Page 1 of 2

Youmacon forum got HACKED!!!

Posted: Thu May 10, 2012 5:28 pm
by pcx
Who ever the webmaster is, watch out!! The main page of the Youmacon forum got hacked! It tries to load this frame, which goes to a virus site:
http://ifagxfzl.ibiz.cc/?go=2

DON'T CLICK ON THE LINK. I only posted it so the webmaster can see it and fix it! :ninja:

Re: Youmacon forum got HACKED!!!

Posted: Fri May 11, 2012 2:42 pm
by EdrickV
Text size on the Board Index page (with subsilver2 style) is messed up too. Though I don't seem to be getting that page redirect anymore. There is still some suspicious code at the very beginning of the HTML file for the board index page.

Re: Youmacon forum got HACKED!!!

Posted: Fri May 11, 2012 4:17 pm
by pcx
The original virus link got replaced. It's now
http://nfeqrhe.usa.cc/?go=2

Again, DON'T CLICK THE LINK!!!

I hope the people who handle the forum admin stuff read this!

Re: Youmacon forum got HACKED!!!

Posted: Fri May 11, 2012 4:48 pm
by Medieval
We read them, looks like its actually targeting certain user agent strings, so far chrome and and mobile browsers seem to be safe from this. At least from my own testing at least.

Re: Youmacon forum got HACKED!!!

Posted: Fri May 11, 2012 6:27 pm
by EdrickV
Well FireFox 12 at least was getting a delayed redirect to what I assume is a malicious page. It doesn't seem to be doing anything now. I found some info on it here:
http://sucuri.net/malware/malware-entry-mwiframeenc1603

Re: Youmacon forum got HACKED!!!

Posted: Fri May 11, 2012 11:58 pm
by pcx
I'm on Firefox right now too. And I noticed the virus link got changed again to another ibiz.cc URL, like the first one I posted.

I hope you can fix it, Medieval. Kinda makes me nervous to use the Youmacon site right now, since people feed it a lot of personal info when registering, like credit card numbers. I hope nothing bad has happened to anybody's data from this hack.

Re: Youmacon forum got HACKED!!!

Posted: Sat May 12, 2012 1:58 pm
by KellyLSB
pcx wrote:I'm on Firefox right now too. And I noticed the virus link got changed again to another ibiz.cc URL, like the first one I posted.

I hope you can fix it, Medieval. Kinda makes me nervous to use the Youmacon site right now, since people feed it a lot of personal info when registering, like credit card numbers. I hope nothing bad has happened to anybody's data from this hack.


Actually the two sites are completely different. In fact the servers powering them are in two different data centers. The forums are also on shared hosting, while the Website, and Pre-Registration is on a private server. This private server is monitored very carefully to maintain security. Every connection request or change to files on the server is logged, and anything that is changed that seems fishy will send a text message to me, and call me until I respond.

On our website, and pre-registration servers. We do not store any card information, or personal data other then what is elected to share in the Badge Redemption process, and even that information is salted and encrypted using Rijndael 256 before being stored. If you ever have a fear that there is unsecure content on the page while checking out please check the lock icon in your menu bar. If it is not there or says there is unsecure content on the page please send an email to webmaster@youmacon.com immediately and we will remedy the situation as soon as possible.

Re: Youmacon forum got HACKED!!!

Posted: Sun May 13, 2012 11:50 am
by EdrickV
The forum site is still hacked though, and that makes me nervous to visit it. I've seen how much of a problem malware like viruses, trojans, and rootkits can be.

Re: Youmacon forum got HACKED!!!

Posted: Sun May 13, 2012 7:55 pm
by pcx
Thanks for the reassurance, KellyLSB.

And that the virus link changed AGAIN, this time to a myfw.us URL. Sneaky lil bastard. I hope you guys can fix it!

Re: Youmacon forum got HACKED!!!

Posted: Mon May 14, 2012 10:25 pm
by pcx
I don't mean to be annoying, but is this gonna get fixed soon? Seems like the virus link is changing every time I come here (now it's a lowestprices.at URL) and I'm having trouble keeping up to report them all to you. I gotta wonder how many people who aren't well protected have gotten infected. :(

Re: Youmacon forum got HACKED!!!

Posted: Tue May 15, 2012 12:32 am
by OmegaGamer89
Im on firefox and havent had any trouble. You said it was the main page of the forums, right? I havent gotten redirected, and the font sizes and such seem normal, but I do see that really weird bit of code at the very beginning of the page when you view the page source code. Its mainly some really long string of numbers and script stuff.

Re: Youmacon forum got HACKED!!!

Posted: Tue May 15, 2012 4:04 pm
by pcx
OmegaGamer89 wrote:Im on firefox and havent had any trouble. You said it was the main page of the forums, right? I havent gotten redirected, and the font sizes and such seem normal, but I do see that really weird bit of code at the very beginning of the page when you view the page source code. Its mainly some really long string of numbers and script stuff.

Yes it's on the main page of the forums. I'm getting alerts that something bad is loading and sometimes my antivirus will appear and block it from working too, thank goodness. I don't know about the code stuff, but I think there's a way to see what's loading if you use something like Firebug.

Today, the virus link is still a lowestprices.at URL.

Re: Youmacon forum got HACKED!!!

Posted: Tue May 15, 2012 10:58 pm
by OmegaGamer89
Hmm... it seems to be gone. I just checked the page source just now, and that weird code appears to be gone. Is it still popping up for you?

Re: Youmacon forum got HACKED!!!

Posted: Wed May 16, 2012 2:04 pm
by EdrickV
It is still there, and with the subsilver style the text size is still messed up relative to the other pages. And MSSE popped up to remove something when I went there. I'm amazed it's been allowed to stick around this long and it does worry me what people may have been exposed to, since exploits like this (in my experience) are usually used to download more junk onto a computer.

Re: Youmacon forum got HACKED!!!

Posted: Wed May 16, 2012 11:42 pm
by pcx
It is still there. And worst of all, my antivirus is now BLOCKING
http://forums.youmacon.com/index.php?sid=a-lot-of-numbers-here

(that's the page that you get right after you log in). It's saying this site is a Web Attack: Mass Injection Attack!!! :shock:

That's right, I can't even access the forums any more now!! I'm only able to post because I found a web proxy and logged in through it. I hope the people running the proxy are honest and don't steal my password and make bad posts lol. :roll: This has become very bad.... :cry: