Announcement

Collapse
No announcement yet.

How to solve the redirection to myfilestore.com

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to solve the redirection to myfilestore.com

    Hello,

    I'm asking about this issue: http://www.vbulletin.com/forum/forum...curity-exploit

    I've this problem now in vbulletin 4.2.2 and I've found the thread above, that is closed and a little old.

    I've set Use Remote YUI to Google, and after a few proofs, the problems seems to be solved (but this problem shows intermitenly, not inievery time you try to show it), so I',m not sure if this (setting that parameter to Google) is the solution, or something has changed in this time.

    Can anybody help me?

    Thanks.
    Invertir en Bolsa

  • #2
    Try disabling your plugins by adding this line to your config.php file right under <?php and see if the issue persists.
    Code:
    define('DISABLE_HOOKS', true);

    Comment


    • #3
      Thanks Donald.

      So, I must disable all my plugins? Then, I can't have any plugin?

      Regards.
      Invertir en Bolsa

      Comment


      • #4
        No if that cured the issue you should remove that line and disable plugins one at a time now to find the culprit. Do you have vbseo?

        Comment


        • #5
          Thanks Donald.

          I've disabled the plugins with the option for this in the administrator menú, but I can's say if that solves the problem, because the problem doesn's show 100% of times. It's a problem of vbulletin, thaths sure, because I have Joomla in the same domain and never shows in Joomla.

          I've search in internet and it seems thats is a common problem, but I don't find the solution.

          Can you or anybody help me? Does vbulletin knows this problem and is working for the solution?

          Thanks very much.
          Invertir en Bolsa

          Comment


          • #6
            This may help you.

            http://www.vbulletin.com/forum/forum...lestore72-info

            Comment


            • #7
              Thanks, Donald.
              Invertir en Bolsa

              Comment


              • #8
                If you follow the steps in the sticky thread at the top of this forum, you will remove any hacks and secure your site against future ones. Including this redirect.
                http://www.vbulletin.com/forum/forum...ring-your-site

                It is however a long list of steps and most people don't do everyone which leaves them vulnerable.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud customization and demonstration site.
                vBulletin 5 Documentation - Updated every Friday. Report issues here.
                vBulletin 5 API - Full / Mobile
                I am not currently available for vB Messenger Chats.

                Comment


                • #9
                  Look in your control panel logs for entries with random IP addresses accessing plugin.php ... I know that the Plugin "Unread Posts" was vulnerable and I believe that VBseo was the other one they used ...

                  I just confirmed the hack was done by manipulating the "VBSEO Cache Templates cache_templates" Plugin and in the " Unread Posts" plugin from Paul M

                  I have 4 or 5 VB installed and they have only hit one - it just happens to be the most popular
                  Last edited by Silver_2000; Fri 30th May '14, 9:12am.
                  http://www.TALONClub.com/forum
                  http://www.prowltalk.com
                  http://www.nloc.net
                  http://www.nhtoc.com

                  Comment


                  • #10
                    Thanks both of you.

                    Sorry for the delay, but I don't receive the notifications of new answers (although I have activate it)

                    A programmer solve me the use.

                    2 users have been registered as superusers.

                    Thanks again.
                    Invertir en Bolsa

                    Comment


                    • #11
                      Originally posted by Wayne Luke View Post
                      If you follow the steps in the sticky thread at the top of this forum, you will remove any hacks and secure your site against future ones. Including this redirect.
                      http://www.vbulletin.com/forum/forum...ring-your-site

                      It is however a long list of steps and most people don't do everyone which leaves them vulnerable.
                      No offense, but I buy a (expensive) product I expect it to work out of the box, not have to spend a bunch of time and technical work doing a bunch of steps on top of that. This is my second forum I've had this issue (with different versions and totally unrelated plugins), and every time I try and find information on how to fix it VBulletin never wants to take responsibility that it's their fault.

                      Comment


                      • #12
                        With respect Vbulletin can't be held responsible for third party plugins, you use them at your own risk.

                        Comment


                        • #13
                          So you're running the latest version of vBulletin? 3.8.8/3.8.9, 4.2.2, 4.2.3, or 5.1.4 and you're fully patched? Your webserver is fully secured? You have ABSOLUTLY no third party addons or modifications?

                          If so, please provide us with access to your server/logs so we can try to figure out what is going on. However for each item that is not secure, or up to the latest version, there is a possibility they can break it. Which means they deface your site. A lot like windows, vBulletin is a very popular software which means that it gets targeted more than other software in some cases.

                          We sell you a software package, and provide updates. Following best security practices is something we can only ask you to do, we can't force you to do it, and we can't do it for you.

                          A last one, if this is the issue you're running into, it was/is EXPLICITLY a problem with vBSEO. If you're still running vBSEO please stop, it is unsecure and out of date. There is no one providing patches for it any longer. You should uninstall it, and or switch to a replacement product like DragonByte Tech's DBSEO.

                          Comment


                          • #14
                            Hi Sorry for resurrecting an old thread if it isnt the way to go about getting help, but I am having the same problem with a redirect to myfilestore. If I clear my cookies and visit my forum via a google search i get redirected.

                            Im running 4.2.2 Patch level 4, I have been following the sticky post on here about securing your site. Im at the second stage "Fill the hole", when I check for suspect files forum.php and index.php both show up as being dodgy. Forum.php says file not recognised as part of vbulleting and index.php says file does not contain expected contents.
                            I have disabled all plugins although glowhostspamomatic.php and vbstopforumspam.php are showing up in the list as well as not being part of vbulletin.

                            I have replaced both forum.php and index.php but they still show up as being wrong.

                            I thought I should ask for help before going any further.

                            Oh and i turned the use remote yui off.
                            Batter Late than ....... pregnant

                            Comment


                            • #15
                              I just thought I would upload tools.php as suggested on the post im following, when i go to that page though all i get is a blank page. The forum is warning me to remove it before I get access to the admin pages so it must be in the right place.

                              Edit worked this bit out you have to upload the install folder too.
                              Last edited by Bone Head; Tue 10th Feb '15, 1:41am.
                              Batter Late than ....... pregnant

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X