hacked by url123.info

**fade** · 02-13-2012 04:20 PM

Hi,

my traffic went down by 70%.

I thought i got a penalty but now i saw that url123.info steals my google traffic.

Search for a phrase: Se my Board on # 3, click on ist and get reffered to url123.info.

Some Idea what i can actually do?

**bLaDeY** · 02-13-2012 04:50 PM

Funny I've got exactly the same problem, interesting to see how you get on.

**fade** · 02-13-2012 05:19 PM

And we are not alone. :-(

And here ist another one.

So we are 4 in between a few days. I have found some other Boards via the google search with the same "hack".

I haven´t found anything, checked my templates, my database.

I have no idea where else i can take a look for this.

I hope we will find it soon to get back our visitor and traffic!

**bLaDeY** · 02-13-2012 05:26 PM

*vBSEO Security Bulletin* All Supported Versions: Patch Release
Interesting this morning I ran the utility and had to reset the datastore.

Not sure whether this will fix it but alarming none the less.

Wondering whether disabling vbSEO might be an option.

**Oleg Ignatiuk** · 02-14-2012 01:20 AM

Hello,

make sure that you are running the latest version of vBSEO and try this tool to check whether there are any suspicious plugins in DB: http://www.vbseo.com/f5/faqs-rogue-p...62/#post326304

**ClemsonJeeper** · 02-14-2012 10:40 AM

Same problem here. vbSEO is up to date, your check plugin tool returns OK (no results). I've searched everything, source, templates, plugins, don't see anything. But 50% of the time, direct link from google to my site redirects to url123.info.

**Oleg Ignatiuk** · 02-14-2012 10:49 AM

Please open a ticket with ftp/admincp access to check this.

**ictportal** · 02-14-2012 06:15 PM

Originally Posted by ClemsonJeeper

Same problem here. vbSEO is up to date, your check plugin tool returns OK (no results). I've searched everything, source, templates, plugins, don't see anything. But 50% of the time, direct link from google to my site redirects to url123.info.

Similar problem for me, ticket opened.

I found my issue.

It was actually embedded in the vBulletin datastore under the plugin global_start.

Go into vb_datastore table, title of 'pluginlist', search it for base64. You're likely to see something. Remove that line with the base64_decode from it which is the redirect. Since this is in a serialized array (the datastore cache), you might need to do some jiggering to remove it properly.

Also note it sets a cookie 'vbsp' so it only happens once per a certain amount of time. I didn't go into too much depth cracking into the actual exploit code.

**gedsta** · 02-14-2012 09:33 PM

And another site here.

Tools downloaded, emptied datastore, disabled plugin. Time will tell.

Is that enough to sort the issue or should I be looking elsewhere?

**bLaDeY** · 02-15-2012 03:39 PM

I reset the datastore the traffic has improved ever since.

I didn't worry about disabling plugins or anything else like that.

**Andrés Durán Hewitt** · 02-15-2012 09:14 PM

Hello,

Cleaning up the datastore, finding and killing the rogue plugins should be enough. You can check this out though:

Easy Security Tips for vBSEO customers

**I, Brian** · 02-25-2012 08:51 AM

This has been happening here the past couple of weeks, on vb 3.8.7. Something regularly targets the vbseo datastore.

The only way to clear it is to uninstall and then reinstall the vbseo plugin. However, after a while, it happens again.

Something I want to make clear is that vbseo is the main target of this, and this happened to us before last May and resulting in our biggest site getting kicked out from Google News because of it.

It's really sickening that vbseo has become such an achilles heel for big popular sites. Makes me feel like downsizing to SMF to avoid these hack attacks.

**Mert Gökçeimam** · 02-25-2012 10:50 AM

Hello Brian ,

Filestore or Tiny4url redirects have nothing to do with an exploit within vBSEO. It is directly related to server security and boards that don't have vBSEO installed are facing the same issue.

**TradingApples** · 04-15-2012 03:16 PM

Originally Posted by Mert Gökçeimam

Hello Brian ,

Filestore or Tiny4url redirects have nothing to do with an exploit within vBSEO. It is directly related to server security and boards that don't have vBSEO installed are facing the same issue.

I have the latest version of vb4 (4.1.12) and I was hit with this malicious redirect just yesterday when I noticed on google analytics that my traffic suddenly dried up. All of the big name search results produced the redirect to URL123.INFO - free url redirection and masking service. I had this same problem before the update and now it's back.

So Mert since you claim this isn't a vbseo problem should we even bother with taking the security measures andres">Andres linked to?

Thanks!

hacked by url123.info

LinkBack

Thread Tools

Display

hacked by url123.info

Similar Threads

vBulletin 3.x Hacked

hacked??

Posting Permissions