gpg: Signature made Wed Mar 6 14:48:33 2013 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,
On Wed, Mar 06, 2013 at 02:41:45PM +0000, Andy Bennett wrote:
> > This does beg the question, how can you be happy that your machine isn't
> > still compromised.
>
> Who's machine? AIUI, the compromised machine was reinitialised.
In this case the customer (just) removed Wordpress.
I think it is highly likely that Wordpress was the source of the
compromise, and that the compromise extended no further than writing
some content into Wordpress's wp-content directories, but if it were
my host then I would be wanting to confirm that, indeed.
Unfortunately I can't justify keeping a paying customer's service
disabled once they have removed the thing that the abuse reports
were about.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
