HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Adult Friend Finder

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#100022 (In Topic #19633)
Avatar

Well-settled

A number of my members seem to be getting redirected to adult friend finder when clicking internal forum links on my site.

I took this up with my host as I believed it could be malware on the server.

Their replay was


The scan has been completed, but could not find any malware hits in your site.

———————————————
maldet(88647): {scan} building file list for /home/precisio/public_html/, this might take awhile…
maldet(88647): {scan} file list completed, found 124324 files…
maldet(88647): {scan} found ClamAV clamscan binary, using as scanner engine…
maldet(88647): {scan} scan of /home/precisio/public_html/ (124324 files) in progress…

maldet(88647): {scan} scan completed on /home/precisio/public_html/: files 124324, malware hits 0, cleaned hits 0
maldet(88647): {scan} scan report saved, to view run: maldet –report 090213-0124.88647
———————————————

Also the site looks clean from live scanning http://sitecheck.sucuri.net/results/precisionracingleague.com

Now the only possibilities exist when such 3rd party softwares automatically integrate with 3rd party site banners. I would recommend you to contact the ocPortal support and ask them regarding the same.


Just wondering if anybody else has come across this issue and knows how to resolve it?

Check out my ocportal site: PrecisionRacingLeague.com which will always be on ocPortal - because it's awesome!
Back to the top
 
Posted
Item has a rating of 5 (Liked by Chris Graham)  
Rating:
#100023
Avatar

Well-settled

If you are using banners anywhere on your site, it may be possible that the banner system used by your provider may have been hijacked.

Just a suggestion.
Back to the top
 
Posted
Rating:
#100025
Avatar

If it's forum topics, maybe someone has a dodgy signature, or something dodgy in a post. It is probably a meta redirect.

Normally ocPortal would block custom HTML, but someone who was assigned the "liberal HTML filter" permission could abuse it or have had a virus on their machine that used their privilege. I think the liberal HTML filter only blocks Javascript, not redirects.

I did a quick Google around, and Firefox has a feature to disable meta redirects:
Redirects based on the HTML "Meta refresh" (also HTTP "Refresh") can be blocked by setting accessibility.blockautorefresh to true in about:config. In fact, this corresponds to the "Warn me when web sites try to redirect or reload the page" option in Options > Advanced > General. Alternatively, addons such as RefreshBlocker can be used.
Useful for debugging. Turn it on, go to a topic that does it, and see if you can find the source in there.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#100026
Avatar

Well-settled

That's the issue…. it's kind of random so I can't tell exactly when it is coming from.

It's happened a couple of time to me and my machine is clean.

I use google adsense. Has anybody had any issues with this kind of thing from them before?

Check out my ocportal site: PrecisionRacingLeague.com which will always be on ocPortal - because it's awesome!
Back to the top
 
Posted
Rating:
#100032
Avatar

Community saint

djdaveyp85 said

That's the issue…. it's kind of random so I can't tell exactly when it is coming from.
Given that its always redirecting to the same site (adult friend finder) you might be able to search you site/server for that specific domain.

djdaveyp85 said

I use google adsense. Has anybody had any issues with this kind of thing from them before?
I'd be surprised if it was adsense, but not if it was ads from elsewhere.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#100499

Non-joined user

I too have the same problems with some of my servers running on Centos, with both WP and PHP running on different domains.  You could replicate the hijack by constantly refreshing the page.  I also have both Adsense and Addthis plugins.

Have you tried disabling the adsense for the time being and see if it still redirects?
Back to the top
 
Posted
Rating:
#100507

Non-joined user

Both of you seems to have the linux/cdork exploit.  Hope you could still salvage whats left.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: