Did you miss the bit that mentions it's not just sites with vBSEO installed?

It won't solve the problem. This is a combination of vBSEO and Server hack. See more here... http://www.vbseo.com/blogs/rafael-be...w-prevent-361/

I for one am getting rid of vBSEO as it has not shown to be beneficial anymore and is just taxing on the server.

We updated this code in April when we were hacked first.
Now we have been hacked again orotund July 5th 2012...
We are running vBulletin 3.8.7 Patch Level 3 and additionally the admincp is password secured.

We have now updated vBSEO from version 3.6 to 3.6PL2 - but I don't know if this will solve the problem in future...

I did ask is this exploit only happening to vBulletin
As if you dont track other forum software! you should
what about xenforo you track them enough to take them to court

maybe you should track other forum software, you might stay a step ahead

1) doubtful but don't track any other software.

2) Have people been exploited yes? Is it the same vector? Can't say.

3) Have to know what the exploit is before we can answer.

Frankly you're asking the wrong questions and getting ahead of yourself in looking for answers. Need to determine what the problem is first. The redirects are not the problem, they are a symptom of the problem. You need to fix the problem before the symptoms will go away. The only way to do that is to upgrade to modern versions of the software. Even if we find an exploit in 3.7.0 today, we are not going to fix it.

you could have mentioned this before
and it does effect the latest stable version of 4x

There are a few questions that I am looking for that I cant get

1 Has this redirect exploit only effected vBulletin forums?

2 Has anyone had the same problem

3 Has anyone found a tested fix for this?

I own 2 licenses
including a version of 4x but have not upgraded because of the amount of problems and bug fixes
yes I know I can upgrade my version of 3x version but I want to stay with what I have

You need to upgrade your software to a supported version. Once that is done, we can look at your site and help your resolve your issues.

I agree, but the problem is across all versions.

I was trying to provide information to others with this same problem so that we might be able to provide support to each other
as I cant seem to see an answer to this problem vbseo, said it was not their problem then they said yes it is our problem and
apologized sincerely to all their customer, now they say that it is not them. It is a server security issue,
I have looked into that and like I said they recommended to not allow remote access to database and to remove 1 suspect file which was class_rss.php

I have done all this but see no change. I provided the analyitics image to show to what extent it has effected my site. Not to help with diagnosis.

I dont know what I can provide that might help me get support

There are a few questions that I am looking for that I cant get

1 Has this redirect exploit only effected vBulletin forums?

2 Has anyone had the same problem

3 Has anyone found a tested fix for this?



This is my problem going back a month ago

Over the past few week I have gone from 1000 visits a day to 150 per day,

when I open Google webmaster tools it displays a screenshot of your website, the screenshot that is being displayed is not my site and I have just found out the name the site

I found the site when I was looking at my indexed pages on Google, because you can now view a large screenshot a page when you mouse over that tab.

The site is filestore123.info
after looking through many of my pages on Google I found the majority when clicked on started to load my site then redirect to that site

this is one of the pages that it is displaying as my website
I am freaking out a bit and loosing major traffic,


this is a screenshot of how it is shown via a Google search





If I can help anyone I will if I need to provide any more info I can
and any help would be great

Regards
Ryan

One last important thing,
as you can see in that screenshot it shows a showgroup page which is one that does redirect and also member profile pages do the same.

I have my site set so that Google will not index
Groups
Members
visitor messages and a few others like this

and these pages are now indexed and do redirect, but the problem is not limited to these pages

Where is the redirect coming from? Certainly you have experienced the issue on your site. Sorry we can't diagnose your problem based on a Google Analytics image.

I would suggest you upgrade your vBulletin though. Looking at your site, it says you're using vBulletin 3.7.0 which is over 5 years old and there have been numerous security issues found in it over the years. Some fixed in the later 3.7 series, some in the 3.8 series. A big part of keeping your site secure is making sure you're up to date on the software.

can anyone confirm that they have fixed this redirect problem? and have had return of good stats
I have done all the appropriate precautions.
I have edited vbseo files, and also re updated, vbseo say that it was not their problem, then they release an apology and that they will do and have done everything to address this problem - I submit a ticket to them for support- now they say it is nothing to do with them, it is server security
so my host said that that is not the case. I am rather not impressed.

These are the problems I have found

1 inside includes files class_rss.php removed as was created 29/1/12 and I did not do it

2 remote server access to database found 2 suspect IP's now removed

I am waiting for stats to indicate success and will post in 48hrs and update

anyone working on a fix, I would love to know your possition

this is my stats



adsense reflects the same if I cant fix this I will look at other forum software,
I only know of vBulletin with this exploit, is this correct?

Thanks

This is a support forum. Posting in this forum implies that you want support for the issue. If you want to discuss the general safety of addons or potential exploits of them, the best place for this is vBulletin.org or the addon developer's website. If you want to have a more general discussion on security than the Managing Your Community would be the most appropriate place.

I understand that, my point being is simply that due to this vbseo exploit the exploited code on my sites Javascript was entered or uploaded in the first place. They may seem different, and I am not saying that they are similar or the same, I am saying that they are "related". Because of this exploit my setup kept getting compromised in the first place and even after applying the patch there was compromised files / backdoor's left that many users may not be able to detect, you weren't.

It isn't just 1 exploited file(vbseo/resources/scripts/vbseo_ui.js?v=a4) there are well over 20 infected files that are mostly vbseo related.
And again, I know this is a vBSEO issue, is the exploit also not a vBSEO Issue? Are we not allowed to discuss possible security issues with out plugins? I am not seeking support here, I will be asking vBSEO for that, but for the sake of the argument, whats wrong if a member were to try and support me? This is vital information that I felt like other should know about since we have brought up the topic about the exploit, why not include some issues that have been caused by it since you missed it easily, chances are many others with less computer skills such as myself might as well.

They are different, they are not similar or the same, but they are very much related. One happens because of the other one.

The exploit in this thread does not involve code at the bottom of Javascript on your site. It involves code at the bottom of a file on the vBSEO site. If you have exploited code on your site in the Javascript uploaded to your server, it is a different issue. They may seem similar but they are not.

Regardless, the file you said was exploited is called vbseo/resources/scripts/vbseo_ui.js?v=a4

Even if it was the same issue, it is a vBSEO issue and you need to visit vBSEO.com for support with vBSEO issues.

Not entirely true.
What is outlined in this thread is the exploit, what I have outlined is one of the many effects that are caused by the exploit.
It may be slightly different but it is very much related to the matter we are discussing here. This could very well be the case for many users like myself who have just patched the exploit without paying attention to fix the leftover infections / backdoors when they had a look, much like how you didn't notice it when you had a look, Wayne; and I'd rather have other users know about it now than finding out by themselves later.