[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

policies on compromised sites

I'm curious as to how other people handle customers running cracked sites.

Our Terms and Conditions are pretty much:

  "We can cut you off at any time for any reason"

Our current policy is pretty much,

  1) We'll be absolutely sure there is a problem
  2) If it isn't too ugly, 1-2 days to fix
  3) The site goes offline.

One of our customers has a compromised Joomla install. It was compromised to the extent that it was exploiting IE and winsoze holes to do drive-by trojan downloads.

From the CVE record, it is a version that is trivially exploitable. I've moved the installation out of their webspace. I've told them I'll be happy to send specific templates, style sheets and config files to them.. Alternatively, I'm willing to change the DNS and give them all the files so they can start hosting with somebody else.

They want access to the original installation in a .htaccess protected directory so their "security expert" can find and fix problems.

Their expert is not the original installer of software. He is a guy who works for a company that has developed some popular joomla modules.

There without exaggeration more than 11,000 php files to review. I am doubtful that this can be done.

Am I a power mad rules ninny or a stalwart defender of the internet here ?

Reply to: