[ncrossland]

Just having an arguement with support at our web hosts.

It is hosted on a Windows server, unfortunately.

The admin area of the site's CMS was password protected, using (I assume) IIS's directory protection (same kind of thing as .htaccess).

Looking at the site yesterday, and it is no longer password protected. (Obviously not good - exposing all the site's content to hAcKKeRs or anyone who fancied changing news, deleting all the databases, etc)

Contacted support, and re-enabled it, and to find out what went wrong. They claim:

Quote:

All windows server a prone to loose the permissions settings. It happens all the time that is why all the hosting companies even design the tools for resetting permissions to the intitial ones for all sites hosted on windows.

Anyone experienced this before??

I know MS software if full of security holes, but routinely suddenly 'forgetting' to password protect a directory can't be right?

It sounds like support at bullsh*tting me - anyone got a 2nd opinon??

Cheers

[oli]

does sound like shite to me m8, more likely they've updated/changed something on the server to make it lose it.

[ncrossland]

thats what I thought, can't make them admit it though when they can blame MS!

[Brown]

tell them your client is very unhappy and wants a full report into the security issues. that'll get them answering. i have come accross this before but more associated with the htaccess file resetting when a patch is applied to the server.