Has this site been hijacked?

Get answers about using the current release of MediaMonkey for Windows.

Moderator: Gurus

Coldblackice
Posts: 27
Joined: Mon Apr 15, 2013 7:58 am

Has this site been hijacked?

Post by Coldblackice » Sat Apr 20, 2013 4:46 am

I was just browsing a forum post on what I thought was the MM forums. When I clicked reply, I was taken to a login page. I was confused as to why my password wasn't remembered by the browser, but I went ahead and typed it in anyway. When I clicked log in, I saw my browser redirect to mediamonkey.com forums. I suddenly realized that I might have logged into a cached/hijacked version of the forums, and had my login data captured.

Is anyone familiar with this site:

http://4258.voxcdn.com

If not, I'm guessing it's a rogue/hijacked site for capturing login data. :/

guest

Re: Has this site been hijacked?

Post by guest » Sat Apr 20, 2013 5:34 am

Change your login password just to be safe, but make sure you are at mediamonkey.com site first before you login.

Coldblackice
Posts: 27
Joined: Mon Apr 15, 2013 7:58 am

Re: Has this site been hijacked?

Post by Coldblackice » Sat Apr 20, 2013 7:24 am

Is there any confirmation if this is a sanctioned, official CDN for MediaMonkey?

It looks like this fake-looking site has been in "mirrored" use alongside MM for quite some time; years, actually.

Scottes
Posts: 139
Joined: Sat Mar 21, 2009 6:51 am

Re: Has this site been hijacked?

Post by Scottes » Sat Apr 20, 2013 8:04 am

It looks like voxcdn.com is a Content Delivery network
http://en.wikipedia.org/wiki/Content_delivery_network
You might be familiar with Akimai. Same/similar thing.

McAfee Site Advisor says it's OK:
http://www.siteadvisor.com/sites/voxcdn.com/summary/
Trust that as you will. It's a decent indicator, but not something i would put absolute faith in because I'm paranoid.

guest wrote:Change your login password just to be safe, but make sure you are at mediamonkey.com site first before you login.
Absolutely do these things. voxcdn seems safe, but you should never, ever give one site's login info to another.
MonkeyMatch - Find and fix similar/incorrect spellings
MonkeyMatch Thread

Lowlander
Posts: 47567
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: Has this site been hijacked?

Post by Lowlander » Sat Apr 20, 2013 11:54 am

Yes, it's the CDN used by MediaMonkey.
Lowlander (MediaMonkey user since 2003)

Coldblackice
Posts: 27
Joined: Mon Apr 15, 2013 7:58 am

Re: Has this site been hijacked?

Post by Coldblackice » Sat Apr 20, 2013 11:04 pm

EDIT: I didn't see the above post before posting. Got it - thanks for the heads up!
-----------
Thanks for the info. Much obliged.

Unfortunately, CDN's are often used by hundreds, even thousands, of companies. And so in this case, while it could very well be MM's official CDN, the "4258" prefix could also be a rogue user's account with Vox, making it look like a CDN for MM.

Without any official word from MM, I'm inclined to lean more toward it being safe, given that it's apparently been static and in active use for many years now (as per Google search results). It would be unlikely for a rogue operation such as this to be continued on, unchecked, for such a long period of time.

Still, it would be prudent if MM could post some sort of official word on the issue, or give clarification. In this day and age, it's a very dangerous internet out there, and one must be ever vigilant at protecting any and all online accounts, passwords, and identities.

rusty
Posts: 7307
Joined: Tue Apr 29, 2003 3:39 am
Location: Montreal, Canada

Re: Has this site been hijacked?

Post by rusty » Sun Apr 21, 2013 9:56 pm

Voxel (now part of Internap) provides a cdn service (voxcdn), that Ventis uses to accelerate content on the MediaMonkey site.

Hope this is what you're looking for.

-Rusty

progcode
Posts: 33
Joined: Sat Feb 12, 2011 2:49 pm

Re: Has this site been hijacked?

Post by progcode » Sat Jun 01, 2013 5:52 pm

I just had the MM forum website ask me to log in and firefox prompted me if I wanted to save my password for "voxcdn.com". I decided to allow it to save, for the express purpose of going into my firefox saved passwords list to see the URL it was being saved for. I then deleted it from the list. It is the same voxcdn URL as above.

Please someone verify that this is not actually a hacking attempt after all. I backtracked how I got to that issue and discovered that a google search for "mediamonkey lost settings" generated a link to http://4258.voxcdn.com/forum/viewtopic.php?f=4&t=63711 which looks completely identical to mediamonkey.com. This is the website that I attempted to log into in order to post a reply.
Last edited by progcode on Sat Jun 01, 2013 6:02 pm, edited 1 time in total.

Lowlander
Posts: 47567
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: Has this site been hijacked?

Post by Lowlander » Sat Jun 01, 2013 9:10 pm

See response before you which indicates that voxcdn is CDN (Content Delivery Network) used by MediaMonkey to deliver the website.
Lowlander (MediaMonkey user since 2003)

progcode
Posts: 33
Joined: Sat Feb 12, 2011 2:49 pm

Re: Has this site been hijacked?

Post by progcode » Sat Jun 01, 2013 10:08 pm

I do realize that voxcdn provides a service for the mediamonkey forum. I read the thread. But mediamonkey is not their only client. Someone else could be running a spoof version of the website specifically for the purpose of getting people to provide their passwords. What I was specifically asking is in that specific URL, that comes up as a result of a google search, is a voxcdn URL and not a mediamonkey URL, but it looks exactly like mediamonkey's website.. except that the log in does not log you in. It seems weird enough that I figured I should make sure that this was nothing to be alarmed about. Clearly you are telling me not to be alarmed, but it isn't clear that you get why I would have been worried.

Lowlander
Posts: 47567
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: Has this site been hijacked?

Post by Lowlander » Sat Jun 01, 2013 10:14 pm

Just change the site in the url to mediamonkey.com if it worries you.
Lowlander (MediaMonkey user since 2003)

Post Reply