I have tried this on more than one computer and get the same result ever time.

Close your browser and open it again or go into incognito / privacy mode. This deletes all the cookies.

Go to google and search "kiwi biker" or some other topic that will bring up results.

When you click on the link you get taken to somewhere else with popup adverts. It only does it the first time. The second time you click on the link it goes to the correct location.

Yep I noticed that a few days ago. Obviously the crack team at KB IT Department have been away from the keyboards for a while.

Yeah nah, bet you're using Avast (http://www.kiwibiker.co.nz/forums/showthread.php/172620-Avast-warning?p=1130822002#post1130822002)

Yeah nah, bet you're using Avast (http://www.kiwibiker.co.nz/forums/showthread.php/172620-Avast-warning?p=1130822002#post1130822002)

Nope I'd never touch that shit.

Hmm interesting I had this happen a few weeks ago. Hasn't happened again since however.

Yeah nah, bet you're using Avast (http://www.kiwibiker.co.nz/forums/showthread.php/172620-Avast-warning?p=1130822002#post1130822002)

Don't rely in AV software to save you.

My guess is a vulnerability it vBullietin that has allowed someone to modify the mod_rewrite rules or .htaccess in apache.

Might be a patch or else they will need to upgrade to a newer version.

Privacy mode huh. What are you looking at?

Hmm interesting I had this happen a few weeks ago. Hasn't happened again since however.

It only does it once. I think that it writes a cookie to prevent it happening again to the same person. Close your browser and open it again or you might need to delete cookies.

Or go into incognito / privacy mode.

You also need to be clicking on a link from google etc. Opening the site directly won't trigger it.

You should then see it again.

Privacy mode huh. What are you looking at?

https://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info
https://support.google.com/chrome/answer/95464?hl=en

IE also has this feature but wouldn't recommend using that....

My guess is a vulnerability it vBullietin that has allowed someone to modify the mod_rewrite rules or .htaccess in apache.

Might be a patch or else they will need to upgrade to a newer version.

More likely it's Google.

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CB8QFjAA&url=http%3A%2F%2Fwww.kiwibiker.co.nz%2F&ei=pPHfVN3EL9Tm8AW1xIFA&usg=AFQjCNFRxvKTf2bXgt2rbPZk5DmFJetY4g&bvm=bv.85970519,d.dGc

That's the first link you get when you search Google for "kiwibiker". So they're not taking you directly to this site, they're passing you through something else.

If you logout, kill off your Incognito window, come back to this page as a guest and click on that link it takes you to filestore72.info rather than to this site.

Same thing happens with Bing.

Duckduckgo, ixquick and DogPile take you straight to this site. I haven't tried any others.

However, I'll check the site just in case.

More likely it's Google..

No. KB has malware installed on it.

http://youtu.be/L9tjcB_ij-0?t=5m49s

No. KB has malware installed on it.

http://youtu.be/L9tjcB_ij-0?t=5m49s

Nope. There's only a single rewrite rule in any of the .htaccess files and that writes a forbidden.

Others are significantly harder to detect so they're going to take a while.

Nope. There's only a single rewrite rule in any of the .htaccess files and that writes a forbidden.

Others are significantly harder to detect so they're going to take a while.

http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/426213-vbulletin-4-2-0-pl3-hacked-redirect-to-filestore72-info

Solution: disabling register_globals, and/or initializing $vbseo_crules, $seo_replace_inurls at the start of vbseo.php.

Nope. There's only a single rewrite rule in any of the .htaccess files and that writes a forbidden.

Others are significantly harder to detect so they're going to take a while.

Do you have a backup of the site from the last time that you modified it? Has to be at least a few months ago. They see what files have changed.

I use a tool called meld - http://meldmerge.org/

It will give you a side by side view of files that have changed in a directory. Also gives you a line by line view of changes in each file. Could be really useful for finding things like this.

http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/426213-vbulletin-4-2-0-pl3-hacked-redirect-to-filestore72-info

Solution: disabling register_globals, and/or initializing $vbseo_crules, $seo_replace_inurls at the start of vbseo.php.

Chur bro

Do you have a backup of the site from the last time that you modified it? Has to be at least a few months ago. They see what files have changed.

I use a tool called meld - http://meldmerge.org/

It will give you a side by side view of files that have changed in a directory. Also gives you a line by line view of changes in each file. Could be really useful for finding things like this.

I don't have access to the backups for the site as that lives at SpankMe's house. Looks like there's a solution though.

http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/426213-vbulletin-4-2-0-pl3-hacked-redirect-to-filestore72-info

Solution: disabling register_globals, and/or initializing $vbseo_crules, $seo_replace_inurls at the start of vbseo.php.

Well done. That looks to be the problem. Might also be worth checking that none of the files have been modified since the last backup.

EDIT Spank sorted it

I have updated to the latest TapaTalk version and re-enabled. Thanks for letting us know.

Chur bro

I just came to list a bike for sale :)
Thought I better pull my weight

(Actually I noticed this morning when I followed a link from the google)

Quite a good explanation of what been going no here for anyone interested, geeky enough.

http://www.symantec.com/connect/articles/five-common-web-application-vulnerabilities

I just came to list a bike for sale :)
Thought I better pull my weight

(Actually I noticed this morning when I followed a link from the google)

I hope you're getting an Indian.