Anyone else have this problem accessing the site ?

[Fear The Spear]

I usually don't access BGO through bookmarks, because I have so many of them, that it would just drop to the bottom of the list, and make it harder to access.
And I usually don't type it in manually, because there's a certain page I like to go to, whose address is hard to remember.
I usually access through the "drop-down url address box" based on memory of your previous sites pulled up.
But sometimes I clear all history, including that. So then I will go to Google, and type in BGO.
But here's the problem - many times, over the period of a long time, including many consecutive attempts, when I click on the BGO link in Google, it will take me to a malicious site. First, the link on Google looks perfectly valid - the description of the site is valid, it has all the other sub-links for BGO listed, and when I hover over the link, it shows the actual BGO link in the lower left.
But when I click on it, it goes through this "re-direct" process, and takes me to this wierd and malicious page, and my Anti-Virus goes wild with all kinds of warnings. THEN, it won't let me close the page, When I try to X out of it, a pop-up comes up asking me if I'm sure I want to leave the page. And no matter
which answer I choose, it doesn't close the page. The only way to close the page, is to do CNTRL-ALT=-DELETE and close it through Task Manager.
Things is, this ONLY happens when I search for BGO on Google, and click on it, and no other site !!

My question is where this is the result of

A) An internet or Google issue
B) A BGO issue....or
C) A virus or some issue on my own PC

 

[Neophyte]

Fear,

I would start with running something like Malwarebytes on you local system. What you describing sounds a lot like malware that high jacks your system when a particular URL is accessed. That fact that it doesn't happen all the time has me stumped a bit though.

I also hasten to point out that though we would like to, we do not currently own www.bgo.com so that is not an alias for www.bgobsession.com.

If this is a place you visit often, and we hope you do, might I suggest a book mark on your browsers tool bar? That way it is up where it is easy to access and it won't get mixed in with your other bookmarks on your favorites menu. I actually have it set up as a tab in all my browsers (one of 7 default tabs I have created) so when I open a browser, BGO opens automatically with it.

 

[Fear The Spear]

Thanks for the reply.
Just to clarify, I'm not actually clicking on a "bgo.com" link, I was just abbreviating it for the sake of the post. I actually search for bgobsession, and click on a link that says "bgobsession.com"
I have Malwarebytes, and I've run it, along with Avast, but they havn't found anything. I don't have any other noticeable problems with my PC.
I did what you suggested, an option I forgot about - I dragged the url to the toolbar, for a quick link. Hopefully that will be a fix of some sort. Thanks again.

 

[Fear The Spear]

Well I ran SuperAntiSpyware, and it found some junk (it usually does anyway), and it seems to have stopped the problem.....at least for now.

 

[Boone]

Mike - what kind of phone are you using? Is this just something you experienced today? And are you trying to access us with the browser on the phone, or via Tapatalk? I just checked both methods and had no issues.

 

[RG3 Fan]

I have had they same problem if I try to access through google. Also it is only when I use google. It happens every time for me.

 

[riggins44]

I can access the site from my desktop, but my Ipad shows "default website page".

 

[tshile]

there is something going on with the site.

when i try to access the site through google chrome it automatically forwards me to this page:
http://www.bgobsession.com/cgi-sys/defaultwebpage.cgi

i then tried accessing through google and was sent to a malicious site that tried to load malware onto my machine.

i'm double checking that i'm not infected, but i find it curious three of us are having the same problem with this site. i have no problem with other sites.

btw in IE 9 it seems to work fine. i'll let you know what happens.


edit: if i google bgobsession.com, and click on any of the sub links (ie: sons of washington) the link works great. if i click the link to the main site i get redirected to a malcious site.
it really sounds like google dns poisoning on my machine, but i use google as part of my job (probably 200 times a day minimum i google something) and this is the only site i have this problem with... i'll continue investigating...

 

[Lanky Livingston]

Yeah, I had the same problem yesterday, but it seems to be fixed today.

 

[tshile]

antivirus came back with 0 threats found

and now google results are working.

what version of apache, cpanel, and php is the site running?

 

[tshile]

looks like we're on vbulletin 3.8.2 which is pretty far behind. looks like the latest version is 4.1.12, and the latest 3.8.x version is 3.8.7.

I'd strongly suggest the site be upgraded. I'm not 100% convinced the problem is with the site (although i'm 99% convinced, and the fact that it's redirecting to malicious sites is super worrying) but the site should be upgraded anyways. Vbulletin released 3.8.3 in 2009. So we're 3 years behind in terms of security. The site needs to be upgraded as soon as someone has time, even if these issues are on our machines.

 

[tshile]

ok, so it appears clearing cache in chrome fixed the default website problem.

i'm still curious about the redirect to the malicious site... and the update recommendation still stands

 

[tshile]

The following is what i've been able to find based on my access to the site. I may be wrong. If so, I apologize, and I'm not trying to be an alarmist about it. This is part of my job to know this stuff... so please at least consider looking into it...


Ok. so we're definitely infected (the site).

Google redirects are being hijacked by some malicious code to (DO NOT GO HERE) url2short (DOT) info
If you get the redirect it'll actually corrupt your browser cache, and take you to this site for future lookups.

CLIENT FIX:
If you're computer is having these problems do the following:
Open your browser(s) and clear cache - every browser is different. Look through the tools/settings options to delete/clear browser info/settings/history/etc.
If you're on windows, for safe measure, open a command prompt and type in: ipconfig /flushdns
You should be good to go. Do not access the site via google links until the site has been cleaned/patched. Use the direct address in your address bar.

SITE FIX:
references on how to clean up:
https://www.vbulletin.com/forum/showthread.php/399105-Google-traffic-redirecting-to-url2short-info

which eventually takes you here:
http://www.theadminzone.com/forums/showpost.php?p=597122&postcount=81

that last link is the fix to clean the site.

these things typically happen because the site software i updated, release notes are put out, and script kiddies go through and find vulnerabilities. they then write a script to take advantage of it, and put it on their bots to scour the web running these exploits against every site it can find, hopping it hits some.

the site admins would be wise to stay on top of php, cpanel, and vbulletin updates.
to give you an idea, the latest Mac OSX virus was spread through unpatched wordpress blogs (which is hilarious when you think about it)...

 

[tshile]

Update:
I've found the best way to reproduce the problem
1- Clear cookies/cache in browser
2- Go to google, and search for BGO and click on the first link to the main site - http://lmgtfy.com/?q=bgobsession

works every time for me.

 

[tshile]

More detailed information on the fix, and this is recent (this month):
http://abhisays.com/tips-and-tricks/how-to-fix-forum-redirecting-to-url2short-info.html

 

[tshile]

interestingly enough, here's the error that comes up as part of the redirect
(it took like 10 times of print screening to get this before it disappeared):
Warning: in_array() [function.in-array]: Wrong datatype for second argument in [path]/global.php(400) : eval()'d code on line 72


I have no idea if it's related or just a side effect.

 

[tshile]

Yeah, once you get the bad cookie you'll be redirected until you clear it (depend on which browser you use and the settings you have in it).

I think google chrome might be a bit more susceptible because of the way it handles page requests than other browsers...

edit: Anyone who has had this problem, please run a virus/malware scanner on your machine to make sure you didn't get an infection from the redirect to the malicious site. If you don't have anti virus installed, PLEASE get one - you can get microsoft security essentials or panda antivirus cloud for free (I recommend either of those two). I have no idea what that site tries to load, but it may be something to steals passwords or credit card numbers.

If you've had trouble from a mobile device (iphone, ipad, android phone/tablet) get one of the anti virus scanners from your app store/market. Those devices are so susceptible and full of security flaws it's ridiculous.

 

[Neophyte]

We did some site work yesterday that necessitated a change in IP address that made the site appear to be down for a while. Clearing your local DNS cache resolves that issue.

We are looking into the other possible issue now.

 

[Boone]

I think there are two separate things going on here. We had an SSL certificate install yesterday which resulted in the site being down briefly. Per HostGator, our server vendor, users could either do a DNS flush (per tshiles instructions) or wait and the access would return to normal within several hours. I'm pretty sure most of the accessibility issues are due to yesterdays install.

It also appears we do have some malicious code that's been inserted which we are addressing (thanks to tshile for identifying the issue). We may upgrade through the most recent version 3 vbulletin version. Despite security risks, we are conservative in doing so since our site is heavily customized and we would likely break some functionality by doing so. Upgrading to version 4 is a huge undertaking - and we would not even attempt going that route sooner than next offseason unless we were absolutely had to.

Sent from my BlackBerry 9650 using Tapatalk

 

[Boone]

unable to access the site from my phone still. not sure if you were aware of that or not but i get a default webpage error.

Mike- did you try rebooting your phone, are you still unable to access the site via phone, or has this resolved on its own?


Sent from my BlackBerry 9650 using Tapatalk