It doesn't always happen, but sometimes, when I do a search with firefox 21, knoppix 7.0.5, from the google.com site for knoppix forum and then I click on the first result, instead of going to this forum, I end up on:

http://filestore72.info/download.php?id=a0cd929c

very strange, does not happen each time, but happened several times and I watch carefully what I click on.

If I click the back button and click again, I end up properly on this forum. Wonder if the form or my software may have been hacked. No real harm, just click the back arrow and select again, but weird.

Wonder if anyone else has observed this?

I don't seem to see any problem, Dave.

This is a known issue when a site's htaccess file has been compromised. Ours seems fine. It is also caused when the user's PC has been compromised. A Google redirect can be a caused by a hijacked browser (http://support.mozilla.org/en-US/questions/673350) or something as simple as a compromised hosts file on a Windows PC.

Please let us know when you've solved this.

Greetings, Dave & Clinton.

If the unwanted URL that occurs is always (or often) the same, you might
try adding that URL to NoScript, to see if that solves your problem.

I didn't see this thread at first and created a duplicate thread. I have the same issue. Here is my experience:

Hacked by filestore72.info?


It doesn't seem to happen everytime, but occasionally, when I do a google search for the knoppix forum and click on the result, the first time I am redirected to filestore72.info.

I'm not sure why this is happening or if my Linux 7.0.5, Firefox 21 or the knoppix.net/forum is causing this. Not a big deal, I, do the search again and end up where I want, but something is definitely going on - has happened for a while.

This link: Vbulletin hacked redirected to filestore72.info sure sounds similar:
http://www.vbulletin.com/forum/forum...lestore72-info (http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/426213-vbulletin-4-2-0-pl3-hacked-redirect-to-filestore72-info)

Thanks for your feedback. I'll do some more digging into this to see if there's a security issue anywhere that needs to be fixed.

I don't believe that there is a security issue of the forum software.

I type in the address line of Firefox "www.google.com". Google changes the content of my Firefox address line to
https://www.google.deNow I type in the Google searchline "knoppix forum"Immediately Google changes the content of my Firefox address line to

https://www.google.de/#gs_rn=18
&gs_ri=psy-ab
&cp=12
&gs_id=du
&xhr=t
&q=knoppix+forum
&es_nrs=true
&pf=p
&sclient=psy-ab
&oq=knoppix+foru
&gs_l=
&pbx=1
&bav=on.2,or.r_qf.
&bvm=bv.48340889,d.Yms
&fp=c77708117ee4b91c
&biw=915
&bih=600The first hit for me is "Startseite - Knoppix Forum | www. KnoppixForum .de". The URL Google gives me for this site is

http://www.google.de/url?sa=t
&rct=j
&q=
&esrc=s
&source=web
&cd=1
&cad=rja
&sqi=2
&ved=0CC0QFjAA
&url=http%3A%2F%2Fwww.knoppixforum.de%2F
&ei=M-XLUcy0BIiYtQbf94FQ
&usg=AFQjCNHY0F8VVU1L1uGqlIaziYKSxw1Awg
&bvm=bv.48340889,d.YmsAs you can see, Google does so many obscure things in the background, why not lead you astray?

There have been some other vbulletin based forums that have had this problem. It's not impossible for it to happen at the server level as well as at the Google level so it's always worth checking these things.

When I have observed the redirection it has been when I'm using knoppix 7.0.5 and firefox.

I'll test occasionally with XP - so far, no redirection with XP and firefox

Let's try again with knoppix .... booting up...
- did a google search for knoppix and forum - hovered over link, observed said knoppix.net/forum - redirected to filestore72.info
- hit back button and clicked on link again
- this time ended up on knoppix forum as I should
- closed firefox
- opened firefox, searched, clicked and went to forum as it should
- shutdown and restart laptop with linux - search, click, on forum as I should
- might be once per day, will retest on a different day But first http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/426213-vbulletin-4-2-0-pl3-hacked-redirect-to-filestore72-info

The script only redirect in the first time the browser have cleaned cache and temps I'm not sure how to clear knoppix temp files, but I'll do firefox Interesting

