policies on compromised sites
I'm curious as to how other people handle customers running
Our Terms and Conditions are pretty much:
"We can cut you off at any time for any reason"
Our current policy is pretty much,
1) We'll be absolutely sure there is a problem
2) If it isn't too ugly, 1-2 days to fix
3) The site goes offline.
One of our customers has a compromised Joomla install. It was
compromised to the extent that it was exploiting IE and winsoze
holes to do drive-by trojan downloads.
From the CVE record, it is a version that is trivially
exploitable. I've moved the installation out of their webspace.
I've told them I'll be happy to send specific templates, style
sheets and config files to them.. Alternatively, I'm willing to
change the DNS and give them all the files so they can start
hosting with somebody else.
They want access to the original installation in a .htaccess
protected directory so their "security expert" can find and fix
Their expert is not the original installer of software. He is a
guy who works for a company that has developed some popular
There without exaggeration more than 11,000 php files to review.
I am doubtful that this can be done.
Am I a power mad rules ninny or a stalwart defender of the
internet here ?