Not a server side issue?

In a post the other day, I discussed issues around responsibility when sites are compromised. The case I described involved a financial services company, with a reasonably active web site (500 or so visitors per day), whose site became compromised with a malicious JavaScript script (Mal/ObfJS-C).

Some 72 hours or so after informing the hosting provider, the site was cleaned up, and the script removed. Whether the cause of the problem (how the site/server was compromised) was identified and the hole plugged is not known. Perhaps more concerning is the message that was sent to the client. Even with an expectation of continued poor support, the message quite frankly astounded me!


So, there we have it – buck passed. Time to move to a new provider…