- interesting edit / preferences in knoppix firefox, but tools / options in xp - sigh
- anyway, went to cnn.com, cleared recent history
- close browser
- opened firefox under knoppix 7.0.5, went to google, did the search for knoppix and forum, clicked on the link and redirected to filestore72.info like the post on the vbulletin said it would

- So redirection happens if first search of the day or if clear cache

- let's try clearing cache and clicking on a different website on the google search
- did search for knoppix forum and clicking on linuxforums.org instead
- browser went to linuxforums.org

- clearing cache - google search knoppix forums
- click on knoppix.net/forum - redirected to filestore72.info

Second try:
With "knoppix forum net" in the Google search line I've got

for the first hit

Forum - Knoppixand the URL given by Google for this site
http://www.google.de/url?sa=t
&rct=j
&q=
&esrc=s
&source=web
&cd=1
&cad=rja
&ved=0CC0QFjAA
&url=http%3A%2F%2Fknoppix.net%2Fforum%2F
&ei=OoDMUZPJD4GytAb-_ICICg
&usg=AFQjCNFlgOf9TUOBCIwIvqSfNvurjbSUog
&bvm=bv.48572450,d.Ymsleads me to
http://filestore72.info/download.php?id=a0cd929cfor the second hit
The Knoppix . net Forumsand the URL given by Google for this site
http://www.google.de/url?sa=t
&rct=j
&q=
&esrc=s
&source=web
&cd=2
&cad=rja
&ved=0CDgQFjAB
&url=http%3A%2F%2Fknoppix.net%2Fforum%2Fforums%2F3-The-Knoppix.net-Forums
&ei=OoDMUZPJD4GytAb-_ICICg
&usg=AFQjCNHuY84bYCFnCvYkMd10jQQI2FKVIA
&bvm=bv.48572450,d.Ymsleads me to
http://knoppix.net/forum/forums/3-The-Knoppix.net-Forums

XP Firefox fooled me - with XP, firefox 22 - cleared cache first and duplicated the redirect. Might mean knoppix is off the hook.

On knoppix 7.0.5 - opened iceweasel instead of firefox and duplicated the redirect with iceweasel to infostore.

Denver Dave, it appears there may be a problem at our end. It's tricky to sort out but I'll get on it as soon as I can. Thanks for letting us know.

Thanks for the update. Not a big deal, most people probably type in the direct url: http://knoppix.net/forums and that seems to work fine. I'll start doing this.

A little more data:

Replicated the redirect with:
XP / Chrome browser / Google search
XP / Firefox browser / Yahoo search

I've seen this happen many times - on machines running Windows as well as Knoppix itself. I always assumed it meant the server was overloaded at that particular moment, and that "firestore72.info" was the canonical name of the server that also serves knoppix.net. The workaround is to go back to the Google page and click the link again (although it would be nice if the firestore page did a proper job of explaining what happened).

I didn't pay the filestore72 much mind either, assuming I clicked on the wrong link or something for quite some time. However, since we can now duplicate it every time on multiple operating systems and browsers after clearing the cache, it now does not seem likely related to a server load issue.

Should be possible to track down since we can duplicate with consistency. A tougher find would be if it was intermittent.

There are about a thousand posts related to infostore72.info redirect vbulletin - sounds like we are in good company:
http://www.google.com/#sclient=psy-ab&q=filestore72.info+redirect+google+vbulletin

This is the result of malicious code that was injected into the knoppix.net server, exploiting some new vulnerability in vBulletin (and possibly also Apache). Possibly the best discussion of this problem, including suggestions on how to eliminate it, is at Vbulletin myfilestore hack - Find the traces and remove them (http://club.myce.com/f20/vbulletin-myfilestore-hack-find-traces-remove-them-332219/). It's very technical, but an experienced vBulletin administrator should find some useful info there.

And, just for the record, it happened to me again while I was looking up this info.

Can confirm this is still occurring, I've never got to this site before yesterday and I was redirected a few times.

I'm seeing it too. A search for "knoppix forum" seems to hit this site as the top hit, I can see the correct URL, but when I click on the Google link I end up at the evil site!

Yep, I just joined this forum. Knoppix forum sent me and email to activate my login. I clicked on the link; it took me to filestore72.

I think it's fixed.

If anyone has got this redirect since yesterday please drop me a PM or email (webmaster@). Thanks.