Announcement

Collapse
No announcement yet.

OT/OT filestore.com redirect (malware on this forum?)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OT/OT filestore.com redirect (malware on this forum?)

    I am redirected to filestore.com after clicking on the Homeshopmachinist/general tab found in Google search. Just the first time after a few uses of the computer.
    Doing some minor research it is suggested that forum software could be the cause as it was in other cases.

    All of this after a new install of windows on a new out of the box drive. The first search for homeshop led me to filestore.

    Prior to the new drive i the official google chrome download hooked me to the volteran seach klingon. Bootfile damaged. That goes to show what we are in for with google in future.

  • #2
    Was going to ask about that. I get it also. If you let it go long enough they want you to install an HD video player and a download box then pops up.
    Gene

    Comment


    • #3
      yeah, that sneaky kind that pollutes search engines but hides from normal browser user agents.

      Comment


      • #4
        That's crazy! I just tried it and sure enough, though google, I get the same garbage! But if I manually type the address, I get in just fine. Beware, all!

        Comment


        • #5
          yep.... but nothing to do with THIS site...

          Try it under a different search engine, like Bing.

          Comment


          • #6
            it's more likely to be a problem with this site than a problem with google, actually. there can be malware on the site that could be responding only to google referrers. It could also be that the other search engines are not crawling this site as frequently, and it's only a matter of time. In any case, an infected website causing that type of redirect coming from a search engine is definitely a thing that happens. Bulletin boards are a common target because the codebase is widespread and well known.

            There is way more sneaky stuff out there like that these days. They're starting to be very good at cloaking their intrustions from normal view, and only showing symptoms when coming from specific referrers, or only showing symptoms intermittently, or only show symptoms to specific browsers. It can be very hard to troubleshoot. I fix this kind of thing for a living but I'd have to have more access to behind the scenes to know more.

            The nefarious are getting clever.

            Comment


            • #7
              I just tried it, no redirect here it works fine.
              F21 with Firefox.
              Cheers,
              Jon

              Comment


              • #8
                The problem is with Google.

                I searched for the forum using Google, Bing, and DuckDuckGo.

                Bing and DuckDuckGo brought me here. Google redirected me to filestore.com, although Norton prevented that site from actually coming up.
                Kevin

                More tools than sense.

                Comment


                • #9
                  Originally posted by KJ1I View Post
                  The problem is with Google.
                  To be more accurate, the symptom is clicking a Google search for this website, the problem isn't with Google. Google is only pulling in the spam data that this site is serving to it. The problem hasn't been exactly identified, but It's likely a problem with this site, because this is a common exploit with the vbulletin vbseo plugin causing search result pollution when this site is crawled by Google. More evidence that it's not a problem with the Google website is the fact that It also doesn't happen across the board for all Google results.

                  This is a common symptom of an exploit in the vbulletin vbseo plugin.

                  http://www.vbulletin.com/forum/forum...lestore72-info

                  Comment


                  • #10
                    This has all been guess work. It is impossible to know anything without the actual search string and a screen shot of the results page. There is no way to know if the OP is even querying google at this point.

                    Comment


                    • #11
                      I'm guessing about the cause, yes, but it's an educated one. I've seen these exact symptoms (and fixed it) many many times before with vbulletins.

                      I could duplicate it perfectly, but now it either appears to have cloaked for me, or it's fixed now. I was about to provide what you asked for, but can't any longer. maybe it's fixed.

                      The OP wasn't imagining it.

                      Search terms were "home shop machinist bulletin board" and clicking on the second and third resulst down, which looked like this:

                      Comment


                      • #12
                        yep, fixed for me, too...

                        Comment


                        • #13
                          The screenshot shows www.homeshopmachinist.net as the first result. The others show bbs as the prefix. I use www.dogpile.com as my search engine, and I have HSM as a favorite, so I haven't clicked on a search engine link for a long time.

                          I have had more problems lately with the forum taking a long time to load and getting a connection reset, usually after about 2AM EST.
                          http://pauleschoen.com/pix/PM08_P76_P54.png
                          Paul , P S Technology, Inc. and MrTibbs
                          USA Maryland 21030

                          Comment


                          • #14
                            Originally posted by digiex_chris View Post
                            I'm guessing about the cause, yes, but it's an educated one. I've seen these exact symptoms (and fixed it) many many times before with vbulletins.

                            I could duplicate it perfectly, but now it either appears to have cloaked for me, or it's fixed now. I was about to provide what you asked for, but can't any longer. maybe it's fixed.

                            The OP wasn't imagining it.

                            Search terms were "home shop machinist bulletin board" and clicking on the second and third resulst down, which looked like this:
                            I've no doubt the OP saw what he saw but there was/is not enough information to establish a cause. For example - hovering the mouse over an affected link will show in the status bar the full link referenced by Google. We don't know if that link was to filestore or to HSM. If it was to filestore then Google is at fault for publishing bogus information. If it was to HSM but clicking on the link put the OP at filestore then it is likely his DNS resolver had been poisoned. The answer remains, we don't know and we can't know given the info we have.

                            Comment


                            • #15
                              Yeah, I wish I'd saved my Fiddler log. The redirect was definitely happening after the request to bbs.homeshopmachinist.net. I think the malware on the site was doing the routing for requests with a google referrer. Most of the time when I see cloaked search issues like this, the malware is responding to very specific referrers in order to avoid detection for as long as possible.

                              Anyone else still seeing it? It's not happening for me anymore. Maybe the web guys noticed it and fixed it before we did.

                              Comment

                              Working...
                              X