Back up

[Ringo64]

Sorry about that guys. We were unfortunately hacked last night and I am still recovering us from the fall out. No user's personal information was accessed during this breach in our file system. Right now, the main forums are up and I will update this topic as other items come back online.

Items online:

- Forums

- Gallery

- Chat

- Calendar

- Overall Core System

- Garage This OR That

- Garage

- Shoutbox

- Point System

- Subscriptions

- General Contact Form

Everything at this point in time is working, please let us know if you have any issues!

Thanks for your patience!

[Ghost]

seriously?

[Ringo64]

seriously?

I mean.. I could just blame it on you if you like?

[Ghost]

well...you can. but dont forget my accomplice (did i spell it correctly?).

[Frosty]

So for us IT geeks out here, what was the nature of the hack/breach? I assume that we have a third-party commercial server/administrator that provides the website home site/space/middleware/etc. So I am going to assume that more than just FP were breached by this.

Since I spent a lot of time in computer operations (nearly 30 years), here are some hard questions I recommend you ask of our service/security providers are:

1. What is the nature of the breach/hack?

2. What was the root cause that allowed them to get in the first place? Why did it occur in the first place?

3. What information was accessed during the breach?

4. Who's information is at risk and what are you (the service provider) going to do about it?

5. What is the permanent corrective action to fix this exploit and prevent it from happening again?

6. What process changes are going to made to prevent future exploits (like this) from ever occurring again ? (timely patching, training, better security software, firewalls, etc.)

Ringo - I'd be happy to consult with you on this, based on the responses you get. This smells like a lack of due diligence on our service provider's part in one or more areas. Its time to be a hard ass on these guys because this is a very serious matter. You and they have to take this extremely seriously and they have to take serious corrective actions both short term and long term.

[Ringo64]

Thanks, Frosty. As you said this is a very serious matter and we are ensuring everything in our, our host's and our software vendor's power are going to be taken care of or we are going to be moving.

As I said, no personal information was accessed. I can ensure this already (not that we are storing tons of sensitive data but even hashed passwords and email addresses I consider personal information). Our file server was the only thing that was breached, which for those not familiar, do not house your data I do not like to discuss the nature of the exploit in public but if anyone is concerned I can certainly put your mind to rest.

With our host, we have made a lot of preventative measures, with the help of all of vendors, we will continue to make sure we are not vulnerable to any further attacks. Something I do want to say is that our software vendor (Invision Power Services) and our host has been great through this whole endeavor. IPS has been searching to make sure it was not a security exploit in their code and our host is making ample suggestions and implementing everything we are asking. Overall this is not the worst thing that has happened (could have been a lot worse) but it has certainly opened our eyes.

[Killiger2009]

Dude, when I logged on, I mildly freaked out and bailed ASAP, worried I would get hit....thank God for LifeLock. Sucks though, I am glad we are up and running.

[Ghost]

are PMs part of that breached file system? cuz there may have been some sensitive info there.

[Ringo64]

are PMs part of that breached file system? cuz there may have been some sensitive info there.

Nope, everything data wise, from posts to PMs to user information is stored in the database. That was untouched.

[havoc1482]

This is only the beginning...