Not a server side issue?

Filed Under: SophosLabs

In a post the other day, I discussed issues around responsibility when sites are compromised. The case I described involved a financial services company, with a reasonably active web site (500 or so visitors per day), whose site became compromised with a malicious JavaScript script (Mal/ObfJS-C).

Some 72 hours or so after informing the hosting provider, the site was cleaned up, and the script removed. Whether the cause of the problem (how the site/server was compromised) was identified and the hole plugged is not known. Perhaps more concerning is the message that was sent to the client. Even with an expectation of continued poor support, the message quite frankly astounded me!

ast

So, there we have it - buck passed. Time to move to a new provider...

You might like

About the author

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.