[Dshield] Hosting Provider Refuses to Share Server Logs - How to Proceed?

Chris Brenton cbrenton at chrisbrenton.org
Tue Aug 2 13:19:46 GMT 2005


On Sun, 2005-07-31 at 15:18, GeeEm wrote:
>
> but they (the hosting company) have been unwilling to release any
> information pertaining to the intrusion/phishing site to us (their
> clients).  They refuse to let us view the logs of the attack, or even
> tell us how the attack began in the first place.  We still do not know
> how the attacker gained access to our site in the first place (which was
> hosted on a shared server

I think this one is a no brainer. Your hosting company missed a common
patch and the attacker used to this gain access to the system. They do
not want to show you the logs because you may figure out it was their
fault.

> What makes this
> situation even more stressful is the hosting company's attitude toward
> the whole affair -- they claim that since the intrusion/phishing
> occurred on our webspace, we are to blame,

If they can show the intrusion happened due to an insecure script you
placed on the system, then they are right. At this point however, it
really sounds like they screwed up and they are just trying to cover
themselves. My guess is they have no clue how the attacker got in so
they are just throwing stones.

> Does anyone have any
> suggestions as to what our rights are (if any exist), or any suggestions
> as to a course of action or resources to check into?

Check your TOS again. I'm guessing if they shut you down then any
contract you have with them is now null and void. With this in mind, go
find another hosting company. This will be *a lot* easier than dealing
with a clueless hosting provider.

Do you have a backup of your site?

HTH,
Chris




More information about the list mailing list