Avengers7 Posted January 16, 2015 Share Posted January 16, 2015 Can someone fix this - forum is coming up on my computer as a suspect page by Norton. 1 Link to comment Share on other sites More sharing options...
Queen_Sindel Posted January 16, 2015 Share Posted January 16, 2015 (edited) There was some trouble earlier with the LFACC page, and I guess that's why Norton marked the page. This should fix itself when they do the next update, but I'll pass it on. EDIT: Got it confirmed, this will pass next time Norton makes a scan. Edited January 16, 2015 by Queen_Sindel Link to comment Share on other sites More sharing options...
Avengers7 Posted January 29, 2015 Author Share Posted January 29, 2015 I'm going to have to stop using this forum unfortunately as every time I try to get on here, I get one or more suspect pages. What can we do about it? Link to comment Share on other sites More sharing options...
Queen_Sindel Posted January 29, 2015 Share Posted January 29, 2015 We have to wait until Norton scans the page new. As stated above, there is nothing we can do about this, sorry. I don't know what pages you are looking at here, but so far there have been no other trouble reports. I have Norton on one of the computers I'm using and I definitely do not get any suspect page warnings. Link to comment Share on other sites More sharing options...
Avengers7 Posted February 7, 2015 Author Share Posted February 7, 2015 still getting bad pop ups when clicking on the Sheffield site. Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 7, 2015 Share Posted February 7, 2015 Sheffield *forum* part or Sheffield event website? You were always speaking of the forum, but that now sounds like you mean the event website. No one else has reported problems with either one. I just tried myself - with Norton - and I am not getting a warning. Maybe it's an issue with your computer. Link to comment Share on other sites More sharing options...
Tourniquet Posted February 7, 2015 Share Posted February 7, 2015 (edited) I'm getting some errors when I access through work. I always google Showmasters Forums, the first link that I click (the forum index), redirects me to a filestore321.com/download.php?id=96b3a580 pop up dodgy looking page. If I click the second link (which goes to the LFCC '14 forum) it works okay. Thought I'd mention it in case it helps at all ETA: Just checked it, and that dodgy redirect website comes up whichever link I click first Edited February 7, 2015 by Tourniquet Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 7, 2015 Share Posted February 7, 2015 Thank you, that helps a lot. Descriptions like yours make it way easier to narrow down the error. Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 9, 2015 Share Posted February 9, 2015 I'm getting some errors when I access through work. I always google Showmasters Forums, the first link that I click (the forum index), redirects me to a filestore321.com/download.php?id=96b3a580 pop up dodgy looking page. If I click the second link (which goes to the LFCC '14 forum) it works okay. Thought I'd mention it in case it helps at all ETA: Just checked it, and that dodgy redirect website comes up whichever link I click first That part should be fixed now - if you clean cache and cookies the problem should go away. It's been reported to Invision, unfortunately this is something we can only fix temporarily. The final fix needs to come from them. If it shows up again post here or let me know by e-mail (address is in my profile) and I'll get the temporary fix done again. Avengers, if you clean cache and cookies this should mean your error should disappear too. If it doesn't I need a clear description of what's happening please. I can't really determine what's going on from your prior posts. If you're really getting pop ups this is not caused by the error that's now been fixed and there's been nothing found that would make pop ups appear. I recommend you run a virus scan and then get Adblock or a similar programme, depending on what browser you are using. Link to comment Share on other sites More sharing options...
Graphic_Delusions Posted February 12, 2015 Share Posted February 12, 2015 (edited) Instead of making a new thread I'll just reply here. On some occasions, when I search for 'Showmasters forums' on Google and click on the first link, I am greeted to an adult website showing a naked woman. When I click back onto the link from Google it directs me to the correct page (forums). Is anyone else getting this? This just happened whilst I'm at work. EDIT: I think you guys were talking about the same thing. Edited February 12, 2015 by Graphic_Delusions Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 12, 2015 Share Posted February 12, 2015 That's the issue that we thought we had temporarily fixed and which needs a final fix by Invision. Though the sites showing up so far were no adult pages, so you got especially unlucky there. There's been the site Tourniquet mentioned and I ended up on a site promotion hair extensions myself. I am understanding you correctly, this happened again today? I'll see that I get the fix applied again. My apologies, we really thought it would last a little longer than 2.5 days. >< Unfortunately Invision isn't quite putting a lot of priority on this problem. Adblock seems to help, I don't know if that's an option for your computer. Link to comment Share on other sites More sharing options...
Graphic_Delusions Posted February 12, 2015 Share Posted February 12, 2015 (edited) That's the issue that we thought we had temporarily fixed and which needs a final fix by Invision. Though the sites showing up so far were no adult pages, so you got especially unlucky there. There's been the site Tourniquet mentioned and I ended up on a site promotion hair extensions myself. I am understanding you correctly, this happened again today? I'll see that I get the fix applied again. My apologies, we really thought it would last a little longer than 2.5 days. >< Unfortunately Invision isn't quite putting a lot of priority on this problem. Adblock seems to help, I don't know if that's an option for your computer. Yeah, this happened today at just before the time I posted my reply (12.30pm). To be honest, I have never seen any other page other than the adult/naked one. This also happened last weekend at a friend's house when I wanted to show them these forums. Quite embarrassing having to explain to them that I wasn't accessing any naughty websites Edited February 12, 2015 by Graphic_Delusions Link to comment Share on other sites More sharing options...
