I'm just curious, what is your company policy towards end users on sites that gets hacked / defaced on your servers?
I have a client who's site has been hacked twice already, by different script kiddies. And everytime I look at the site, I can see that there's a lot of files with world / everybody write permissions enabled.
So, now it's a matter of the client blaming us for providing an insecure webserver, and I say that he needs to change the file permissions to readonly after he's made changed to them. - this clearly creates a conflict.
What is your policy on this, and how do you support such a situation?