[Dshield] Hosting Provider Refuses to Share Server Logs - How to Proceed?

David Cary Hart DShield at TQMcube.com
Tue Aug 2 13:49:50 GMT 2005

On Sun, 2005-07-31 at 12:18 -0700, GeeEm wrote:

> I've never dealt with an intrusion before, but I am the tech for the
> website. I've been doing research on suggested company policy for
> phishing attacks (using the SANS Reading Room, and CERT.org), and
> gathering information on forensic practices pertaining to this type
> intrusion, but nothing I have read yet really covers this. I have gone
> over the TOS we agreed to with our hosting provider, and this
> eventuality does not seem to be covered by it. Does anyone have any
> suggestions as to what our rights are (if any exist), or any suggestions
> as to a course of action or resources to check into? Our main concern is
> less on how it happened, and more proving the intrusion was not caused
> by us (and hopefully limiting our liability in this situation). Mainly,
> we want to see the raw logs (if they even exist), and any other
> information pertaining to the phishing attack.  In any case, US law
> should apply, as well as any Connecticut or California State Laws (the
> hosting providers are in CT, we are in CA). If further clarification is
> needed please either post to the list or reply to me privately. Thanks
> in advance, any suggestions are greatly appreciated.

Don't screw around with this yourself. This could have broad reaching
consequences. There are two issues; civil and criminal.

The civil matter is dependent upon the contract that you entered into
with the hosting company. Even if there is no signed agreement, once you
use the site, you are in constructive acceptance of the published terms
and conditions.

What does the contract specify regarding log production? Providing
separate logs for multiple domains on the same server is extremely

In my opinion, you could have some criminal exposure and (if negligent)
civil liability associated with a criminal act. I would STRONGLY
recommend that you contact your attorney IMMEDIATELY and have him or her
contact law enforcement.

Tired of spam? Do YOUR part: http://www.BoulderPledge.org
Our DNSRBL - Eliminate Spam: http://www.TQMcube.com/spam_trap.htm
              RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
            Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm

More information about the list mailing list