Announcement

Collapse
No announcement yet.

vBulletin malware issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] vBulletin malware issue

    PLEASE NOTE - MY SITE DOES NOT HAVE MALWARE. My hosts have performed a comprehensive scan of the site and found NO malware.

    I have an issue with my site - for the second time inside of one month, vBulletin is placing a malware warning on my site. It states this:

    www.vanityedge.com contains content from mestsila.bij.pl, a site known to distribute malware. Your computer might catch a virus if you visit this site.


    Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.


    We have already notified mestsila.bij.pl that we found malware on the site. For more about the problems found on mestsila.bij.pl, visit the Google

    How do I stop this happening? Somebody has suggested re-uploading all of my files, how would this impact my site? I have done literally no custom coding whatsoever, I only use other people's add ons.

  • #2
    Originally posted by 04wayne View Post
    I have an issue with my site - for the second time inside of one month, vBulletin is placing a malware warning on my site.
    vBulletin did not put that message there. Google did.

    Your hosts 'comprehensive scan' was inefficient. You will have some base64-encoded scum in one or more of your templates or plugins.
    My Live vB5 Site - NZEating.com
    vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

    Comment


    • #3
      vBulletin malware issue

      It's not vB, check your templates and also your htaccess file (way at the bottom). Someone hacked/exploited your installation. The host will see their components, you will need to remediate templates and files.

      Many plugins have serious security vulnerabilities.

      Comment


      • #4
        Oh, I know it was Google! LOL. Sorry, wasn't functioning correctly. I've had this issue before, and via Webmaster Tools I've managed to "request a review" and its been removed.

        Would what I said work - rewriting all of the vBulletin files, to remove any corrupt coding that has managed to find itself a place?

        Comment


        • #5
          Originally posted by 04wayne View Post
          Would what I said work - rewriting all of the vBulletin files, to remove any corrupt coding that has managed to find itself a place?
          Highly unlikely. The malware will be in the database. plugin or template are the usual suspects.
          My Live vB5 Site - NZEating.com
          vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

          Comment


          • #6
            Urgh, I don't know how I'd go about removing these errors, will I have to go through each style and remove the coding? I've used this site: http://sitecheck.sucuri.net/scanner/ to find where the errors are.

            And an example error its showing is this:

            Code:
            Malware found on javascript file:
            http://www.vanityedge.com/forum/forum.php/clientscript/yui/animation/animation-min.js?v=418
            
            Hidden Iframes.
            Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202
            <iframe src="http://www.feedurbrain.com/forum/vb/item/config.php" width="1" height="1">
            So how would I go about removing that?

            Comment


            • #7
              Anyone?

              Comment


              • #8
                Replace that javascript file (clientscript/yui/animation/animation-min.js)
                sigpic
                Nation of Blue - Kentucky Wildcats Sports


                Some CMS Goodness: Add Avatar to Article

                Comment


                • #9
                  Well this might sound weird but i used to have this same exact problem on my old vb forum whenever someone visit my site used to get this type of threat warnings including myself i contacted hosting nothing was found and all i found was that some users created new thread and put few hyper links and whenever i deleted those threads physically i never came across with those threats/viruses.

                  Comment


                  • #10
                    There could just be put a link to an image in members[dot]lycos[dot]tld. This happens in our Dutch forum from time to time. Just yesterday, with the .nl domain of Lycos.

                    Innocent forum users put an image in an innocent subdirectory of this site and refer to it in their message or signature. Just because other subdirectories of this site hold malware, Google and other browsers issue this severe warning.

                    I woud bet there's nothing wrong with the vB forums in these cases. Just try if you can find a message or a signature with a link to a site like lycos or some other site where malware could be stored, and remove it.

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X