Spamming hosting clients

[ParkInHost]

Hello,

What are the steps taking by(Hosting providers) you when your client is reported to be spamming?

Whats the best way to solve this case?

 

[Asim]

I report, give them a call if they are reachable and tell them they have x hours to fix it

If its very serious (like this last time when someone's Wordpress got hacked and was causing a significant CPU load), I suspended the account, told them they could clean it up WHEN they are available (I enabled account, they logged in to clean it up etc)

 

[comXyz]

If the report come from trusted source, and it's serious problem, you can temporary suspend the service, then contact your customers.

Otherwise you need to contact your customers first, and give them at least 24 hours to reply.

 

[DaringHost]

With proper order screening and scripts setup to monitor SMTP connections we've cut down on customers signing up to send spam in the first place. However of course nothing is 100%, customers websites do get exploited, ect. In the event that we receive a notice in regards to spam, we manually investigate it. If found that it's valid and the customer is indeed sending spam the site/VPS is suspended and notice is sent to the customer to contact us when they're online so that they can resolve the issue. 

It's also important to note that some spammers will claim that their VPS was hacked (even though it wasn't), request a new OS install, and then start sending spam again. 

 

[RTGHM]

I can't believe no one has said the obvious. Set a limit of x amount of emails that can be sent per hour. Eg: 100 emails / hour max sent.

 

[mojeda]

I can't believe no one has said the obvious. Set a limit of x amount of emails that can be sent per hour. Eg: 100 emails / hour max sent.

I don't know, honestly I think port 25 should be blocked and only enabled at the user's request after they are a customer for X amount of days unless customer service believes, without a doubt, that the person will be ok to have port 25.

Even if someone needs port 25 for legit reasons they can use services like mandrillapp.com and just smtp everything to it to be dealt with.

 

[ParkInHost]

I report, give them a call if they are reachable and tell them they have x hours to fix it

If its very serious (like this last time when someone's Wordpress got hacked and was causing a significant CPU load), I suspended the account, told them they could clean it up WHEN they are available (I enabled account, they logged in to clean it up etc)

Suspension without notice is isnt a problem? Will the clients consider us to order again?

 

[ParkInHost]

If the report come from trusted source, and it's serious problem, you can temporary suspend the service, then contact your customers.

Otherwise you need to contact your customers first, and give them at least 24 hours to reply.

contacting customers and providing some time duration to clean is the best solution rather then direct suspension. Thanks

 

[ParkInHost]

With proper order screening and scripts setup to monitor SMTP connections we've cut down on customers signing up to send spam in the first place. However of course nothing is 100%, customers websites do get exploited, ect. In the event that we receive a notice in regards to spam, we manually investigate it. If found that it's valid and the customer is indeed sending spam the site/VPS is suspended and notice is sent to the customer to contact us when they're online so that they can resolve the issue. 

It's also important to note that some spammers will claim that their VPS was hacked (even though it wasn't), request a new OS install, and then start sending spam again. 

yes, i have seen this case aswel. They spam and blame on their clients or account being hacked. Tough call

 

[comXyz]

contacting customers and providing some time duration to clean is the best solution rather then direct suspension. Thanks

Well, it depends.

If you know the VPS is sending out DDOS attack, you still wait for customer response?

 

[RockTBN]

Well, it depends.

If you know the VPS is sending out DDOS attack, you still wait for customer response?

I agree with your point. If a customer was reported as DDOS attack, we would suspend the VPS immediately then then send them an email to inform, cos it would affect other customers on the same node too. We give spamming complaints/reports customers 24 hours to solve the issue.

 

[ParkInHost]

Well, it depends.

If you know the VPS is sending out DDOS attack, you still wait for customer response?

Difficult situation.. If we suspend without informing we might lose the client also. But tough task!! 

 

[ParkInHost]

I agree with your point. If a customer was reported as DDOS attack, we would suspend the VPS immediately then then send them an email to inform, cos it would affect other customers on the same node too. We give spamming complaints/reports customers 24 hours to solve the issue.

Yes this looks good too.

 

[GaleDribble]

Throw them in a fire.

 

[HH-Josh]

Call the client, then investigate and suspend where necessary after the investigation. Every case is different so treat each customer differently. Cover it in your terms of service that spamming isn't tolerated and the client can be suspended or terminated for it (that way it covers your actions and procedures). Can sometimes be a case of their script has been exploited.

We've never had any major issues with spamming client's if I'm honest, been more to do with people signing up to our services with fake details and then uploading a mail script - which is then dealt with straight away.

 

[uniweb]

Using putty.exe, if I enter this short script 

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

 

[Aurimas]

Well, our terms of service clearly state that spammers are always suspended. However, if there's a problem, it can always be resolved with our support department. But from our experience, no one gets suspended without a proper reason.

 

[ParkInHost]

Thanks guys

 

[datarealm]

Difficult situation.. If we suspend without informing we might lose the client also. But tough task!! 

No reason not to notify them.

Anyhow, in the grand scheme of things one clients vs. your entire reputation is never a tough call.

 

[pravint]

When we found any client spamming, We suspend his hosting.