New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What-If Situation
Hey Providers! I was randomly thinking about things I read on people's AUP and thought of an interesting situation.
Let's assume your AUP says nothing related to hacking is allowed, right? What if someone has mydomain.com hosted by you, but they have a subdomain hackerstuff.mydomain.com hosted by someone else, and some dude reports the link to you and you see bad stuff on there.
Without having read this thread first, what would you probably have done?
A) Delete the guy's VPS because of our no-tolerance policies on that stuff.
Suspend the guy's VPS and tell him why, which after his explanation would result in unsuspension.
C) Do nothing. You don't really care about your policies to that extent. That guy is paying you.
D) Other. (Explain)
Comments
For the abuse@ that comes our way, this is pretty much how it gets handled:
1) If a non-official request (ie, just some dude reporting), they are given instructions on filing a proper abuse report and a brief glance is given. Nine times out of ten, an individual reporting a website for items such as content, etc, is just some butthurt ex-forum poster trying to get revenge for being banned or whatnot.
2) For legit DMCAs and admin-level abuse complaints (ie - being notified by Tim that one of our clients is trying to bruteforce a VPS on his net, or maybe Jon Bobson reporting email spam with logs), a full audit is done on the service in question. For your example, @Naruto, domains aren't enough for us; we find exactly where they resolve to beforehand. If mydomain.com is clean, and just has a few links to hackerstuff.mydomain.com (hosted elsewhere), then he's within regs for us.
In some cases, abuse reports only contain a cloudflare-type IP and no other identifying information. In those cases, the person or entity that submitted the report is informed of how Cloudflare works, and how many sites use them to try and stay under-the-radar of their providers. They're then informed that Cloudflare will not release their client information to us, and that they should request the actual IP being masked to submit another report with.
Of course, the vast majority of stuff like this is case-by-case basis... but that pretty much sums it up.
If it's not hosted on our servers we don't care what the clients put on their websites elsewhere.
If it's hosted on our servers and it violates our policies then we take the appropriate action (if it does not have the potential to directly impact our service, company, or clients a ticket is opened with the client to get a dialogue going first unless there are legal motions in play).
Ditto but if we catch a client spamming (Be it email, social network or SEO) from elsewhere, it's actionable. We look at all legit complaints and handle them on a case by case basis.
You're thinking of something like a blogging site or other social networking site. In that case we pass it along to the client for them to deal with. The complainer gets a form email back explaining how to properly file a complaint because those should be dealt with by the actual site and not the webhost or the datacenter. The only time we should become involved is if our client isn't doing anything about the situation. (We've had to whack a few over their heads to deal with spam complaints and we've AUP'ed a couple.)
We've had a couple escalated to us because the client said no. In all those cases, it was a bs complaint and we responded to the complainer as such.
We've had one escalated to the datacenter. They asked, we responded, and life moved on as it was a bs complaint.
Typically for non-official requests that don't violate our processes otherwise, the person gets the complaint forwarded to them, and that's it. As @Aldryic pointed out, it's typically a forum poster complaining or something goofy like that.
For official requests, we attempt to contact both the party who submitted the complaint and the client it's directed at, directly via telephone. If we're unable to contact the client via telephone due to an invalid phone number (happens often enough to mention) then they get suspended, along with a note to contact us. Interestingly, sometimes we suspend an account, then never hear from the customer.
This is a terse, Cliffs Notes version of what we do. It's very case-by-case.
Very surprised about that because of the costs normally involved with such a phone call as well as there not being a paper trail.
Tossing a paying client (be it for spamming or AUP violations or non payment or whatever) is probably the number one cause for legal concerns with hosting. Not having a paper trail leaves you open for "He said/They said" if it would ever wind up in court.
@drmike: Google Voice makes the price bearable, especially for how infrequently we have to do it.
The whole process still takes place through email (I just re-read my post and I wasn't clear on that, oops) but we call in hopes that we can get it going quicker. 80% of our clients are in Europe or Asia, so there have been times we've called at 3 AM our time
Usually, when we suspend an account for lack of communication, the client contact us in a matter of minutes
As for the Naruto question, we try to find a quick solution talking with the client, suspending the account only if we have no choice...