Showmasters Admin Too Tall Posted February 12, 2015 Showmasters Admin Share Posted February 12, 2015 I just tried it and it took me to an adult dating site on the first try and then the forum on the second. Link to comment Share on other sites More sharing options...
capbiker Posted February 12, 2015 Share Posted February 12, 2015 These two webpages might be of interest to you guys, it explains what is happening and how to remove it. http://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html? http://peter.upfold.org.uk/blog/2013/01/15/cleaning-up-the-ip-board-url4short-mess/ It is also a known problem for a number of years across different forums and CMS. But very briefly what is happening, is that when you are accessing the board it is executing a bit of coding to redirect you to another website. At the same time it sets a cookie on your computer for X time. After that initial redirect, when you next access the board on the same computer it will not redirect you but keep you on the board. If you access the website from another computer, it will automatically redirect you. cap Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 12, 2015 Share Posted February 12, 2015 Thank you for the links. Yes, that's the problem. We keep resetting the skins, but it keeps coming back. We don't know why they are targeting us. Until Invision provides a permanent fix (and the date of those articles again confirms they are in no hurry) the only thing we can do is keep deleting. Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 12, 2015 Share Posted February 12, 2015 Okay, another reset has been done. For now daily checks will be done. Sorry for the trouble everyone. Link to comment Share on other sites More sharing options...
capbiker Posted February 13, 2015 Share Posted February 13, 2015 It could be a number of things, somebody have uploaded a PHP file to the server that is run remotely or on a cron. Somebody got or had access to the ACP etc. Things I would consider, firstly move the ACP out of the default folder. There is a configurable option to tell the board where the ACP is located. So if you move the folder, the board is still able to access it. Consider having a two stage verification to the ACP if you haven't already done it. It is easy to set up and what it means is that if one of the admin accounts gets hacked they will still need to enter in another username/password to gain access to the ACP. FTP into the server and check all the directories to see if there is any strange PHP files that shouldn't be there. If there is, remove them. There is a function within the ACP that lets you run a check for suspect files within the forum directories. Inspect the server logs to see if you can narrow down the location of the PHP or the command that is being run to execute the php to update the skins. If you know the rough time that it happens at, it will narrow the search down. Look at the plugins to make sure that there is none in there that you don't know about. Check the taskings to see if anything is being run that it shouldn't be. It might take a little while, but remember the famous saying: Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth cap Link to comment Share on other sites More sharing options...
Graphic_Delusions Posted February 16, 2015 Share Posted February 16, 2015 F.Y.I I just got boobs on my screen again (at work) Link to comment Share on other sites More sharing options...
fifi Posted February 18, 2015 Share Posted February 18, 2015 Yep. Happened again today. Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 18, 2015 Share Posted February 18, 2015 Yep. Happened again today. About what time? We're trying to track the problem down and an approximate time would help a lot. Link to comment Share on other sites More sharing options...
Space Commander Travis Posted February 19, 2015 Share Posted February 19, 2015 It could be a number of things, somebody have uploaded a PHP file to the server that is run remotely or on a cron. Somebody got or had access to the ACP etc. Things I would consider, firstly move the ACP out of the default folder. There is a configurable option to tell the board where the ACP is located. So if you move the folder, the board is still able to access it. Consider having a two stage verification to the ACP if you haven't already done it. It is easy to set up and what it means is that if one of the admin accounts gets hacked they will still need to enter in another username/password to gain access to the ACP. FTP into the server and check all the directories to see if there is any strange PHP files that shouldn't be there. If there is, remove them. There is a function within the ACP that lets you run a check for suspect files within the forum directories. Inspect the server logs to see if you can narrow down the location of the PHP or the command that is being run to execute the php to update the skins. If you know the rough time that it happens at, it will narrow the search down. Look at the plugins to make sure that there is none in there that you don't know about. Check the taskings to see if anything is being run that it shouldn't be. It might take a little while, but remember the famous saying: Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth cap Excellent advice. Most likely cause is suspect PHP files but would also check new or edited htaccess files as well. Had a similar problem on another forum but was restricted to mobile devices only. Took an age to resolve. Turns out that the redirect was used to increase the volume of traffic to other sites where a pay per click operation was in place. Sending the unsuspected to these sites generated revenue for the guilty party. After extensive searching three or four offending files were found and removed but still the issue remained (some were very well hidden). Our final solution was to delete core operating files on server - everything got deleted (database with actual forum content was unaffected so remained). All passwords were then changed including FTP access. Forum operating files then reloaded from a known clean version from backup. All latest security patches installed. That finally fixed it. Advice then given to forum members to clear all cache's and install and run maleware protection programs. Not had a problem since but was a proper pain so you have my every sympathy. Link to comment Share on other sites More sharing options...
Avengers7 Posted February 25, 2015 Author Share Posted February 25, 2015 Still seems to be popping up from time to time Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 25, 2015 Share Posted February 25, 2015 We're having someone look at it to try and figure it out. But as you may have figured out from the posts on page 1 this is quite complicated and not easily solved. All I can say is we are working on it and it's not been forgotten. Link to comment Share on other sites More sharing options...
jael001 Posted February 26, 2015 Share Posted February 26, 2015 I just got it when clicking through from a link on facebook Link to comment Share on other sites More sharing options...
Queen_Sindel Posted February 26, 2015 Share Posted February 26, 2015 There's been work done on it, which also caused the new log in issues some users have been experiencing tonight. Hopefully that fix helped now, everyone keep your fingers crossed please. You may have caught from the first page that this issue isn't easy to fix at all. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now