A web site / application is hosted with a web hosting service provider (HSP). However, there is vulnerability in the web site that gets exploited and the sites functionality is affected. Whenever a end user is visiting the website, some malicious code is called from a remote malicious website. Note that the malicious code is not stored on the hosting service provider’s server.
Under such a scenario, does the HSP provide any kind of support to analyze the website / code and rectify the issue? I know most of the answer is going to be – “It depends on the agreement with the HSP”. However, there is no specific agreement other than the standard hosting agreement exists between the HSP and the client. I have come across people saying that the client is paying to the HSP, so they are supposed to help remove the vulnerability. I believe, the scenario is clear.
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor
[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n