[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: policies on compromised sites

On 24/03/08 19:47, Dan MacNeil wrote:
I'm curious as to how other people handle customers running cracked sites.
<snip>
One of our customers has a compromised Joomla install. It was compromised to the extent that it was exploiting IE and winsoze holes to do drive-by trojan downloads.

<snip>I've moved the installation out of their webspace. I've told them I'll be happy to send specific templates, style sheets and config files to them.. Alternatively, I'm willing to change the DNS and give them all the files so they can start hosting with somebody else.

This seems a fair and responsible action on your part to me.

They want access to the original installation in a .htaccess protected directory so their "security expert" can find and fix problems.

Their expert is not the original installer of software. He is a guy who works for a company that has developed some popular joomla modules.

There without exaggeration more than 11,000 php files to review. I am doubtful that this can be done.

Am I a power mad rules ninny or a stalwart defender of the internet here ?

I think their request is reasonable, and they should be allowed the opportunity to rectify the issue by whatever means they choose - whether or not their proposed method of solving it is practical or not is not your responsibility.  I would say that, provided you specify that you will not allow public access to their site until you have confirmed that the changes they have made have resolved the vulnerability, you have done your part and the ball is in their court.

Gavin

--

Gavin Westwood
Solutium

http://www.solutium.net - Going the extra mile to provide a fast, helpful, reliable Web Hosting service.

Reply to: