the redirect.

    i figured out how to reproduce it.
    on any device, goto search engine (i used google) and search "mmanews forums"
    clicking mmanews.com/forums forums.mmanews.com (this redirects to mmanews.com/forums)

    if its the first time clicking on the search result, it will redirect to the myfilestore (so this is really impacting first time visitors clicking on search results to access the forum).
    if you hit back to the search results and click it again you get the forums.
    to reproduce again you can clear browsing history in chrome and try again, you will get the redirect.
    or launch incognito window... follow above steps. you will get redirect.
    close all incognito windows and open a new one again, do a google search and click the forums link again you will get redirected

    the good thing is the myfilestore malware has been removed but you still get redirected
    Last edited by sergers; 07-30-2013 at 05:11 AM.

  5. #5
    Join Date
    May 2010
    Posts
    1,214

    Default

    Quote Originally Posted by sergers View Post
    Just got the redirect again.
    This might help.

    http://club.myce.com/f20/vbulletin-m...e-them-332219/

    vbulletin denies its a hole in their code in your version, it should have been patched in 4.1.3 and up.
    they say its an addon that may be causing it or someone gained access to admin cp/code and added the redirect.

    i figured out how to reproduce it.
    on any device, goto search engine (i used google) and search "mmanews forums"
    clicking mmanews.com/forums forums.mmanews.com (this redirects to mmanews.com/forums)

    if its the first time clicking on the search result, it will redirect to the myfilestore (so this is really impacting first time visitors clicking on search results to access the forum).
    if you hit back to the search results and click it again you get the forums.
    to reproduce again you can clear browsing history in chrome and try again, you will get the redirect.
    or launch incognito window... follow above steps. you will get redirect.
    close all incognito windows and open a new one again, do a google search and click the forums link again you will get redirected

    the good thing is the myfilestore malware has been removed but you still get redirected
    Never had an issue recently, but I tried your way to reproduce this, and I got the myfilestore site you are referring to. Doing a Google search absolutely does bring to a bad site. This is horrible to try and bring on new members, when the 1st link in the search is a bullshit one.

  6. #6
    Join Date
    Apr 2009
    Posts
    45

    Default

    I found it because I was too lazy to update my bookmark to the new forums.
    And the admin didn't add a simple redirect.

    When I goto my old bookmark http://www.mmanews.com/forums/general-mma-forum/ Google can't find it and suggests mmanews.com/forums
    Click the link and bam redirected to my file store.

    As I routinely wipe history or just browse incognito on the 6 devices I access internet on daily, I get the redirect a lot more than most people I guess.

    Worse is that chrome/Google were flagging forum as malware when it detected the download of malware. The download was removed but bad still to redirect to a bad site on first time search result forum visit... They jacking the admins first click ad revenue lol.

  7. #7
    Join Date
    Nov 2006
    Location
    Indiana
    Posts
    9,504

    Default

    This is beyond me and my permissions.

    I'll email a link to the thread to Howie and see if he can get it fixed.

    I always enter through a bookmark so I don't see it.
    You say shark I say hey man, Jaws was never my scene and I don't like Star Wars

  8. #8

    Default

    I believe we have stopped this from happening. However all admins should reset their passwords since this hack most likely gave the hacker potential access to admin accounts.

  9. #9
    Join Date
    Nov 2008
    Posts
    13,417

    Default

    Quote Originally Posted by SWIFTboy View Post
    I rode a horse. Banged in a hot spring.
    Quote Originally Posted by GL Jeff View Post
    Is he bigger then WarMachine?


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •