Is Anyone Else Getting Redirected To Other Sites When Clicking On Vpuniverse.com Links?

[jukedock]

Hey all,

Over the past week or two - often when I click (via google) to this site - as I google topics, is anyone getting 'sent' to other sites proably one in 4 times.

This has happened on my pinball cabinet (Win7), my MacBook Pro (Mountain Lion OSX) and my desktop Mac (Snow Leoppard OSX).

 

It seems to be shall we say adult themed sites.  But only when I go into VPUNIVERSE via Google....

My AV is up to date - but I use Firefox mainly and sometimes google chrome.

 

Ta

[3Trinity3]

Yeah, You're not crazy. It happened to me a few times over the past week or so. Not sure what's going on with that.

[connorsdad]

Same here, awesome

[freneticamnesic]

I think it did happen once....actually, I looked up an image on Bing and saw a VPU image link, I clicked it to see how it related to my image search and it took me to some suspect stuff.

[Itchigo]

I haven't had it happen here, but it has happened at the "other site". I even had the page change while I was reading it, and didn't click anything. But I'd expect it from there.

[jukedock]

Thought I was going mad guys !   Even happened on my work computer now the firewall has blocked the whole site.  Maybe it is the webhosting company??

[gtxjoe]

Same thing happened to me - only if i do a google search and click on the vpuniverse.com link.  It's random, not 100% re-direction.  If I use a vpuniverse bookmark no issues here.

[freneticamnesic]

Exactly! Was it porn???????? I'm not saying mine redirected to porn, but it was porn

[Rascal]

After reading this, I tried it, and sure enough it happened to me too. Dazz needs to report this to Google maybe.

[zebulon]

Yup, I tried it too.  Bit of a mess.

[allknowing2012]

Yep .. porn .. so NSFW ..  not that I frequent pinball sites while at work ;-) I wonder if its the ads imbeded in the pages.

[Dazz]

We are aware of it.  It is something that is effecting a lot of IPB based sites.  We are looking into getting it fixed.

[Arcade]

Thanks Dazz. Happend again to me yesterday.

But like others have said. Just the Google search links.

Bookmarks are fine.

[allknowing2012]

Based on this web page .. you should be able to clense your system of the hack by removing the malware from your skin file? (not an ipb person but love to read :-) 

https://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html

[hmueck]

I get the malware forwarding only from my work PC. And only when i use vpuniverse.com instead of www.vpuniverse.com.

[allknowing2012]

The hack redirect is coded to only happen once per session. Its upto the admin here to clean up the skin file according to what I have read.

[mjr]

For what it's worth, this is still happening.  It would be *really* good if the admins would fix this - if you read the details of the hack, you'll see that this allows the malicious code to execute arbitrary php on the server, which could lead to much worse hacks down the road.  Recommend that people not download any files from this site containing .exes or other potential malware vectors until this gaping hole is closed.

[mpad]

+1

[Dazz]

Ok, this should be fixed. If anyone is getting it please let me know.

[mpad]

Looking good.

Thanks.

[allknowing2012]

I just got some lovely porn via a google search..and of course this one:

http://filestore321.com/download.php?id=26e55e5f

[Rascal]

Yep, unfortunately not fixed for me either.

[Dazz]

Ok, so I've opened a ticket with IPB.  I've found the code in a skin_cache file deleted it, deleted database skin_cache, and skin_global.  After a while it gets re-added by a script that I can't find.  It looks like it is just the damn re-direct and it doesn't look like malicious code is being executed.  I just can't track down where the initial script is at.  If there is anyone here that can help out please let me know.

[allknowing2012]

Is it possible to clean the scripts then mark as read only? or perhaps that defeats the purpose of the cache.. ;-)

[KAPSIG1]

still an issue