drudkh

I encountered this again today. When do you intend to upgrade IPB?

Tech, Mator, Z: Have there been any attempts to verify this?

You can view additional vulnerabilities in IPB at https://www.cvedetails.com/product/18333/Invisionpower-Invision-Power-Board.html?vendor_id=10268

The nature of the vulnerability prevents every user from seeing it. Like you, if I clear cookies and come back, it doesn't happen. Nor an incognito window. Mator, can you grep for $mds? If you're on Windows, you can get a CLI grep replacement, or (way easier) Agent Ransack is good freeware that does the same thing.

https://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html I will run each scan suggested to me. In turn, please review the above. It fits this scenario quite well.

I believe that the IP Board forum or its plugins may also be worth examining. In fact, here are two other IP Board forums suffering the same problem: https://www.focusrsoc.com/forums/topic/280530-security-issue/page-7 https://customsforge.com/topic/41042-spam-paging-loading-up-when-on-forum/ I could not find anything related to 'x0z01i15003'. I'll run Avast, but to be clear, the only executables that I run on my machine are from reputable modding sites or trusted third parties.

How and where is this site hosted? For example, are you paying for a VPS and you took the time to install the forum software yourself? What third party plugins are installed on the forum? Could any of them be out of date? What third party scripts are attempted to be loaded? Are any on non-reputable CDNs? kabepo, it's occurring to multiple users across multiple browsers, in addition to myself (which occurred across multiple machines, in different networks, one being a work network where every machine has malware protection). If you are going to continue to engage, please help us reproduce this or suggest a piece of software that you would like me to use to scan my home machine. I'll be happy if something turns up and there's nothing wrong with the STEP forum. Otherwise, you are actually undermining and misdirecting the discussion.

Firefox, latest. It's definitely erratic - if it occurs and I go back, it doesn't occur again.

Hiya, On separate computers (one being my work machine where a handful of measure are taken to prevent malware) I have experienced a redirect to a couple of domains attempting to phish credentials. Other users seem to have experienced this as well. It is of course entirely possible that my computer has been infected prior (or other user error), but please consider the possibility as well that STEP may be serving some content/script that may be causing this. An example of what occurs: I search (generally with DuckDuckGo) for something that I care about on the STEP forum, such as DynDoLod resources. https://duckduckgo.com/?q=dyndolod+resources+sse&t=ffab&ia=web I click on a link that I can see takes me to https://forum.step-project.com/topic/11462-dyndolod-2xx-full-update-post/ After clicking that link, I (used to, see bottom) get redirected to https://q54w.redirect00002.net/?nihifa=flow Which in turn redirects me to https://x0z01i16003.info/en/?id=KzEgKDg4OCkgMjg2LTY1ODU The above links can create a bunch of awful noise and will ask you for credentials, I don't recommend clicking them. That said, you can visit them and because you're not downloading / executing random code from the internet, it's not the end of the world. To prevent this from occurring again, I have modified my HOSTS file to not allow those two domains to resolve. 0.0.0.0 q54w.redirect00002.net 0.0.0.0 x0z01i16003.info A full description of HOSTS file modifications is available at https://blog.achievable.me/tech/edit-hosts-file-on-windows-mac-or-linux/ So to the admins I ask that you take a bit of time to review how this may be occurring and take steps to address it. Thank you! -drudkh