Youmacon forum got HACKED!!!

Moderator: Public Moderators

User avatar
pcx
Posts: 52
Joined: Wed Mar 14, 2012 7:25 pm
First Anime: Some Sci-Fi channel thing, I forget lol

Youmacon forum got HACKED!!!

Postby pcx » Thu May 10, 2012 5:28 pm

Who ever the webmaster is, watch out!! The main page of the Youmacon forum got hacked! It tries to load this frame, which goes to a virus site:
http://ifagxfzl.ibiz.cc/?go=2

DON'T CLICK ON THE LINK. I only posted it so the webmaster can see it and fix it! :ninja:

User avatar
EdrickV
Posts: 1518
Joined: Sun Feb 07, 2010 10:18 pm
First Anime: Robotech
Location: Wixom, Mi
Contact:

Re: Youmacon forum got HACKED!!!

Postby EdrickV » Fri May 11, 2012 2:42 pm

Text size on the Board Index page (with subsilver2 style) is messed up too. Though I don't seem to be getting that page redirect anymore. There is still some suspicious code at the very beginning of the HTML file for the board index page.
Youmacon 2012 Pictures: viewtopic.php?p=266173#p266173
Youmacon 2012 Costumes:
FF1 Red Mage, Pokemon Scientist Trainer from B/W
Pictures include Pokemon, Final Fantasy, CLAMP, photoshoots and Misc. pics

User avatar
pcx
Posts: 52
Joined: Wed Mar 14, 2012 7:25 pm
First Anime: Some Sci-Fi channel thing, I forget lol

Re: Youmacon forum got HACKED!!!

Postby pcx » Fri May 11, 2012 4:17 pm

The original virus link got replaced. It's now
http://nfeqrhe.usa.cc/?go=2

Again, DON'T CLICK THE LINK!!!

I hope the people who handle the forum admin stuff read this!

User avatar
Medieval
Technical Staff
Posts: 426
Joined: Wed Apr 27, 2005 3:46 pm
First Anime: Star Blazers
Location: Detroit, MI

Re: Youmacon forum got HACKED!!!

Postby Medieval » Fri May 11, 2012 4:48 pm

We read them, looks like its actually targeting certain user agent strings, so far chrome and and mobile browsers seem to be safe from this. At least from my own testing at least.
This is my normal voice.
This is my mod voice
Please, please, don't make me use the mod voice.

User avatar
EdrickV
Posts: 1518
Joined: Sun Feb 07, 2010 10:18 pm
First Anime: Robotech
Location: Wixom, Mi
Contact:

Re: Youmacon forum got HACKED!!!

Postby EdrickV » Fri May 11, 2012 6:27 pm

Well FireFox 12 at least was getting a delayed redirect to what I assume is a malicious page. It doesn't seem to be doing anything now. I found some info on it here:
http://sucuri.net/malware/malware-entry-mwiframeenc1603
Youmacon 2012 Pictures: viewtopic.php?p=266173#p266173
Youmacon 2012 Costumes:
FF1 Red Mage, Pokemon Scientist Trainer from B/W
Pictures include Pokemon, Final Fantasy, CLAMP, photoshoots and Misc. pics

User avatar
pcx
Posts: 52
Joined: Wed Mar 14, 2012 7:25 pm
First Anime: Some Sci-Fi channel thing, I forget lol

Re: Youmacon forum got HACKED!!!

Postby pcx » Fri May 11, 2012 11:58 pm

I'm on Firefox right now too. And I noticed the virus link got changed again to another ibiz.cc URL, like the first one I posted.

I hope you can fix it, Medieval. Kinda makes me nervous to use the Youmacon site right now, since people feed it a lot of personal info when registering, like credit card numbers. I hope nothing bad has happened to anybody's data from this hack.

User avatar
KellyLSB
Webmaster
Posts: 139
Joined: Mon Aug 24, 2009 10:39 pm
First Anime: KashiMashi
Location: San Francisco, CA
Contact:

Re: Youmacon forum got HACKED!!!

Postby KellyLSB » Sat May 12, 2012 1:58 pm

pcx wrote:I'm on Firefox right now too. And I noticed the virus link got changed again to another ibiz.cc URL, like the first one I posted.

I hope you can fix it, Medieval. Kinda makes me nervous to use the Youmacon site right now, since people feed it a lot of personal info when registering, like credit card numbers. I hope nothing bad has happened to anybody's data from this hack.


Actually the two sites are completely different. In fact the servers powering them are in two different data centers. The forums are also on shared hosting, while the Website, and Pre-Registration is on a private server. This private server is monitored very carefully to maintain security. Every connection request or change to files on the server is logged, and anything that is changed that seems fishy will send a text message to me, and call me until I respond.

On our website, and pre-registration servers. We do not store any card information, or personal data other then what is elected to share in the Badge Redemption process, and even that information is salted and encrypted using Rijndael 256 before being stored. If you ever have a fear that there is unsecure content on the page while checking out please check the lock icon in your menu bar. If it is not there or says there is unsecure content on the page please send an email to webmaster@youmacon.com immediately and we will remedy the situation as soon as possible.
Image
Youmacon 2013 Webmaster & Registration Engineer
http://kellybecker.me | webmaster@youmacon.com

User avatar
EdrickV
Posts: 1518
Joined: Sun Feb 07, 2010 10:18 pm
First Anime: Robotech
Location: Wixom, Mi
Contact:

Re: Youmacon forum got HACKED!!!

