Elxis CMS Forum
Support => Security => Topic started by: mmarch on September 15, 2008, 19:02:55
-
Hi!!!
I have a weird problem. I have elxis installation, and everything running fine, just type domain name in browser and uala, yuo are here.
But if you will get resultats in google for any reason with this site, you will be transfered not to proper domain name but of course to porno site !!!!
i m using on it elxis 2006
How it's posible??? How i can fix it???
-
The problem it is in your computer NOT into your website.
Check your system for exploits & virus.
-
Okey this is a reason, but if this problem persist with 4 different computers -
1. Mine
2. Customer who own website
3. Customer who google
4. My colleagues
???
How with it??? And why it's happen just with this one site but not with other??
Please try yourself and check - is it just computer or not - www.bambis.lv and please don't use cashed version, just click on a link.
-
Into my 5 terminals and the local server, the website it is clear, no porno site.
Accessing direct from the link you give me.
-
Yes, it's true, but try search in google this domain name and then click on link.
Sirigos, i don't think that problem is in elxis, i ask you guys because you have much more experience with this all web stuff an maybe you can help.
-
OK, so I did some tracing, and I think your server's not set up properly.
-
what dos it mean??? I must contact my hosting provider and talk with them???
-
yes the links in google index have problem
but not cached pages
and surely not elxis might be google's old page cache when your server or page-code had been setup this way ... a redirection to porno
yes there is a 2sec-refresh and redirection to videosfreefresh.com....etc. from google's links not cache content
wait a few days maybe next google index shows the correct links in the mid time ask your hosting provider about this.... but i dont't think that is server's problem as it works fine when direct accessing the domain.
also tell your customers that your are not responsible about google's or any other search engine's errors.
-
It is not google's fault or elxis fault. The site is being re-directing to:
http://parc.ws/mt.php?fr=bambis.lv
and afterwards to:
http://videosfreefresh.com/fhg/t/4/?id=3913741
It is not a javascript re-direct because it is happening with javascript turned off. The re-direct is caused by either compromised php headers or htaccess file. Might be a DNS issue too. First check your htaccess file...
I think that something checks the reference site and if it is google then it gets you re-directed...
If you find nothing to htaccess un-publish ALL modules and re-try ( may be a module has something bad in it... ).
If you dont find anything, open and check these 3 files for something bad: index.php, index2.php, templates/ja_avian/index.php
-
Many thank's for advice i will check it.
-
Many many thank's datahell - you was write - after i unpublished all modules, redirection ends. After that i start publish modules step by step, and when i publish mod_smf_recent_topics it's starting again. Of course i unpublished this module again.
Is there something what can i do to fix it? For example reinstall everything connected to SMF - bridge and modules??? Or maybe i must send you something to study this stuff for future developments ? ::)
-
The original module has absolutely no problem and is bug free. There are now 2 explanations for what is happening in your site:
1. The module's source code has been modified (can you send me the module exactly as you have it on your site to check it?).
2. As the module connects to SMF and retrieves data from it might the problem is on SMF (a topic with some bad html code in it for example - a meta refresh for instance). Check your forum's latest posts for strange/spam messages.
-
Thank's again.
Sorry for delay module is attached to post.
If with module everything will be fine, i must reinstall forum???
[attachment deleted by admin]
-
The module is fine. Your site needs investigation to find out what is causing this problem. Most probably the problem is in the forum or in the Elxis bridge.
-
Ok i renamed forum folder to forumsssss and turned on smf recent topic. Module appear in frontend of elxis and after searching google transfer go directly to site without redirection. After that i gave a forum old name and redirections start again. Where i should looking next in bridge or forum?
-
.htaccess in elxis root or servers-root?
-
in elxis root
-
well i mean if you checked this file and also if you asked your hosting provider about an .htacces file above you ...above elxis...
have you told them that you have a problem with a redirection of ./forum path?
as i can see your server hosting 1682 sites totaly ... maybe a problem related to one of them although i am not quit sure about this, i think you must ask your hosting provider.
of course check elxis-bridge also.
or change folder's name , your site from google still redirects to that porn site
-
yes i contacted my hosting provider, they checked situation and gave answer that problem is somewhere in database, but where, they can't find :) i unpublished smf recent module and now everything look fine :)
-
search in phpmyadmin and look for http://, and combinations of urls like http://parc.ws/mt.php?fr=bambis.lv, parc.ws
or some users more experience can give you other possible commands to look for... like redirect or forward, or text that are suspicious for this?
----
very clever hacking this... you think all going well and traffic from google goes to them directly
i am curious to see where this little piece of s**t is hiding and how did manage to get in...
forum post or other way? will see ...
-
yes i did it and ... nothing ???
-
If you wish send me via P.M. login information to your site control panel/ftp and to elxis administration to check it tomorrow morning.
I will fix this problem for you, don't worry.
-
OK i did it, and please explain where was a problem and what is solution. If you need more information do not hesitate ask.
-
Here are the check results of your site.
1. The problem is caused by the SMF forum. It is not Elxis fault. The same redirection happens for the forum links from google and when you have the module latest posts published. So, it is the forum.
2. The redirection is triggered by a META refresh tag.
3. The redirection is caused 99% by the SMF template. Some template developers lock their templates with such redirects but the most possible reason is something like the following:
Your forum/template somewhere asks for a remote image. This image does not exist and the site where this image was located has a special htaccess file or other script that inserts meta refresh to your site. This can also happen by an image attached to SMF by a user. Finally the redirection code might exist in any of the index.html/index.php files inside the images directory of the template. i checked some of them but I did nt found anything.
4. I locate and removed a file named t3nG.php in your attachments directory that had encrypted code that was executed by eval (you should add eval in the disabled functions in php.ini). Maybe this file was installed by the template.
5. You have 8.5mb of error logs in your SMF. You never see/clean them? They are full of error message regarding illegal copyright/logo removal.
6. You have also removed Elxis copyright and replace it with your own copyright in Elxis administration and core files which is also illegal.
Actions:
Change template, try the default one. If the problem persists delete the whole SMF and install a new clean version. Never remove copyright messages. Elxis give you the freedome not to display copyright messages in frontend but replacing copyright with your own one is against elxis license. This is the only thing the developers get back by giving you for free their work.
-
Sorry for late response -
You have 8.5mb of error logs in your SMF. You never see/clean them?
No because i'm not profesional in all this stuff, i just like what i do, but i will check every site error logs. And yes there was problem with copyright, but i reinstalled smf and left it.
6. You have also removed Elxis copyright and replace it with your own copyright in Elxis administration and core files which is also illegal.
Perhaps it will sound stupid - but is it mean that i must leave copyright on bootom of front page and back end of eachsite what i am making or i must use copyright on backend. And for example if i install third party template or create new one i must anyway put copyright notice about elxis?
and core files which is also illegal ---- core files mean elxis files or it's also template files???
Sorry, for stupid question and delay in answers.