jukedock Posted May 6, 2015 Share Posted May 6, 2015 Hey all,Over the past week or two - often when I click (via google) to this site - as I google topics, is anyone getting 'sent' to other sites proably one in 4 times.This has happened on my pinball cabinet (Win7), my MacBook Pro (Mountain Lion OSX) and my desktop Mac (Snow Leoppard OSX). It seems to be shall we say adult themed sites. But only when I go into VPUNIVERSE via Google....My AV is up to date - but I use Firefox mainly and sometimes google chrome. Ta Link to comment Share on other sites More sharing options...
3Trinity3 Posted May 6, 2015 Share Posted May 6, 2015 Yeah, You're not crazy. It happened to me a few times over the past week or so. Not sure what's going on with that. Link to comment Share on other sites More sharing options...
connorsdad Posted May 6, 2015 Share Posted May 6, 2015 Same here, awesome Link to comment Share on other sites More sharing options...
Content Provider freneticamnesic Posted May 6, 2015 Content Provider Share Posted May 6, 2015 I think it did happen once....actually, I looked up an image on Bing and saw a VPU image link, I clicked it to see how it related to my image search and it took me to some suspect stuff. Link to comment Share on other sites More sharing options...
Content Provider Itchigo Posted May 6, 2015 Content Provider Share Posted May 6, 2015 I haven't had it happen here, but it has happened at the "other site". I even had the page change while I was reading it, and didn't click anything. But I'd expect it from there. Link to comment Share on other sites More sharing options...
jukedock Posted May 6, 2015 Author Share Posted May 6, 2015 Thought I was going mad guys ! Even happened on my work computer now the firewall has blocked the whole site. Maybe it is the webhosting company?? Link to comment Share on other sites More sharing options...
Content Provider gtxjoe Posted May 6, 2015 Content Provider Share Posted May 6, 2015 Same thing happened to me - only if i do a google search and click on the vpuniverse.com link. It's random, not 100% re-direction. If I use a vpuniverse bookmark no issues here. Link to comment Share on other sites More sharing options...
Content Provider freneticamnesic Posted May 6, 2015 Content Provider Share Posted May 6, 2015 Exactly! Was it porn???????? I'm not saying mine redirected to porn, but it was porn Link to comment Share on other sites More sharing options...
Content Provider Rascal Posted May 7, 2015 Content Provider Share Posted May 7, 2015 After reading this, I tried it, and sure enough it happened to me too. Dazz needs to report this to Google maybe. Link to comment Share on other sites More sharing options...
zebulon Posted May 7, 2015 Share Posted May 7, 2015 Yup, I tried it too. Bit of a mess. Link to comment Share on other sites More sharing options...
Content Provider allknowing2012 Posted May 8, 2015 Content Provider Share Posted May 8, 2015 Yep .. porn .. so NSFW .. not that I frequent pinball sites while at work ;-) I wonder if its the ads imbeded in the pages. Link to comment Share on other sites More sharing options...
Administrators Dazz Posted May 8, 2015 Administrators Share Posted May 8, 2015 We are aware of it. It is something that is effecting a lot of IPB based sites. We are looking into getting it fixed. Link to comment Share on other sites More sharing options...
Arcade Posted June 11, 2015 Share Posted June 11, 2015 Thanks Dazz. Happend again to me yesterday. But like others have said. Just the Google search links. Bookmarks are fine. Link to comment Share on other sites More sharing options...
Content Provider allknowing2012 Posted June 11, 2015 Content Provider Share Posted June 11, 2015 Based on this web page .. you should be able to clense your system of the hack by removing the malware from your skin file? (not an ipb person but love to read :-) https://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html Link to comment Share on other sites More sharing options...
hmueck Posted June 21, 2015 Share Posted June 21, 2015 I get the malware forwarding only from my work PC. And only when i use vpuniverse.com instead of www.vpuniverse.com. Link to comment Share on other sites More sharing options...
Content Provider allknowing2012 Posted June 21, 2015 Content Provider Share Posted June 21, 2015 The hack redirect is coded to only happen once per session. Its upto the admin here to clean up the skin file according to what I have read. Link to comment Share on other sites More sharing options...
mjr Posted July 6, 2015 Share Posted July 6, 2015 For what it's worth, this is still happening. It would be *really* good if the admins would fix this - if you read the details of the hack, you'll see that this allows the malicious code to execute arbitrary php on the server, which could lead to much worse hacks down the road. Recommend that people not download any files from this site containing .exes or other potential malware vectors until this gaping hole is closed. Link to comment Share on other sites More sharing options...
mpad Posted July 6, 2015 Share Posted July 6, 2015 +1 Link to comment Share on other sites More sharing options...
Administrators Dazz Posted July 6, 2015 Administrators Share Posted July 6, 2015 Ok, this should be fixed. If anyone is getting it please let me know. Link to comment Share on other sites More sharing options...
mpad Posted July 7, 2015 Share Posted July 7, 2015 Looking good. Thanks. Link to comment Share on other sites More sharing options...
Content Provider allknowing2012 Posted July 8, 2015 Content Provider Share Posted July 8, 2015 I just got some lovely porn via a google search..and of course this one: http://filestore321.com/download.php?id=26e55e5f Link to comment Share on other sites More sharing options...
Content Provider Rascal Posted July 8, 2015 Content Provider Share Posted July 8, 2015 Yep, unfortunately not fixed for me either. Link to comment Share on other sites More sharing options...
Administrators Dazz Posted July 9, 2015 Administrators Share Posted July 9, 2015 Ok, so I've opened a ticket with IPB. I've found the code in a skin_cache file deleted it, deleted database skin_cache, and skin_global. After a while it gets re-added by a script that I can't find. It looks like it is just the damn re-direct and it doesn't look like malicious code is being executed. I just can't track down where the initial script is at. If there is anyone here that can help out please let me know. Link to comment Share on other sites More sharing options...
Content Provider allknowing2012 Posted July 11, 2015 Content Provider Share Posted July 11, 2015 Is it possible to clean the scripts then mark as read only? or perhaps that defeats the purpose of the cache.. ;-) Link to comment Share on other sites More sharing options...
KAPSIG1 Posted November 7, 2015 Share Posted November 7, 2015 still an issue Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.