If you are reading this you are likely using just the dmctalk.org URL, no www. Why is the www redirecting to porn sites / virus sites?

What is more weird is that the google results for "dmctalk" will link you to the www.dmctalk.org site. When I first did this I was all...wtf, they got hacked.

1) go to www.google.com (the basic search page for google)
2) type in dmctalk
3) see the result link for www.dmctalk.org -- will redirect you to things like fake java updates or adult friend finder or some other waked out site

Both URLs resolve to the same IP (173.248.188.205) so, it is something with the server redirecting www.dmctalk.org...and strangely it looks to have happened between 4pm and 6:30pm central time on 2-2-2015 since the google cached site has it as the old site (this site) still.

hummm, it is only the link off google that is doing it...if you actually type www.dmctalk.com into the browser it will go to here. Follow the 3 steps from the above post ..type dmctalk into google, get results, click like there in google and go to weird site

ok, and one more thing to add...sorry...you have to open the link in an incognito (chrome) or in-private (ie) for it to do this.

They'll probably fix it by the time anyone reads this

I've pulled the headers from the session, and so far it's something on the DMCTalk server that's doing this. It's definitely not Google.

I'm investigating.

Got it. DMCTalk has been compromised by another VBulletin vulnerability. There's a cookie that gets set when you successfully visit DMCTalk which bypasses this vulnerability, which is why you would only see this on your very first ever visit to the site or when browsing in a private window. The fix needs to happen on the server itself. Tamir did a scorched-earth software reset the last time something like this happened and if memory serves it took a few days, but in this case that's really not necessary. The right changes to the right files would see this fixed in about an hour.

Unfortunately since I'm no longer an admin, there isn't dick I can do to even try to fix this. SORRY!

ok, and one more thing to add...sorry...you have to open the link in an incognito (chrome) or in-private (ie) for it to do this.

They'll probably fix it by the time anyone reads this

Ditto. I have been seeing a similar error for the past few weeks when using an older version of IE at work.

I thought it might have been the older, out of date browser, but it appears to be an actual VB error/issue.

Same here.

I Googled the site from an iPhone that didn't have it saved as a bookmark and it comes up with some "filestore72" page or similar nonsense.

I've been having a problem with my iPad in the last week+. If I try to refresh a page, it logs me off.
Not having any problems with my iPhone or home computers.?.?

George

I ran fiddler against it and can see all the 302s. There are so many files it is difficult to pick them out from the client side. Easy from the server. As Accipitor has said something is awry. I think it has something to do with the /misc.php file. It looks to have the first redirect to filestore72.info URL. It looks like this normally would do the load for the emoticons, but probably has some cookie/referer logic for the flip. It gets called from the /forum.php file (client line 65)

A Google search for "vbulletin redirect exploit" shows much. There was something like this reported back in 2010...easy fix if we can get a server admins in here.
http://www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/353689-security-redirction-to-file2store-info


On a side note DMCToday looks to have this issue too.

Ditto. I came here and got a pop up about some trash called tapatalk. I said no, then got a full screen advert for it. Had to untick and say no to it again, then a silly banner appeared. I had to close that as well. Happens every few months.

Oh hold on, that's normal :hysterical:

Tapatalk is garbage.

And any app that appends a "Sent from my whatever" signature to posts is also incredibly rude. DMCTalk has a user preference that allows you to disable signatures in posts, however the "Sent from" signature bypasses that setting and says to your fellow users "Screw you and your personal preference, I'm going to spam you with the device I'm using whether you want to see it or not." You're forcing your signatures on people who don't want to see it, just for the sake of showing off that you have a smartphone. That's pretty assholish.

It IS still against the rules to have that signature, but lots of people do it anyway and nobody (including the admins) seems to care.

Speaking of admins, it's going to take Tamir to fix this particular redirect problem. Let's see how long it takes.

I got redirected to a porn ad. I don't want human porn, I want car porn.

Still not fixed. The redirects are taking you all over the place. Just got sent to Adult Friend Finder.

Still not fixed. The redirects are taking you all over the place. Just got sent to Adult Friend Finder.

Did you find a friend?

Just saw this thread, will work on getting this fixed ASAP.

T.

It worked for me today. No issues

Yeah, I believe I fixed the issue last night. But I'm going to continue monitoring it as there are a few different scenarios that I read up on. Thanks for opening this thread everyone.

T.


It worked for me today. No issues