I work at a website development company and one of our clients websites was hacked/defaced. The web host blamed out of date software on our client's website for the breach and the deface. Our client was on a shared hosting package with the hosting company.
When I was told to be the one to clean up the mess on the website and after getting rid of recently modified files (most of the site hasn't been touched for several months) and other malicious files, I stumbled upon a directly conveniently named "sym". This directory contained a symbolic link to the Root directory on the site which stunned me a little that it could be created in the first place.
I checked some folders and files inside and I had full read/write access to any file on the system. The very first thing I did was make my own employer aware of the situation before then informing the web hosting company that there is a major security risk to the server. I sent the message to them two weeks ago and I have not heard a single thing since.
Since then however, the hosting company has been much harder to deal with not responding to the many messages we have sent to them regarding other issues with this particular client's hosting. The site has been defaced again but this time no matter how many times they say they reset the password to the FTP and cPanel, we still can't login. Without being able to login, we can not make our own backup of the site (database dump and files download) which means we can not move the site to another hosting company
We tried to do a second idea of actually just pointing the domain name to a temporary host with a splash page rather than the defaced page. Unfortunately with this, there were issues with who actually controlled the domain name. The Whois lookup said it was Netregistry however when contacting them, they said it was the web hosting company. Trying to login to the hosting company's domain manager, it said they were not managing that domain name.
We are actually kind of stuck with what to do now. We know we definitely want to transfer them to a new hosting company but like I said above, we can't even make a back up of the site to do a clean move. We did quote them a few months back about redoing their website (the bulk of the website was made several years ago) but they have so far resisted the rebuild.
What would any of the Slashdot crowd do if they were in the same situation?
Still fight with the hosting company to get the data?
Push the client to get a new website built with new data?
But then who would be responsible for the domain name if neither party says they are?