Announcement

Collapse
No announcement yet.

How to solve the redirection to myfilestore.com

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • stevectaylor
    replied
    OK Thanks just the name look odd. We've identified our problem is in a hook and only have two additions; Spam o matic and ban spiders. So, I think we disable one at a time too see which is the issue.

    Leave a comment:


  • Mark.B
    replied
    My vB4 has "Add JS to headinclude" as part of the blog so unless there's any suspicious code in it, it's legitimate.

    All it should have by default is this code:
    PHP Code:
    if ($vbulletin->options['vbblog_url'])
    {
       global 
    $template_hook;
       
    $template_hook['headinclude_javascript'] .= '<script type="text/javascript">PATHS.blog = "' htmlspecialchars_uni($vbulletin->options['vbblog_url']) . '";</script>';

    Leave a comment:


  • Zachery
    replied
    Probably isn't. Disable it, see if the blog breaks.

    Leave a comment:


  • stevectaylor
    replied
    Can someone advise if "Add JS to Headinclude" is part of the VBblog product plugin?

    Leave a comment:


  • Bone Head
    replied
    Time to start a new thread I think.

    Leave a comment:


  • Bone Head
    replied
    Ive never used vBseo, im still hoping that someone can explain what the issue is with the two php files that are showing up as suspect.

    Leave a comment:


  • donald1234
    replied
    http://www.vbulletin.org/forum/showt...=307008&page=8

    Leave a comment:


  • gsk8
    replied
    It was the only thing that worked for me. Since I deleted the .swf in /uploader/assets/, I've been redirect free.

    Leave a comment:


  • donald1234
    replied
    Originally posted by gsk8 View Post
    So I'm having the same problem. No new plugins, changed pass, deleted old files, etc. I contacted my server folks and here is what they said (below). I've followed the instructions, and it seems to have worked. At least for now? Will post here if I learn more.

    Fix vBulletin 4.xx Filestore123 Hack

    This was initially a vBSEO problem and the fix is well documented. The problem has more recently returned due to Yahoo dropping support for their Yahoo interface. New versions of vBulletin, both 4 and 5 are shipping with an empty uploader.swf file.
    To fix the redirect using vBulletin’s solution simply;
    1. Locate uploader.swf (vB4.xx - clientscript/yui/uploader/assets orin 5.xx- /core/clientscript/yui/uploader/assets)
    2. Open and delete file contents. Save.
    3. In admincp go to plugin manager and disable then re-enable a plugin. This clears the forum cache.
    4. Test using an a fresh incognito browser window

    Just a note that I always had "google" in admincp > Settings -> Options -> Server Settings and Optimization, but not sure if that means anything for the
    I am sure that was patched back in about PL2

    Leave a comment:


  • gsk8
    replied
    So I'm having the same problem. No new plugins, changed pass, deleted old files, etc. I contacted my server folks and here is what they said (below). I've followed the instructions, and it seems to have worked. At least for now? Will post here if I learn more.

    Fix vBulletin 4.xx Filestore123 Hack

    This was initially a vBSEO problem and the fix is well documented. The problem has more recently returned due to Yahoo dropping support for their Yahoo interface. New versions of vBulletin, both 4 and 5 are shipping with an empty uploader.swf file.
    To fix the redirect using vBulletin’s solution simply;
    1. Locate uploader.swf (vB4.xx - clientscript/yui/uploader/assets orin 5.xx- /core/clientscript/yui/uploader/assets)
    2. Open and delete file contents. Save.
    3. In admincp go to plugin manager and disable then re-enable a plugin. This clears the forum cache.
    4. Test using an a fresh incognito browser window
    Just a note that I always had "google" in admincp > Settings -> Options -> Server Settings and Optimization, but not sure if that means anything
    Last edited by gsk8; Wed 11 Feb '15, 11:18am.

    Leave a comment:


  • Bone Head
    replied
    Yes im using the same version. Ive deleted them and re uploaded them again with no luck. Still showing up as being suspect.
    Does anyone know at which point the files are checked is it before the PHP is run on the server or after, as in could it be something from the databse that is being included?

    Leave a comment:


  • donald1234
    replied
    Originally posted by Bone Head View Post

    Regarding forum.php and index.php they are from the 4.2.2 patch level 4 zip i downloaded. I have overwritten them twice to see if it fixes it but no.
    I take it you are on that version? If so try deleting those 2 files before uploading them just in case there is anything bad in there that is not getting overwritten.

    It is often the security patches that makes the software think the files are different, I am not sure if they files are patched or not though.

    Edit: Nah it's just forumdisplay.php and login.php that are patched.
    Last edited by donald1234; Wed 11 Feb '15, 5:02am.

    Leave a comment:


  • Bone Head
    replied
    Well I have most of them turned off now so hopefully......

    Regarding forum.php and index.php they are from the 4.2.2 patch level 4 zip i downloaded. I have overwritten them twice to see if it fixes it but no.

    Leave a comment:


  • donald1234
    replied
    It is almost always a compromised plugin that causes this sort of redirection, often people don't update their plugins often enough and if you say it is not redirecting with them disabled? It is just a case of finding out which one is the culprit, I think the only way to do that is by disabling them one by one.

    The php files are a different issue are you sure they are from the same vbulletin version as what you are using?

    Leave a comment:


  • Bone Head
    replied
    The plugins I have installed are:
    Forum runnrer v4.2.2
    Clowhost -spam-O-matic 2.1.2
    Lance for hire LLC- Bot Blocker 1.2
    Panjo 4.2.2
    Post Release 4.2.2
    reCaptcha!vb 1.1 (not sure if I still need this its probably left over from some years back (its disabled anyhow)
    Skin Links 4.2.2
    Tapatalk 5.4.1
    VBSTopforumSpam 0.61
    VSa Paypal Donate 5.0.3

    The database for this forum has been in use since 2000, Ive just kept updating VB over the years, im not sure if this means there could be stuff in there which could be causing trouble.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X