Jump to content
Forums Gone... but not forgotten!
  • Welcome to Forever Pontiac

    Welcome to Forever Pontiac, full of great ideas for Pontiac performance, maintenance, or for peer-to-peer assistance from Professional and DIY mechanics. Also, compete in our Pontiac monthly competitions. Please register if you'd like to take part.

Ringo64

Back up

Recommended Posts

Sorry about that guys. We were unfortunately hacked last night and I am still recovering us from the fall out. No user's personal information was accessed during this breach in our file system. Right now, the main forums are up and I will update this topic as other items come back online.



Items online:


- Forums


- Gallery


- Chat


- Calendar


- Overall Core System


- Garage This OR That


- Garage


- Shoutbox


- Point System


- Subscriptions


- General Contact Form



Everything at this point in time is working, please let us know if you have any issues!



Thanks for your patience!


Share this post


Link to post
Share on other sites

Tired of these Ads? Register Today!

seriously?


Share this post


Link to post
Share on other sites

seriously?

I mean.. I could just blame it on you if you like? :lol:

Share this post


Link to post
Share on other sites

well...you can. but dont forget my accomplice (did i spell it correctly?).


Share this post


Link to post
Share on other sites

So for us IT geeks out here, what was the nature of the hack/breach? I assume that we have a third-party commercial server/administrator that provides the website home site/space/middleware/etc. So I am going to assume that more than just FP were breached by this.



Since I spent a lot of time in computer operations (nearly 30 years), here are some hard questions I recommend you ask of our service/security providers are:



1. What is the nature of the breach/hack?


2. What was the root cause that allowed them to get in the first place? Why did it occur in the first place?


3. What information was accessed during the breach?


4. Who's information is at risk and what are you (the service provider) going to do about it?


5. What is the permanent corrective action to fix this exploit and prevent it from happening again?


6. What process changes are going to made to prevent future exploits (like this) from ever occurring again ? (timely patching, training, better security software, firewalls, etc.)



Ringo - I'd be happy to consult with you on this, based on the responses you get. This smells like a lack of due diligence on our service provider's part in one or more areas. Its time to be a hard ass on these guys because this is a very serious matter. You and they have to take this extremely seriously and they have to take serious corrective actions both short term and long term.


Share this post


Link to post
Share on other sites

Thanks, Frosty. As you said this is a very serious matter and we are ensuring everything in our, our host's and our software vendor's power are going to be taken care of or we are going to be moving.



As I said, no personal information was accessed. I can ensure this already (not that we are storing tons of sensitive data but even hashed passwords and email addresses I consider personal information). Our file server was the only thing that was breached, which for those not familiar, do not house your data :) I do not like to discuss the nature of the exploit in public but if anyone is concerned I can certainly put your mind to rest.



With our host, we have made a lot of preventative measures, with the help of all of vendors, we will continue to make sure we are not vulnerable to any further attacks. Something I do want to say is that our software vendor (Invision Power Services) and our host has been great through this whole endeavor. IPS has been searching to make sure it was not a security exploit in their code and our host is making ample suggestions and implementing everything we are asking. Overall this is not the worst thing that has happened (could have been a lot worse) but it has certainly opened our eyes.


Share this post


Link to post
Share on other sites

Dude, when I logged on, I mildly freaked out and bailed ASAP, worried I would get hit....thank God for LifeLock. Sucks though, I am glad we are up and running.


Share this post


Link to post
Share on other sites

are PMs part of that breached file system? cuz there may have been some sensitive info there.


Share this post


Link to post
Share on other sites

are PMs part of that breached file system? cuz there may have been some sensitive info there.

Nope, everything data wise, from posts to PMs to user information is stored in the database. That was untouched.

Share this post


Link to post
Share on other sites

This is only the beginning...



skynet.jpg


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Tired of these Ads? Purchase Enhanced Membership today to remove them!
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.