This problem has caused me nothing but headaches for 2 weeks but ive finnaly got to the bottom of it.

Why when i enable CB Plugins integration on the CB login module do my users get a redirect to a page that says

You 404’d it. Gnarly, dude.

and advertises sliding gates with Queensland contact numbers.

Funny how i can use any other login module and my site works fine. Whats the fix guys its pretty obvious its in your programming

Im running 1.5.25 Joomla 1.7.1 CB, Auction Factory, UDDEIM.

I'm running a permissions trial at the moment. As with a previous thread a 3rd party extension may have malicious php script.

Ive 444 permission-ed all administration php files and passworded the Administration directory through control panel. So far so good.

And hey its neither of our programming its a hackers was just a little frustrated. My apologies

The 444 permissions on the joomla administration folder should be sufficient for the "hacker" to not activate the malicous php files. Only prob is every time i need to make changes to my back-end i have to re-permission everything. BUT This should buy me enough time to find their gateway and hope they havent script or something SQL to re-permission what they need(fingers crossed).

Thanks for reply. Close thread

The thing about these script injection malware scripts (which it sounds like this is) is it's not some guy name Boris in a shack in Latvia, it's actually an automated bot script that finds an open site to attack, then bases more attacks from that server, and so on, and so on.

Setting your permissions correctly is a good starting point, but if it's already gotten a hold in your files there's always a good chance there's still a piece of it hiding out silently that you haven't found, and most of these things can change your permissions to whatever it wants at that point.

If you're on a shared hosting plan then your options are somewhat limited, my experience with dealing with shared hosting support don't understand the issue and don't want to help prevent it.

However, if you're on a vps or dedicated server, something with root access basically, you can stop these things pretty quick. I recommend installing mod security, and setting up suphp or even better suhosin (however suhosin can be frustrating to work with at times if you're using ajax).

Ive gotten up this morning and nothing is redirecting. Your are right though sfraise.

As i had a clean backup of the site i restored it and set things for front end users to use and quickly changed permissions before the next crawl.

I initially assumed it was this bot hitting my site that was causing the issue

Host: 220.181.108.77
/
Http Code: 200 Date: Jan 08 18:59:06 Http Version: HTTP/1.1 Size in Bytes: 19846
Referer: -
Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)

The other host that it seems to generate from is

Host: 180.76.5.113

/show-auctions/listauctions/kids/clothes.html
Http Code: 404 Date: Jan 08 18:28:56 Http Version: HTTP/1.1 Size in Bytes: 1390
Referer: -
Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)

Ive heard this bot is bad but then ive heard/read it can be also be let go to legitimately crawl my site and really there is no point range banning ip's as the bot can be set up to re-route through a proxy server in Nigeria.

Around Christmas i range blocked the 180.76.*.* host through htaccess knowing i could potentially be blocking out the whole East coast of China and limiting my traffic to my site which obviously wasn't the ideal situation.

On doing this though things got more aggressive and the bot/hacker (really it is a automated machine set up by a person probably a Boris in Latvia hehe at the end of the day) started systematically limiting everything i could do and constantly redirecting even or destroying elements of the site .

Anyway to cut long story short I don't have root access and yes I'm on a shared hosting plan and my support thinks as most do what they are doing is the best they can do.

After setting the permissions the way i have though my site has now been online since last post without any redirection problems. (will further test functionality as a normal user more today). Hopefully then when the bot crawls my site it goes mmmmmm to hard and leaves it alone.