Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 08 Mar 2016, 08:44
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Question Is our site infected with malware ? Kindly help

Some forum threads of Techarena are redirecting on other websites that are indexed in google. Some of the redirected websites are official sites like Lenovo, Asus, Nvidia, etc; but there are also other spam websites where the forum threads are redirecting such as Peel.com, Cognizant Infrastructure Services | Cognizant Technology Solutions, Exametc.com - Browse all India examination results and notifications of Secondary board, Higher secondary board, university, competitive examination and entrance examination, etc.

1. site:techarena.in forums techarena in - Google Search



2. site:techarena.in forums techarena in - Google Search



3. site:techarena.in forums techarena in - Google Search



4. https://www.google.co.in/search?safe...e=off&start=30



5. https://www.google.co.in/search?safe...e=off&start=40



6. https://www.google.co.in/search?safe...e=off&start=50



7. https://www.google.co.in/search?safe...=off&start=140



And there are many more issues following the same links of https://www.google.co.in/search?safe...=off&start=140
Reply With Quote
  #2  
Old 08 Mar 2016, 10:08
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Adding another screenshot, try searching following in google without quotes:

"site:forums.techarena.in redirecto"

You will note that users are jumping away from our content to other sites.
Attached Images
File Type: jpg Untitled.jpg (70.4 KB, 8 views)
Reply With Quote
  #3  
Old 08 Mar 2016, 11:50
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
We tried to run server scans as well. But nothing vulnerable on server software.

---------- SCAN SUMMARY -----------
Known viruses: 4313338
Engine version: 0.98.7
Scanned directories: 2276
Scanned files: 106245
Infected files: 0
Data scanned: 5928.69 MB
Data read: 9646.79 MB (ratio 0.61:1)
Time: 407.816 sec (6 m 47 s)

Scans that where done are maldet and clam Av scan, both finished negative.
Reply With Quote
  #4  
Old 08 Mar 2016, 11:55
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
I just checked but all of the links in your first post are fine to me. They all link to your forum just fine.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #5  
Old 08 Mar 2016, 15:27
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Originally Posted by Dave View Post
I just checked but all of the links in your first post are fine to me. They all link to your forum just fine.
Thank You,
Kindly check detailed information again in post 2
http://www.vbulletin.org/forum/showp...61&postcount=2

--------------- Added 08 Mar 2016 at 15:31 ---------------

We thought at once it was after DBSEO Pro version.. which was installed last few months ago..

But we got a reply its not because of there DBSEO software script but something else..

"This is due to a malware on your site, which is checking the referrer and redirecting when you arrive on your site from Google."
Reply With Quote
  #6  
Old 08 Mar 2016, 15:59
z3r0's Avatar
z3r0 z3r0 is offline
 
Join Date: Apr 2005
Location: Lancashire, UK
Have you checked your plugins? the redirect stuff l've seen like that in the past was using the global_complete location, so it's worth checking through.
Reply With Quote
  #7  
Old 09 Mar 2016, 09:45
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Originally Posted by z3r0 View Post
Have you checked your plugins? the redirect stuff l've seen like that in the past was using the global_complete location, so it's worth checking through.
Thank You for reply.
I have following two plugins using global_complete hook location.
Will you kindly take few minutes, helping us fix this crucial issue.

1.
Product = DragonByte Tech: Seo (Pro)
Title = Process Content: Global
Execution Order = 32767
Plugin PhP Code =
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

(attached the file global_complete.php)

2.
Product = 8WR Micro Debug
Title = micro DEBUG stats
Execution Order = 5
Plugin PhP Code =
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Attached Files
File Type: php global_complete.php (1.2 KB, 1 views)
Reply With Quote
  #8  
Old 09 Mar 2016, 16:26
z3r0's Avatar
z3r0 z3r0 is offline
 
Join Date: Apr 2005
Location: Lancashire, UK
They both look fine.
Reply With Quote
  #9  
Old 10 Mar 2016, 03:33
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
What does google webmaster tools show?

--------------- Added 10 Mar 2016 at 03:35 ---------------

Check this in another browser, clear your cookies, check browser extensions, etc. I do not see any issues here with any of your indexed links.

Sounds like your pc has malware, not your site.
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.

Reply With Quote
  #10  
Old 10 Mar 2016, 09:49
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Thank You for quick reply richie.
We thought about same first, but results appear same when tested with multiple PCs.
This is the result from a fresh Windows setup on chrome.


Kindly note the urls which are listed in Google.. When we click on them those take us to other site(s)
Attached Images
File Type: jpg infection tested with chrome on clean PC.jpg (61.0 KB, 11 views)
Reply With Quote
  #11  
Old 11 Mar 2016, 13:34
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
I don't know because for me the Google links all lead back to your site as normal.

What site are they pointing too?

--------------- Added 11 Mar 2016 at 13:35 ---------------

I mean the exact url they are being redirected too.
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.

Reply With Quote
  #12  
Old 11 Mar 2016, 13:55
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Real name: Joe Velez
go into DBSEO / External Links and disable Anonymise External URLs

hopefully that'll work
__________________
Former vBulletin.org Staff Member

Latest Articles:
Liquid Layout = Less Ad Revenue?
How to Monetize Your Site
Improve Web Page Performance
How To Write For The Web


If it needs instructions, there's room for improvement.
Give users what they actually want, not what they say they want. And whatever you do, don't give them new features just because your competitors have them!
Reply With Quote
  #13  
Old 11 Mar 2016, 18:26
setishock setishock is offline
 
Join Date: Feb 2008
I check the URLs in a lot of the Google you posted. Unless it has a blatant redirect in the URL, it goes where it's supposed to. The one's with the redirect in the URL for sure go elsewhere.
When you click on the thread to go to it inside the forum are they getting redirected?
Something else. Do you have HTML enabled on your forum for any of your user groups? If you do one of your member's could have injected some code. Check it. Stranger things have happened.
__________________
Working on new projects and expanding our horizons. Come by and see what we're up to now.

Last edited by setishock; 11 Mar 2016 at 18:33.
Reply With Quote
  #14  
Old 12 Mar 2016, 07:12
Stratis's Avatar
Stratis Stratis is offline
 
Join Date: Jan 2010
Real name: Stratis
I am not an expert like above friends, until they help you to find a solution, give an end to google reading these urls.
Sorry for interference...
Put this.

robots.txt
Disallow: /redirect-to/

It will take 15-20 days all those redirect urls to not exists any more.
Reply With Quote
Reply


Tags
infected, malware


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 15:25.

Layout Options | Width: Wide Color: