A Burgundy and Gold Obsession
Trust us. We can fix it.

Thanks Thanks:  0
Likes Likes:  0
Disagree Disagree:  0
Post of the Year Post of the Year:  0
Page 1 of 2 12 LastLast
Results 1 to 20 of 29
  1. #1
    BGObsessed
    Join Date
    09-28-10
    Location
    BGO's Official Resident "Tech Dummy"
    Posts
    9,242
    Post Responses
    Thanks, Likes, & More
    Mentioned
    9 Post(s)

    Default Anyone else have this problem accessing the site ?

    I usually don't access BGO through bookmarks, because I have so many of them, that it would just drop to the bottom of the list, and make it harder to access.
    And I usually don't type it in manually, because there's a certain page I like to go to, whose address is hard to remember.
    I usually access through the "drop-down url address box" based on memory of your previous sites pulled up.
    But sometimes I clear all history, including that. So then I will go to Google, and type in BGO.
    But here's the problem - many times, over the period of a long time, including many consecutive attempts, when I click on the BGO link in Google, it will take me to a malicious site. First, the link on Google looks perfectly valid - the description of the site is valid, it has all the other sub-links for BGO listed, and when I hover over the link, it shows the actual BGO link in the lower left.
    But when I click on it, it goes through this "re-direct" process, and takes me to this wierd and malicious page, and my Anti-Virus goes wild with all kinds of warnings. THEN, it won't let me close the page, When I try to X out of it, a pop-up comes up asking me if I'm sure I want to leave the page. And no matter
    which answer I choose, it doesn't close the page. The only way to close the page, is to do CNTRL-ALT=-DELETE and close it through Task Manager.
    Things is, this ONLY happens when I search for BGO on Google, and click on it, and no other site !!

    My question is where this is the result of

    A) An internet or Google issue
    B) A BGO issue....or
    C) A virus or some issue on my own PC
    0 0 0 0
     
     

  2. #2

    Join Date
    06-30-09
    Location
    Dallas
    Posts
    4,086
    Post Responses
    Thanks, Likes, & More
    Mentioned
    18 Post(s)
    Blog Entries
    25

    Default

    Fear,

    I would start with running something like Malwarebytes on you local system. What you describing sounds a lot like malware that high jacks your system when a particular URL is accessed. That fact that it doesn't happen all the time has me stumped a bit though.

    I also hasten to point out that though we would like to, we do not currently own www.bgo.com so that is not an alias for www.bgobsession.com.

    If this is a place you visit often, and we hope you do, might I suggest a book mark on your browsers tool bar? That way it is up where it is easy to access and it won't get mixed in with your other bookmarks on your favorites menu. I actually have it set up as a tab in all my browsers (one of 7 default tabs I have created) so when I open a browser, BGO opens automatically with it.
    0 0 0 0
     
     
    Subscribe to our BGO Mailing List

    hailus redskinus
    COYS

  3. #3
    BGObsessed
    Join Date
    09-28-10
    Location
    BGO's Official Resident "Tech Dummy"
    Posts
    9,242
    Post Responses
    Thanks, Likes, & More
    Mentioned
    9 Post(s)

    Default

    Thanks for the reply.
    Just to clarify, I'm not actually clicking on a "bgo.com" link, I was just abbreviating it for the sake of the post. I actually search for bgobsession, and click on a link that says "bgobsession.com"
    I have Malwarebytes, and I've run it, along with Avast, but they havn't found anything. I don't have any other noticeable problems with my PC.
    I did what you suggested, an option I forgot about - I dragged the url to the toolbar, for a quick link. Hopefully that will be a fix of some sort. Thanks again.
    0 0 0 0
     
     

  4. #4
    BGObsessed
    Join Date
    09-28-10
    Location
    BGO's Official Resident "Tech Dummy"
    Posts
    9,242
    Post Responses
    Thanks, Likes, & More
    Mentioned
    9 Post(s)

    Default

    Well I ran SuperAntiSpyware, and it found some junk (it usually does anyway), and it seems to have stopped the problem.....at least for now.
    0 0 0 0
     
     

  5. #5

    Join Date
    04-11-09
    Location
    Greensboro, NC
    Posts
    17,834
    Post Responses
    Thanks, Likes, & More
    Mentioned
    9 Post(s)
    Blog Entries
    94
    Marine Corps Virginia

    Default

    Mike - what kind of phone are you using? Is this just something you experienced today? And are you trying to access us with the browser on the phone, or via Tapatalk? I just checked both methods and had no issues.
    0 0 0 0
     
     
    Subscribe to our BGO Mailing List

    You ain't bonafide

  6. #6
    BGObsessed
    Join Date
    03-25-12
    Location
    My location
    Posts
    297
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    Baylor

    Default

    I have had they same problem if I try to access through google. Also it is only when I use google. It happens every time for me.
    0 0 0 0
     
     

  7. #7
    BGObsessed
    Join Date
    07-28-09
    Location
    Yorktown, VA
    Posts
    2,051
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)

    Default

    I can access the site from my desktop, but my Ipad shows "default website page".
    0 0 0 0
     
     

  8. #8

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    there is something going on with the site.

    when i try to access the site through google chrome it automatically forwards me to this page:
    https://www.bgobsession.com/cgi-sys/defaultwebpage.cgi

    i then tried accessing through google and was sent to a malicious site that tried to load malware onto my machine.

    i'm double checking that i'm not infected, but i find it curious three of us are having the same problem with this site. i have no problem with other sites.

    btw in IE 9 it seems to work fine. i'll let you know what happens.


    edit: if i google bgobsession.com, and click on any of the sub links (ie: sons of washington) the link works great. if i click the link to the main site i get redirected to a malcious site.
    it really sounds like google dns poisoning on my machine, but i use google as part of my job (probably 200 times a day minimum i google something) and this is the only site i have this problem with... i'll continue investigating...
    0 0 0 0
     
     

  9. #9

    Join Date
    07-15-09
    Location
    Houston, TX
    Posts
    13,516
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    Florida Atlantic

    Default

    Yeah, I had the same problem yesterday, but it seems to be fixed today.
    0 0 0 0
     
     

  10. #10

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    antivirus came back with 0 threats found

    and now google results are working.

    what version of apache, cpanel, and php is the site running?
    0 0 0 0
     
     

  11. #11

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    looks like we're on vbulletin 3.8.2 which is pretty far behind. looks like the latest version is 4.1.12, and the latest 3.8.x version is 3.8.7.

    I'd strongly suggest the site be upgraded. I'm not 100% convinced the problem is with the site (although i'm 99% convinced, and the fact that it's redirecting to malicious sites is super worrying) but the site should be upgraded anyways. Vbulletin released 3.8.3 in 2009. So we're 3 years behind in terms of security. The site needs to be upgraded as soon as someone has time, even if these issues are on our machines.
    0 0 0 0
     
     

  12. #12

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    ok, so it appears clearing cache in chrome fixed the default website problem.

    i'm still curious about the redirect to the malicious site... and the update recommendation still stands
    0 0 0 0
     
     

  13. #13

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    The following is what i've been able to find based on my access to the site. I may be wrong. If so, I apologize, and I'm not trying to be an alarmist about it. This is part of my job to know this stuff... so please at least consider looking into it...


    Ok. so we're definitely infected (the site).

    Google redirects are being hijacked by some malicious code to (DO NOT GO HERE) url2short (DOT) info
    If you get the redirect it'll actually corrupt your browser cache, and take you to this site for future lookups.

    CLIENT FIX:
    If you're computer is having these problems do the following:
    Open your browser(s) and clear cache - every browser is different. Look through the tools/settings options to delete/clear browser info/settings/history/etc.
    If you're on windows, for safe measure, open a command prompt and type in: ipconfig /flushdns
    You should be good to go. Do not access the site via google links until the site has been cleaned/patched. Use the direct address in your address bar.

    SITE FIX:
    references on how to clean up:
    https://www.vbulletin.com/forum/show...url2short-info

    which eventually takes you here:
    http://www.theadminzone.com/forums/s...2&postcount=81

    that last link is the fix to clean the site.

    these things typically happen because the site software i updated, release notes are put out, and script kiddies go through and find vulnerabilities. they then write a script to take advantage of it, and put it on their bots to scour the web running these exploits against every site it can find, hopping it hits some.

    the site admins would be wise to stay on top of php, cpanel, and vbulletin updates.
    to give you an idea, the latest Mac OSX virus was spread through unpatched wordpress blogs (which is hilarious when you think about it)...
    0 0 0 0
     
     

  14. #14

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    Update:
    I've found the best way to reproduce the problem
    1- Clear cookies/cache in browser
    2- Go to google, and search for BGO and click on the first link to the main site - http://lmgtfy.com/?q=bgobsession

    works every time for me.
    0 0 0 0
     
     

  15. #15

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    More detailed information on the fix, and this is recent (this month):
    http://abhisays.com/tips-and-tricks/...hort-info.html
    0 0 0 0
     
     

  16. #16

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    interestingly enough, here's the error that comes up as part of the redirect
    (it took like 10 times of print screening to get this before it disappeared):
    Warning: in_array() [function.in-array]: Wrong datatype for second argument in [path]/global.php(400) : eval()'d code on line 72


    I have no idea if it's related or just a side effect.
    0 0 0 0
     
     

  17. #17

    Join Date
    09-20-11
    Posts
    8,920
    Post Responses
    Thanks, Likes, & More
    Mentioned
    0 Post(s)
    George Mason

    Default

    Yeah, once you get the bad cookie you'll be redirected until you clear it (depend on which browser you use and the settings you have in it).

    I think google chrome might be a bit more susceptible because of the way it handles page requests than other browsers...

    edit: Anyone who has had this problem, please run a virus/malware scanner on your machine to make sure you didn't get an infection from the redirect to the malicious site. If you don't have anti virus installed, PLEASE get one - you can get microsoft security essentials or panda antivirus cloud for free (I recommend either of those two). I have no idea what that site tries to load, but it may be something to steals passwords or credit card numbers.

    If you've had trouble from a mobile device (iphone, ipad, android phone/tablet) get one of the anti virus scanners from your app store/market. Those devices are so susceptible and full of security flaws it's ridiculous.
    0 0 0 0
     
     

  18. #18

    Join Date
    06-30-09
    Location
    Dallas
    Posts
    4,086
    Post Responses
    Thanks, Likes, & More
    Mentioned
    18 Post(s)
    Blog Entries
    25

    Default

    We did some site work yesterday that necessitated a change in IP address that made the site appear to be down for a while. Clearing your local DNS cache resolves that issue.

    We are looking into the other possible issue now.
    0 0 0 0
     
     
    Subscribe to our BGO Mailing List

    hailus redskinus
    COYS

  19. #19

    Join Date
    04-11-09
    Location
    Greensboro, NC
    Posts
    17,834
    Post Responses
    Thanks, Likes, & More
    Mentioned
    9 Post(s)
    Blog Entries
    94
    Marine Corps Virginia

    Default

    I think there are two separate things going on here. We had an SSL certificate install yesterday which resulted in the site being down briefly. Per HostGator, our server vendor, users could either do a DNS flush (per tshiles instructions) or wait and the access would return to normal within several hours. I'm pretty sure most of the accessibility issues are due to yesterdays install.

    It also appears we do have some malicious code that's been inserted which we are addressing (thanks to tshile for identifying the issue). We may upgrade through the most recent version 3 vbulletin version. Despite security risks, we are conservative in doing so since our site is heavily customized and we would likely break some functionality by doing so. Upgrading to version 4 is a huge undertaking - and we would not even attempt going that route sooner than next offseason unless we were absolutely had to.

    Posted With Tapatalk
    0 0 0 0
     
     
    Subscribe to our BGO Mailing List

    You ain't bonafide

  20. #20

    Join Date
    04-11-09
    Location
    Greensboro, NC
    Posts
    17,834
    Post Responses
    Thanks, Likes, & More
    Mentioned
    9 Post(s)
    Blog Entries
    94
    Marine Corps Virginia

    Default

    Quote Originally Posted by MikeSr619 View Post
    unable to access the site from my phone still. not sure if you were aware of that or not but i get a default webpage error.
    Mike- did you try rebooting your phone, are you still unable to access the site via phone, or has this resolved on its own?


    Posted With Tapatalk
    0 0 0 0
     
     
    Subscribe to our BGO Mailing List

    You ain't bonafide

 

 

Similar Threads

  1. New to the site, just wanted to say hello
    By Nobody in forum The Gateway
    Replies: 19
    Last Post: 10-21-12, 01:07 AM
  2. Replies: 8
    Last Post: 12-14-11, 11:39 AM
  3. Pu$$y Problem
    By Boone in forum The 5 O'Clock Club
    Replies: 19
    Last Post: 03-02-11, 06:27 PM
  4. Arcade Problem
    By Lanky Livingston in forum Feedback & Tech Support
    Replies: 3
    Last Post: 06-17-10, 06:43 PM

User Tag List

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •