Death Warrant Forums

I have confirmed that the link returned by a google search for "clandw" does indeed return a bogus/infected site. Sokoro is right. That's all I can/will say.

This is an error message which I received when I tried to connect through google results with IE 10:

Warning: file_get_contents() expects at most 2 parameters, 3 given in /homez.149/elixirbi/www/index_backup.php on line 1

Futher indicating that you have rogue files in your root php library. Please do something.
Also I found other websites which redirect with such error.

Thread of somebody having very similiar problem.. and outdated joomla like you..
http://forum.joomla.org/viewtopic.php?f=432&t=648775

Yes you have outdated joomla!
http://sitecheck.sucuri.net/scanner/?sc ... clandw.org

Also your website seems to be working very slow.. It takes several seconds before it redirect me to end of the thread with my post posted.. after I click [Submit]

I have 165ms 3.63mbps down 3.17mbps up from Pilsen to Tempe... that is ok I guess.... for being across the globe.. maybe you should upgrade your server's internet connection... I have the best in my state.

Security warning in the URL:
http://www.clandw.org/resources/fullgam ... e-tracker-

Suspicious domain detected:
http: //1006jrfjhjr.dynamicdns.org.uk:85/SNrXO5eZUmezafp1VSscRaEmTDduhjoEBK5 (infected do not go there)

A suspicious code was identified loading content from a blacklisted domain. Those types of code are often used to distribute malware from external web sites while not being visible to the user.

EDIT: hmm I just did a rescan and it no longer return this detection.. but you still have outdated joomla and that is a security issue.

Ok not sure what is up. Google webmaster says we are clean. I can only duplicate this going through google Brazil. I don't believe the site to be infected still. Yes am working on the upgrade but everything has changed so it's going to take some time. Hopefully before the New Year we get it done.

I am just on a fresh install. Loaded Chrome. Searched for clandw. Pulled us up just fine. Open for suggestions. I guess we could try contacting google brazil.

Just something I found.. you are on a list:
http://evuln.com/labs/www.google.com.br/

First three letters for the infected websites are censored.. so search for "ndw.org"

and this!:

http://evuln.com/tools/malware-scanner/clandw.org/

"The website redirects visitors from search engines to the 3rd-party URL:
->http://www.elixir-bienetre.com/includes ... img/js.php
684 websites infected."

Little guide: http://evuln.com/hacked/redirect.html

Edit:
Seems that it is a chain of redirects, which send users acros several infected websites and then to google.br
http://evuln.com/tools/malware-scanner/ ... ellaun.de/

I did this check:
http://urlquery.net/report.php?id=3735596

And it seems that you have http transaction with google.com.tr which is turkish google. That is really fishy.. could you explain?

unmaskparasites.com scan on clandw.org shows this hidden external link:

<IFrame> hidden link - http: //www.google.com.tr/url?sa=t&rct=j&q=seo& ... 5608,d.Yms

turkish... goes to some turkish website about who knows what..

This reports the external link, hidden in iframe, and 56 sucpicious files with the link
http://www.quttera.com/detailed_report/www.clandw.org

its the turkish kebab that does all the damage.... :blackeye:

I have to confirm with sokoro that everytime I post a reply (clicking the "submit" button) it takes too much time for me also for the post to be submitted and the page to be fully refresh-ed. (which personally is the only web-page/forum that I have this isuue)...but i assumed it had to do with the server load/bandwidth....

besides that, I never had a "weird" redirect from google results for clandw....

ps: even microsoft suggests users NOT to use IE

ps2: page layout of the forum is wider by 100-200px (horizontal res)

Sokoro wrote:I did this check:
http://urlquery.net/report.php?id=3735596

And it seems that you have http transaction with google.com.tr which is turkish google. That is really fishy.. could you explain?Nope, Have no idea

unmaskparasites.com scan on clandw.org shows this hidden external link:

<IFrame> hidden link - http: //www.google.com.tr/url?sa=t&rct=j&q=seo& ... 5608,d.Yms

turkish... goes to some turkish website about who knows what..I manually went through and took out the bad code, possible I missed something but I'm not seeing a bunch of infected files again. Hidden link in a I-frame. How the hell do I track that down. I didn't write the code nor am I smart enough. I did paste it all together thought with what I thought to be reputable stuff.

This reports the external link, hidden in iframe, and 56 sucpicious files with the link
http://www.quttera.com/detailed_report/www.clandw.org

Now that is interesting says the 1 malicious code is a .gif, maybe I didn't get to the root of it. Will be killing a gif

hmm those hidden iframes could be just some trick to get better google pagerank for the websites which are linked in them, since both (yes there is currently another one: www .seo.mavi1.org ) of those turkish websites seems to be clean.
You should contact someone from joomla masters/admins to ask them if it is intentional or infection.

Did you all change passwords and scanned your computers after the event when website was down?
I read that hackers sometimes use your own computer to infect your website through ftp.

You are still redirecting: http://evuln.com/tools/malware-scanner/ ... rg/rescan/

Edit: another website comfirming the redirect: http://aw-snap.info/file-viewer/?tgt=ht ... &ua_sel=ff

So you are still infected... you need to do something, try to ask on some forums for help.. eg:
https://www.badwarebusters.org
http://productforums.google.com/forum/? ... cked-sites