Reseller hosting provider suspended a client's account

Portal Home > Knowledgebase > Articles Database > Reseller hosting provider suspended a client's account

Posted by Jatinder, 01-21-2012, 12:56 PM
Hello, I have a reseller hosting account. The hosting provider today suspended one of my client's website for spamming and that too without any notice/warning. I have known the website's owner for couple of years and they have a legitimate business and I don't think they are spamming anyone. My question is, how does a hosting provider know which website is spamming? Also what kind on information/details should I request from the hosting provider to verify whether the website was in fact guilty of spam or not. Thanks, Jatinder Thind
Posted by ovais, 01-21-2012, 01:36 PM
It does not matter if your client have legitimate business, it usually happens when e-mail account or website is compromised. If your client is using outdated joomla/wordpress applications then it is highly possible that their installation is compromised and being exploited by spammer. The e-mail header includes useful information which helps tracking source of message.
Posted by HostMantis, 01-21-2012, 01:54 PM
Your provider is the one that has to deal with the pain in the neck of getting the servers IP address removed from all the RBL's, so explain why shouldn't they immediately suspend any account that is spamming?
Posted by lastminutehosting, 01-21-2012, 02:28 PM
I agree the provider must keep the server running for all clients on the server not just one account. If there is a security hole it is your clients responsibility to do correct patching of software used unless you provide that service for them. I have to side with host on this one unless there is information we do not know here.
Posted by Jatinder, 01-21-2012, 02:48 PM
You guys missed the point of this post completely. I am not here to complain against my hosting provider. I just needed some details on: 1. How does a hosting provider detect which account is sending out spam? 2. How do I prove to my client that he is sending out spam? What detail/info should I request from the hosting provider for this? Regarding security holes, the client has a simple HTML/CSS site. No scripting of any any kind. Because they are providing a service and getting paid for it. It is not as if they are doing it for free. Why couldn't they have contacted me first of this with the proof of spamming? And so far they have not provided any such proof. I don't even know if the client actually spammed or not.
Posted by BrettB, 01-21-2012, 02:55 PM
There are several different methods, but most of them include the server tagging outgoing e-mails with some of the account information in the header. Then the host can look at that header in either reported spam e-mails or in the outgoing queue to see what account the e-mail originated from. You can ask the host for any logs or additional information they may have, but it's not guaranteed they will provide them to you. Often times when there is abuse on the server, action needs to be taken immediately. While it could have been nice for your host to contact you as a courtesy, it depends on the host's polices if they actually notify you when an account is suspended for abuse.
Posted by Jatinder, 01-21-2012, 03:03 PM
Thanks for the response. I will ask them for the logs. Is it possible for an account to flagged as spam origin if there are two many logins from the same IP? My customer has around 10-12 employees and all of them access email through a single static IP. Could that be responsible for the account getting blacklisted?
Posted by ovais, 01-21-2012, 03:10 PM
It can't be considered as spam. Just ask them to provide more information. Usually when we suspend any clients account we always include evidence of spam i.e. copy of sent e-mail with suspension notice.
Posted by quantumphysics, 01-21-2012, 03:10 PM
No, but all they need is one employee infected on THEIR computer for their account to be compromised and sending out spam.
Posted by DWS2006, 01-22-2012, 12:28 AM
As others suggested, I would ask your hosting provider for more information regarding the suspension. I'm sure they will provide you with a suitable response for your client. Generally a web host can spot spam in the mail queue and mail logs. If the spamming isn't caught early a spam complaint from an upstream provider will arrive in short order.
Posted by JLHC, 01-22-2012, 01:50 AM
You seem to have underestimated the seriousness of spamming. Your provider is not paid to clean up any mess caused by client's account sending out spams, which will cause their IPs to be blacklisted everywhere and the price to remove the IP from these blacklist would cost much more than a year of hosting fee that you pay them. Besides that, all other clients on the same server will face issues in sending any emails to anywhere, even if they are on different reseller accounts or even different IPs. If they were to contact you first without suspending the account, more spams will be sent out and their IPs will be blacklisted at more locations. If it is serious enough the whole block of IPs may be blacklisted, causing all servers of the hosting provider to face difficulty in sending out any emails.
Posted by Yujin, 01-22-2012, 02:53 AM
I admire you if you're doing this procedure. I had the same experience with the OP and I still need to require my provider to give some evidence of spamming. I don't understand why they can't include this in the notification email. This process should be standard and as they are aware that resellers has to make some explanation. Kudos to your company for respecting your customers.
Posted by CrocWeb, 01-22-2012, 05:49 AM
Agreed.
Posted by SunShellHosting, 01-22-2012, 08:03 AM
op Spamming is one of the major issue every webhosts face and it will affect the other users who are using the same server. It is a standard procedure to suspend the user who send spam mails. Just because you know the owner of that website for years doesn't mean that the account wasn't used for spamming. It could be the hacker who got the password of the account. I've seen many users use weak passwords such as 1234, login123, etc, that is the top reason for account hacking. There are brute force attack tools which can be used to get weak passwords in a matter of seconds and once the hacker got the password he will be able to upload malicious scripts for hacking other accounts on the same server or spam tools. Even if you change webhosts, this will happen with you all the time if any of your account is compromised. The solution is to get your own VPS or Dedicated server where you will be having full control on everything. And yes, you'll know what a web host has to face if their server ip is blacklisted or when they receive an abuse alert from their datacenter. >>
Posted by Jatinder, 01-22-2012, 08:22 AM
I understand the seriousness of spam but that doesn't mean that I should be completely left out of the loop. I wasn't informed of the suspension before or after the suspension. I came to know of the suspension only when my client called me up. So although I don't fault them for blocking the account their approach was definitely a bit high handed. The least they could have done was to inform me of the suspension instead of me finding it out from my client. Exactly my point.
Posted by hostcabin, 01-22-2012, 10:22 AM
Suspend without any notice is normal for spam or phising issue because noone can guarantee that the website owner online for 24 hours and able to response the warn immediatelly while on the other hand active spam or phising activity can result datacenter null route the box.
Posted by caisc, 01-26-2012, 02:29 PM
If your client was sending email in bulk (spamming) you can ask your reseller the maximum email sending rate allowed on the server, and ask your client not to exceed those limits Also you can white list your client IP in your WHM to avoid getting blocked.