Postby EdrickV » Sun May 13, 2012 11:50 am

The forum site is still hacked though, and that makes me nervous to visit it. I've seen how much of a problem malware like viruses, trojans, and rootkits can be.
Youmacon 2012 Pictures: viewtopic.php?p=266173#p266173
Youmacon 2012 Costumes:
FF1 Red Mage, Pokemon Scientist Trainer from B/W
Pictures include Pokemon, Final Fantasy, CLAMP, photoshoots and Misc. pics

User avatar
pcx
Posts: 52
Joined: Wed Mar 14, 2012 7:25 pm
First Anime: Some Sci-Fi channel thing, I forget lol

Re: Youmacon forum got HACKED!!!

Postby pcx » Sun May 13, 2012 7:55 pm

Thanks for the reassurance, KellyLSB.

And that the virus link changed AGAIN, this time to a myfw.us URL. Sneaky lil bastard. I hope you guys can fix it!

User avatar
pcx
Posts: 52
Joined: Wed Mar 14, 2012 7:25 pm
First Anime: Some Sci-Fi channel thing, I forget lol

Re: Youmacon forum got HACKED!!!

Postby pcx » Mon May 14, 2012 10:25 pm

I don't mean to be annoying, but is this gonna get fixed soon? Seems like the virus link is changing every time I come here (now it's a lowestprices.at URL) and I'm having trouble keeping up to report them all to you. I gotta wonder how many people who aren't well protected have gotten infected. :(

User avatar
OmegaGamer89
Posts: 130
Joined: Mon Jul 12, 2010 1:28 am
First Anime: DRAGONBALL Z!
Location: Pittsburgh, PA
Contact:

Re: Youmacon forum got HACKED!!!

Postby OmegaGamer89 » Tue May 15, 2012 12:32 am

Im on firefox and havent had any trouble. You said it was the main page of the forums, right? I havent gotten redirected, and the font sizes and such seem normal, but I do see that really weird bit of code at the very beginning of the page when you view the page source code. Its mainly some really long string of numbers and script stuff.
Planned Cosplays:
Colossalcon '12: The 9th Doctor(100%), Vegeta(100%), Sora(brave form, 70%)
Youma '12: The 9th Doctor(100%), Vegeta(100%), Ganondorf(5%)

User avatar
pcx
Posts: 52
Joined: Wed Mar 14, 2012 7:25 pm
First Anime: Some Sci-Fi channel thing, I forget lol

Re: Youmacon forum got HACKED!!!

Postby pcx » Tue May 15, 2012 4:04 pm

OmegaGamer89 wrote:Im on firefox and havent had any trouble. You said it was the main page of the forums, right? I havent gotten redirected, and the font sizes and such seem normal, but I do see that really weird bit of code at the very beginning of the page when you view the page source code. Its mainly some really long string of numbers and script stuff.

Yes it's on the main page of the forums. I'm getting alerts that something bad is loading and sometimes my antivirus will appear and block it from working too, thank goodness. I don't know about the code stuff, but I think there's a way to see what's loading if you use something like Firebug.

Today, the virus link is still a lowestprices.at URL.

User avatar
OmegaGamer89
Posts: 130
Joined: Mon Jul 12, 2010 1:28 am
First Anime: DRAGONBALL Z!
Location: Pittsburgh, PA
Contact:

Re: Youmacon forum got HACKED!!!

Postby OmegaGamer89 » Tue May 15, 2012 10:58 pm

Hmm... it seems to be gone. I just checked the page source just now, and that weird code appears to be gone. Is it still popping up for you?
Planned Cosplays:
Colossalcon '12: The 9th Doctor(100%), Vegeta(100%), Sora(brave form, 70%)
Youma '12: The 9th Doctor(100%), Vegeta(100%), Ganondorf(5%)

User avatar
EdrickV
Posts: 1518
Joined: Sun Feb 07, 2010 10:18 pm
First Anime: Robotech
Location: Wixom, Mi
Contact:

Re: Youmacon forum got HACKED!!!

Postby EdrickV » Wed May 16, 2012 2:04 pm

It is still there, and with the subsilver style the text size is still messed up relative to the other pages. And MSSE popped up to remove something when I went there. I'm amazed it's been allowed to stick around this long and it does worry me what people may have been exposed to, since exploits like this (in my experience) are usually used to download more junk onto a computer.
Youmacon 2012 Pictures: viewtopic.php?p=266173#p266173
Youmacon 2012 Costumes:
FF1 Red Mage, Pokemon Scientist Trainer from B/W
Pictures include Pokemon, Final Fantasy, CLAMP, photoshoots and Misc. pics

User avatar
pcx
Posts: 52
Joined: Wed Mar 14, 2012 7:25 pm
First Anime: Some Sci-Fi channel thing, I forget lol

Re: Youmacon forum got HACKED!!!

Postby pcx » Wed May 16, 2012 11:42 pm

It is still there. And worst of all, my antivirus is now BLOCKING
http://forums.youmacon.com/index.php?sid=a-lot-of-numbers-here

(that's the page that you get right after you log in). It's saying this site is a Web Attack: Mass Injection Attack!!! :shock:

That's right, I can't even access the forums any more now!! I'm only able to post because I found a web proxy and logged in through it. I hope the people running the proxy are honest and don't steal my password and make bad posts lol. :roll: This has become very bad.... :cry:


Return to “Web Site”

Who is online

Users browsing this forum: No registered users and 2 guests