Not Win Posted July 26 Posted July 26 What happened? I assume the site is IPB. Are we at risk? It would be good to have information.
Solution Randy Calvert Posted July 26 Solution Posted July 26 So... let's pause here for a moment to consider a few things: This does not appear to be an IPS problem. It appears to be the problem of a specific 3rd party resource provider. This does not appear to be impacting a large swath of IPS customers, so this would seem to suggest this was not an exploit in the IPS software itself. The domain does NOT appear to be hosted by IPS cloud. It's pointed to Hivelocity. If the domain is supposed to be hosted by IPS, that means the DNS for the domain was hijacked. (Not an IPS issue.) The domain is not using IPS' name servers... they're using the default Namecheap registrar name servers. (This leads me to believe the site is self-hosted) If the domain is supposed to be self-hosted, it looks like the self-hosted web hosting account or their server/VPS, is hijacked or that the compromise happened by some other means (either weak 3rd party resources, other non-IPS software running on the site, etc.) No one except the site owner (the 3rd party resource author) can say exactly what happened with their site and if any data was compromised. By default, things like credit card and password information is encrypted by the IPB software. You might want to reach out to that provider directly for assistance as IPS itself cannot do anything in this case. Not Win and mountaininteractive 2
Chris Anderson Posted July 26 Posted July 26 IPS should remove the website address from the provider directory until such time as the issue is corrected. Not Win 1
mountaininteractive Posted July 26 Posted July 26 Yikes, def not a IPS software issue, IPS has some very good security updates. Not Win 1
Marc Posted July 26 Posted July 26 This has indeed been hidden in the directory until they have the issue resolved. Any other questions would need to be directed to the site owner Not Win 1
Recommended Posts