On 14 March 2010 10:36, Andy Smith <andy@???> wrote: > If the customer can't work out how the attack happened then I'm in a
> difficult position with regard to turning their service back on,
> because there's no reason why it won't happen again almost
> immediately. Sometimes it means I have to make the decision not to
> turn it back on, and refund them.
Do logs really provide useful information how the attack happened?
Is the onus on you or the customer to do the investigation?
