Jump to content
Forums Gone... but not forgotten!
Pontiac of the Month

Frosty's 1986 Trans Am

2022 October
of the Month

  • Welcome!

    Welcome to Forever Pontiac, where we keep the memory of Pontiac alive with great discussion, maintenance tips, restoration/modification progression "blogs" and help from professional & DIY mechanics. Also, wonderful competitions that occur regularly. Please register for an absolutely free account to join in!

Back up


Recommended Posts

  • Founders

Sorry about that guys. We were unfortunately hacked last night and I am still recovering us from the fall out. No user's personal information was accessed during this breach in our file system. Right now, the main forums are up and I will update this topic as other items come back online.

Items online:

- Forums

- Gallery

- Chat

- Calendar

- Overall Core System

- Garage This OR That

- Garage

- Shoutbox

- Point System

- Subscriptions

- General Contact Form

Everything at this point in time is working, please let us know if you have any issues!

Thanks for your patience!

Link to comment
Share on other sites

So for us IT geeks out here, what was the nature of the hack/breach? I assume that we have a third-party commercial server/administrator that provides the website home site/space/middleware/etc. So I am going to assume that more than just FP were breached by this.

Since I spent a lot of time in computer operations (nearly 30 years), here are some hard questions I recommend you ask of our service/security providers are:

1. What is the nature of the breach/hack?

2. What was the root cause that allowed them to get in the first place? Why did it occur in the first place?

3. What information was accessed during the breach?

4. Who's information is at risk and what are you (the service provider) going to do about it?

5. What is the permanent corrective action to fix this exploit and prevent it from happening again?

6. What process changes are going to made to prevent future exploits (like this) from ever occurring again ? (timely patching, training, better security software, firewalls, etc.)

Ringo - I'd be happy to consult with you on this, based on the responses you get. This smells like a lack of due diligence on our service provider's part in one or more areas. Its time to be a hard ass on these guys because this is a very serious matter. You and they have to take this extremely seriously and they have to take serious corrective actions both short term and long term.

Link to comment
Share on other sites

  • Founders

Thanks, Frosty. As you said this is a very serious matter and we are ensuring everything in our, our host's and our software vendor's power are going to be taken care of or we are going to be moving.

As I said, no personal information was accessed. I can ensure this already (not that we are storing tons of sensitive data but even hashed passwords and email addresses I consider personal information). Our file server was the only thing that was breached, which for those not familiar, do not house your data :) I do not like to discuss the nature of the exploit in public but if anyone is concerned I can certainly put your mind to rest.

With our host, we have made a lot of preventative measures, with the help of all of vendors, we will continue to make sure we are not vulnerable to any further attacks. Something I do want to say is that our software vendor (Invision Power Services) and our host has been great through this whole endeavor. IPS has been searching to make sure it was not a security exploit in their code and our host is making ample suggestions and implementing everything we are asking. Overall this is not the worst thing that has happened (could have been a lot worse) but it has certainly opened our eyes.

Link to comment
Share on other sites

  • Founders

are PMs part of that breached file system? cuz there may have been some sensitive info there.

Nope, everything data wise, from posts to PMs to user information is stored in the database. That was untouched.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Tired of these Ads? Purchase Enhanced Membership today to remove them!
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.