Need an IP Address Whitelisted for Access to FTH Site

Understood, Brian. Again, I have no idea how or why this could have happened. May we get this IP address unblocked, please?

Tony, I am the system code maintainer.  I am posting this in support of Brian's position.

There is a fundamental issue here wherein you seem to think that is is our responsibility to get this resolved.  It is *not*, and your insistence that Brian remove the block on our end without your club taking any responsibility for the attack on our server and taking action on your end is frankly unacceptable.    

The FTH database contains the personal information for hundreds of thousands of Toastmasters club members from thousands of clubs.  We take anything resembling an attack on our server very seriously.   

Someone in your club or organization has broken our trust.  You need to take action on your end to prove to us that we can trust your club members and organization.

I realize you might be uncertain as to what to do on your end, so here are some thoughts...  Your organization's IT department may have logs for their servers that log outbound http requests to an external server (e.g. our server's IP address).  You may want to talk to your IT department to determine if they can figure out who initiated the Wordpress related http request to our server and then take appropriate action.   You should also have a conversation with your club members to tell them to please do not try to trick or force our system to do something it is not designed for.

I certainly cannot speak for what Brian may or may not do as a result of actions on your end, but I want to emphasize again that the onus is on your club to prove to us that your members can be trusted with the system since our trust has been broken now. 

Our *free* system is built with open source code using volunteer labor on a single donated server with a single database.  For all of this to work and be beneficial to all users, we absolutely cannot and will not tolerate anything resembling bad behavior.    

I can assure you no one from Toast of Roswell would try to hack FTH. I'm doing everything I can to investigate the issue, including surveying each of our members and working with our IT department.
 
We take this accusation extremely seriously and are devastated it is linked to our institution. Nevertheless, I have merely asked for solutions in my exchanges on this forum. As a longtime paying member and someone who recently spearheaded getting our club to Presidential Distinguished status, I do not appreciate the insinuation that we are not taking responsibility or are insisting on changes. Honestly, none of us are technologically adept, and we're dumbfounded. I understand your concern, as this is a serious, serious issue. But we would also appreciate a little professionalism and understanding from you, too. We reached out seeking help and answers, not blame.
 
Perhaps it would be better if we spoke via phone. I welcome and encourage you to call me at 716-982-2088 (cell). Sometimes text can be misconstrued.
 
Bottom line: I don't know what happened. None of our members would do this, and we're not capable of doing this. Only a handful of trusted people have access to make any settings changes. We really want to get this resolved because most members work on campus and sign up for meetings via on-campus computers. We also had hoped to modernize the site (it has been sorely outdated for content since 2016; we've only been using it for meeting role signups) and make it something that truly showcases Toast of Roswell to both our organization and local community. We haven't been publicizing the URL because of these facts.
 
Again, I have NO idea what happened and am profusely sorry this is somehow associated with us. Instead of blame and accusations, let's please work together to investigate and resolve this issue.
 
Sincerely,
Tony Astran, DL
Immediate Past President, Toast of Roswell (District 65)
716-982-2088
anthony.astran@roswellpark.org

Please note: I have changed administrator settings to my e-mail and updated our password. It's one of many precautions we're now taking.
 
Related, if this block is for 30 days, we understand. It's a serious charge and we'll navigate around the block in the interim. Meanwhile, we continue to investigate on our end what may have happened. We're again dumbfounded by what has transpired.

I have removed the block for now. If the IP is blocked again you will have to wait the entire 30 days.

Many, many thanks. It goes without saying we will be monitoring the site and usage like a hawk. God forbid anything further happens, please feel free to e-mail and/or call me immediately (anthony.astran@roswellpark.org, 716-982-2088). We'll immediately escalate to our IT Department for a deep investigation. What a strange and scary experience. Again, thank you.