policies on compromised sites

To: debian debian-isp <debian-isp@lists.debian.org>
Subject: policies on compromised sites
From: Dan MacNeil <dan@thecsl.org>
Date: Mon, 24 Mar 2008 15:47:01 -0400
Message-id: <47E80535.2080502@thecsl.org>

I'm curious as to how other people handle customers runningcracked sites.


Our Terms and Conditions are pretty much:

  "We can cut you off at any time for any reason"

Our current policy is pretty much,

  1) We'll be absolutely sure there is a problem
  2) If it isn't too ugly, 1-2 days to fix
  3) The site goes offline.

One of our customers has a compromised Joomla install. It wascompromised to the extent that it was exploiting IE and winsozeholes to do drive-by trojan downloads.

From the CVE record, it is a version that is triviallyexploitable. I've moved the installation out of their webspace.I've told them I'll be happy to send specific templates, stylesheets and config files to them.. Alternatively, I'm willing tochange the DNS and give them all the files so they can starthosting with somebody else.

They want access to the original installation in a .htaccessprotected directory so their "security expert" can find and fixproblems.

Their expert is not the original installer of software. He is aguy who works for a company that has developed some popularjoomla modules.

There without exaggeration more than 11,000 php files to review.I am doubtful that this can be done.

Am I a power mad rules ninny or a stalwart defender of theinternet here ?

Reply to:

Follow-Ups:
- Re: policies on compromised sites
  - From: Andy Smith <andy@lug.org.uk>
- Re: policies on compromised sites
  - From: Mike Bird <mgb@yosemite.net>
- Re: policies on compromised sites
  - From: Gavin Westwood <debian-isp@solutium.co.uk>

Prev by Date: [OT] US hosting for dedicated Debian servers?
Next by Date: Re: policies on compromised sites
Previous by thread: [OT] US hosting for dedicated Debian servers?
Next by thread: Re: policies on compromised sites
Index(es):
- Date
- Thread