Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 17 Dec 2016, 23:46
K-fab's Avatar
K-fab K-fab is offline
 
Join Date: Jan 2014
Malware warning issue

I'm getting a malware warning when I click on links in the forum.
An example would be in this thread:
http://www.minibuggy.net/forum/proje...tml#post321638

If I click on the link (which I know is okay), I get a Google Malware Website Warning - bright red screen.

If I click on the show details button it tells me:
Current status: Partially dangerous
Some pages on www.minibuggy.net are not safe to visit right now.

It also shows:
Site Safety Details
Some pages on this website send visitors to the following dangerous websites: anesthesia books.co*. I've broken up the URL a tad, just to make sure it doesn't mess this up.

It looks like I'm not the only one on the site having the issue. I put up a thread to see if anyone else was having the problem and it seems to be across the board:

http://www.minibuggy.net/forum/minib...ick-links.html




Anyone have thoughts on this or would be interested in helping me out?

Thanks in advance
Reply With Quote
  #2  
Old 17 Dec 2016, 23:55
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
I checked the site in Chrome but I do not see the malware error (with the malware error warning enabled in Chrome's settings). I've seen something like this before when someone embedded a picture from a malicious site so in your case it might be because someone embedded an image from that anesthesia site.

Worst case you have malware on your server or infected files. It's hard to say from our end.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #3  
Old 18 Dec 2016, 01:04
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
Odd, I'm not getting any warning either. I clicked around on the site and never got the warning.

Are they only getting it when logged in?
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #4  
Old 18 Dec 2016, 01:20
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
You look good here..

https://sitecheck.sucuri.net/results/www.minibuggy.net/

Usually if you see that warning in a Google search result there is a little link there to submit a review. Have google review and if they find malware on your site they will tell you through Google Webmaster Tools.
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.

Reply With Quote
  #5  
Old 18 Dec 2016, 08:55
Kane@airrifle's Avatar
[email protected] Kane@airrifle is offline
 
Join Date: Jun 2011
Real name: Kane
I assume this
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

is the result of a link anonymizer/redirecter (dbseo?)?

Maybe start by searching your post table in phpmyadmin to find the link to the actual bad site:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

--------------- Added 18 Dec 2016 at 09:38 ---------------

Also, I got a filestore72.info hit on a link from a google site search...
Reply With Quote
  #6  
Old 18 Dec 2016, 18:32
K-fab's Avatar
K-fab K-fab is offline
 
Join Date: Jan 2014
It's interesting how some people get the malware warning and others do not. I've seen the same with a post on the forum asking "Anyone getting this?" Some do, some don't and it doesn't seem to be any particular, or not, browser.

I'll go give the ideas you've put up a try. Thanks!
Reply With Quote
  #7  
Old 18 Dec 2016, 18:53
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
I've seen the filestore72.info malware before. It supposedly only executes when someone comes from a search engine and I believe it infects the datastore cache. It's a pain to get rid of it. It creates a cookie so people will only see it once.

Check all of your plugins and hooks and I recommend overwriting all vbulletin files with fresh files downloaded from vbulletin.com.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #8  
Old 18 Dec 2016, 20:51
Kane@airrifle's Avatar
[email protected] Kane@airrifle is offline
 
Join Date: Jun 2011
Real name: Kane
Yes, TheLastSuperman has written an extensive guide to disinfecting your forum of filestore72

https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...version-2.html

https://clients.urljet.com/knowledge...e123-Hack.html
Reply With Quote
  #9  
Old 19 Dec 2016, 01:43
Bill Stuntz Bill Stuntz is offline
 
Join Date: Feb 2015
Originally Posted by Dave View Post
I've seen the filestore72.info malware before. It supposedly only executes when someone comes from a search engine and I believe it infects the datastore cache. It's a pain to get rid of it. It creates a cookie so people will only see it once.

Check all of your plugins and hooks and I recommend overwriting all vbulletin files with fresh files downloaded from vbulletin.com.
The research I did when our MB was infected said that the cookie keeps the redirect from happening for THAT USER/BROWSER more than once PER DAY. And that's what seemed to happen for me. It made it nearly impossible to track. If I'd seen the redirect from ONE infected post, other infected posts didn't redirect because I'd seen it that day from the other post. But the next day, I'd see the redirect - exactly once.

Last edited by Bill Stuntz; 19 Dec 2016 at 01:53.
Reply With Quote
  #10  
Old 07 Jan 2017, 16:52
K-fab's Avatar
K-fab K-fab is offline
 
Join Date: Jan 2014
I had my server provider (Liquid Web) do a search and they're finding nothing.

Originally Posted by Liquid Web
The malware scan has come back. There were no results for malware.

To have google rescan the site, you will need to setup a webmaster tools/search console account:
https://www.google.com/webmasters/

Once that is set up, you go into the console, select the site, and then along the left "security issues"

Within that menu, you can run that.
I need to submit to Google that the site's all right - but I'm having issues.

Google wants me to upload a file into the main directory of the site, but I can't for the life of me figure out where that is:
Originally Posted by Google
Recommended: HTML file upload
Upload an HTML file to your site.
1. Download this HTML verification file. [google21abb548c5c61411.html]
2. Upload the file to http://www.minibuggy.net/
3. Confirm successful upload by visiting http://www.minibuggy.net/google21abb548c5c61411.html in your browser.
4. Click Verify below.
To stay verified, don't remove the HTML file, even after verification succeeds.
I have the file downloaded and ready to install, but I can't figure out where to put it.

I've been all through the file manager and can't figure out where I'm supposed to put the file. Anyone have thoughts on how to find it? I realize this is a basic request but it's stifled me. I've worked on using FileZilla to upload but I can't get it to talk to the server. Arrrggghhh.
Reply With Quote
  #11  
Old 07 Jan 2017, 17:03
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
Just upload it to the root of your domain.. Google just needs to find that file to verify you own the site.

public_html/

--------------- Added 07 Jan 2017 at 12:06 ---------------

Originally Posted by Bill Stuntz View Post
The research I did when our MB was infected said that the cookie keeps the redirect from happening for THAT USER/BROWSER more than once PER DAY. And that's what seemed to happen for me. It made it nearly impossible to track. If I'd seen the redirect from ONE infected post, other infected posts didn't redirect because I'd seen it that day from the other post. But the next day, I'd see the redirect - exactly once.
You do not need to track it. All you need to do is search your entire site for the code and remove it all and there are tell tale signs for myfilestore.

Once clean you have to change all your log ins and implement some security measures..
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.


Last edited by RichieBoy67; 07 Jan 2017 at 18:01.
Reply With Quote
  #12  
Old 07 Jan 2017, 17:56
Kane@airrifle's Avatar
[email protected] Kane@airrifle is offline
 
Join Date: Jun 2011
Real name: Kane
Originally Posted by K-fab View Post
I had my server provider (Liquid Web) do a search and they're finding nothing.



I need to submit to Google that the site's all right - but I'm having issues.

Google wants me to upload a file into the main directory of the site, but I can't for the life of me figure out where that is:

I have the file downloaded and ready to install, but I can't figure out where to put it.

I've been all through the file manager and can't figure out where I'm supposed to put the file. Anyone have thoughts on how to find it? I realize this is a basic request but it's stifled me. I've worked on using FileZilla to upload but I can't get it to talk to the server. Arrrggghhh.
Your site is far from alright; there is still the filestor72 problem.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 17:13.

Layout Options | Width: Wide Color: