I often use Google to search the KahrTalk forum. I like the way Google handles the searches and displays the results, and I find what I am looking for more effectively that way. Also, I don't have to learn and get used to the search functions of a particular forum or site - this works for all of them.

BUT, it seems that more often than not, when I click one of the search results, I get redirected to this advertising page (see below). Then I close that tab, or click the back button, then click that very same link again, and it works properly the second time.

Why is this happening? It does not happen with any other site or forum I search in this manner.

If this is a paid advertising thing, I want to send a message to whoever at KahrTalk signed up this deal:

I will NEVER, EVER purchase ANYTHING that is advertised to me in a click redirection, pop-up, pop-under, view-obstructing overlay, unsolicited e-mail, or any other sneaky way that gets an advertisement in my way when I am trying to do something else on the internet. NEVER.

/rant

But I understand it might not be about the click-throughs or actual sales. It might be just about the "impressions". You might get paid whether I click on it or buy anything or not.

Small advertisements on the periphery of the pages I am looking at? Sure, I understand you gotta pay for the costs of running the site somehow. But please don't let these ads get out of hand and in the way.

KahrTalk might get a kick-back every time one of these damned things gets in my way. But every time it happens, I like coming here and participating just a little bit less. Just saying.

it's not deliberately being done. but there are only a couple of possible causes. one, you may have picked up a root kit level redirect piece of malware that your AV or anti-RootKit isn't picking up. two, kahrtalk.com could have something that got hacked/intruded on w/ regard to an htaccess file on the server that randomly redirects, but not with every link clicked in a search results. no way to really know unless you are 100% sure you are clean. but it's getting harder and harder every year to know you are 100% clean. i'm not a guru on this stuff, but somebody at kahrtalk may want to look into it w/ their hosting provider. i.e. wherever vbulletin is being hosted for them, start checking at the root level for an htaccess file w/ some goofy javascript in it.

it's not deliberately being done. but there are only a couple of possible causes. one, you may have picked up a root kit level redirect piece of malware that your AV or anti-RootKit isn't picking up. two, kahrtalk.com could have something that got hacked/intruded on w/ regard to an htaccess file on the server that randomly redirects, but not with every link clicked in a search results. no way to really know unless you are 100% sure you are clean. but it's getting harder and harder every year to know you are 100% clean. i'm not a guru on this stuff, but somebody at kahrtalk may want to look into it w/ their hosting provider. i.e. wherever vbulletin is being hosted for them, start checking at the root level for an htaccess file w/ some goofy javascript in it.

Well, not being arrogant or anything here, but I am an IT professional and spend my days cleaning up viruses from my customers' computers.

Also, I just replaced my hard drive and loaded my OS from scratch a couple of months ago, and this has been happening since day 1 that I joined KahrTalk (at least 6 months ago), and nowhere else.

I spend a large portion of my days at the computer, and I do countless Google searches. It _only_ happens when I click KahrTalk Google search results.

So I am _reasonably_ certain it's not something on my computer.

FWIW, I get something similar on both my XP desktops, my Linux server, and my XP laptop at work... but all the time. I can vouch that there is NO virus or rootkit at work on either of my two desktops or the server.

Not sure what it is... but its annoying. I just bookmark it, and avoid Google

sorry if that came across as suggesting you weren't aware if you were protected enough...wasn't my intention...just didn't have any idea if you were or were not. i don't recall if i've seen this particular redirect here, but i've seen it at other PHP based forums and did some research on why it was happening. i don't know how it's pulled off on the server (i'm a .NET guy and know very little about PHP), but that's one method of getting this redirect malware to annoy people and that's to get it onto the root level of the site directory w/ a random redirect, so sometimes you get the site, other times you get the garbage. coming directly to the site should not cause it.

wonder who to tell to have them look at it? based on both of your responses and both of you being pretty confident it's not coming from something local, i suspect the site has gotten poked by something.

i'll try and do google searches instead of using the site search and see if i see the same thing.

No offense taken. You had no idea of my background, and many forum users wouldn't know what a rootkit was if one bit them in the ass.

I can send a note to the forum admin directly, but I hate to bug him and wanted to put this out there to see if anyone else had noticed it before crying wolf.

+1 what hylton said. I suspect there's been an inject in one or more files on Kahrtalk's server.

I run several websites for Scouting units in my area and this happens frequently. I think it's called HTTP Fake AV Redirect Request.

It's a bear to sort through all the individual files to locate and it likely exists in multiple locations.

Dunno about vbulletin but this condition certainly exists in the joomla world.

I believe a possible solution might be located here:

http://www.vbseo.com/f77/google-redirecting-filestore123-info-49062/index3.html

yea, i get the same thing. added home page to favorites, i'll let someone else fix it :D

I disabled VBSEO quite a while back due to this issue. I am wondering if Google searches still have the redirected links from results during the period when VBSEO was running? I have tested quite a few Google returned threads and had no redirect.

there's code planted in multiple files in the system.
I realize they're different systems but in my Joomla sites I found at least 15 files there were cross infected. It's a php thing. If your FTP will allow searches, you can find out what the code string is and run the whole site to see if it locates that or similar strings.

there's code planted in multiple files in the system.
I realize they're different systems but in my Joomla sites I found at least 15 files there were cross infected. It's a php thing. If your FTP will allow searches, you can find out what the code string is and run the whole site to see if it locates that or similar strings.

You think I have any Joomla sites in my crystal ball. Antibiotics help at all.

Oh man!.....a php thing, we're doomed. What if I reboot, Jocko that means turn it off and turn it back on. There isn't a button that says reboot. Ask me how I know.

Find the any key. it could be near the DVD Drive/Cup holder.

http://sportscarforums.com/gallery/data/39/funny-computer-screen-faked-parodies-picture.jpg

Never had that problem with CPM. Dang Windows anyway. Let's all go back to command line interfaces. We spend all our time here anyway.

Ah... the good old days when I used to "play" with BASIC. Things were simpler then and there wasn't much video/graphics, though some guys excelled with that.

I had a TRS-80 15K RAM and later a Model III that I had twin double-sided 360k drives installed. It might have had 32K RAM. All black and white eye-destroying-flicker monitors... used green-screen overlay... helped a bit. Went a few years and got a Commodore-64 while on leave from Germany... color! Video and games!

Now we have these Windows systems with gigabytes of bloated code... giant house of cards... still running 2005 Media Edition XP... like XP Professional... no DRM crap and more stable than a few later OS's.

Sorry... just reminiscing.:rolleyes:

Wynn:)

I still haven't seen my stuff get redirected coming in from clicking search results, but I think it's just the luck of the draw. I've seen it on some other forums, may have been WaltherForums, which also runs vbulletin.

I agree, from what I read, there are a number of flavors of these things, and they impact more than just vbulletin. Potentially anything PHP, of which Joomla is one target.

Sounds like some more folks that might be more knowledgeable than this Microsoft devotee are engaged now...so I'll leave it to higher powers at this point.

Find the any key. it could be near the DVD Drive/Cup holder.

http://sportscarforums.com/gallery/data/39/funny-computer-screen-faked-parodies-picture.jpg

I know where the cup holder is, whats a DVD Drive? My new computer, the dumb idiots put the cup holder in side ways, how the heck is that suppose to work anyhow. Can't use if for a cup holder unless I lay the thing on its side which seems pointless to me. I can still use them little shiny record things in there, somehow they manage to stand up on edge. Must be modern technology?

Bawanna,

I can give you the magic Windows solution, but you have to promise not to share with anyone.....

Alt+F4 Works everytime.

Bawanna,

I can give you the magic Windows solution, but you have to promise not to share with anyone.....

Alt+F4 Works everytime.

Yeah right, like I'm gonna fall for that one. Hey there really is a Alt button though, that's a good sign. What's really gonna happen. Melt down, make my drive hard, spoil all my cookies and java's. Wait, java's must have something to do with the cup holder..........hmmm, since this new machine has a sideways cup holder maybe it don't have no java's?

I think I'm starting to get a grasp on this computer lingo stuff but I better stick to wood.

Ugh, I think we found it. Something in the CMPS software. I will get it taken care of. I hate running addons.... :(

Ugh, I think we found it. Something in the CMPS software. I will get it taken care of. I hate running addons.... :(

Your efforts are much appreciated!

Cool!
there are some good sample htaccess files you can use to prevent this.
Will look around a bit to see what I can find.

I appreciate it. Fire them my way if you get something tracked down.