We run both a shared linux hosting service and a free geocities-style service. I'm leaving our the URL's so we're not accused of promoting ourselves.

Over the last two months our free service has been getting pounded by people using the service as a landing-place for spam, mostly for drug sites (Viagra, Levitra, etc). These guys (or somebody working with them) will go out to hundreds of websites and spam their URL's on comment boards, guestbooks, feedback forms, etc. Most of these links point to a script, hosted by us, that just redirects to the *real* destination site.

Of course we then start getting complaints from these site owners, accusing US of generating these messages, threats of being reported to the DoJ, etc. So we do our part and shut the site down - without hesitation. We inform the owner of the site that's complaining that the account has been terminated, and we don't support spam in any way.

That's all fine, and pretty much under control now that we're doing some scanning and filtering of new free accounts - we've put a stop to most of it.

But now we're getting paid accounts coming in over the last week - lots of them. They're paying up front, some for a year's worth of hosting, through our order forms. Some of them are ordering big accounts, big money, and their card info checks out (or they're verified on PayPal).

Any time we get a paid shared hosting order that looks like it might be a pharmacy-related site, we explain that ANY reports of spamming, by them, or with them as the target, will end in their site being suspended, and that we don't permit any spam-related activities.

So its started. First complaints coming in. A wine ordering site was getting hammered with drug-related spam in their guestbook. I got the complaint because one of the sites pimped is hosted by us. The site was suspended.

The owner of that site is furious and swears he has nothing to do with it, and anyone could spam his website without his knowledge.

Anyone have any real information on a hoster's liability in these situations?

Do people just turn away these pharaceutical sites? What's everybody else doing? I've got 7 new accounts right now waiting to be setup, but I'm hesitating. I don't want our business to be associated with this type of activity, but where do we draw the line?

We run both a shared linux hosting service and a free geocities-style service. I'm leaving our the URL's so we're not accused of promoting ourselves.

Both of which are in your signature haha. Anyway, the first thing I would do is ask the guestbook owner for the IP's that were spamming it and see if any of them matches up with any FTP or panel logins to that account. It's doubtful they will because spammers usually use open proxies.

Second, you might want to amend your AUP (if you have one) to either mention a partial refund on canceled accounts (at least keep the first months payment, if it's a pre-paid year). You might also want to add something about any spam reports against pornographic or pharmacy content related sites will result in an immediate account cancellation; because that WILL give your company a bad reputation to continue hosting accounts that spam regardless of if it can be proven or not.

I dunno, I hope that was at least of a little help.

PS: On your site you have "Half-Price Sale! Sign up before the end of 2005 and get your first month of hosting for half-price! That's only $4.25 for the first month of our Plan A service! Offer valid for new, monthly billed customers only."

It's 2006 already ;X

Good advice, pretty much what I was thinking.

I'm wondering if other people are seeing a big inflow of these types of sites.

Yeah, that sale's extended, but the wording hasn't been ;)

I'm sure not.. Then again, I don't have a signup form, or instant activation.

Contact the enforcement/compliance office of your local government's Food & Drug Administration office and find out what the requirements are for running an online pharmacy. Also find out if there's a license or certificate of some sort that these pharmacies are required to have in order to operate a legitimate pharmacy in your country (at the very least, they'll probably need a local business license).

I find the government to be very helpful with these types of questions -- it's easy for them because they are explaining something they know extremely well, and are often glad that someone else wants to take steps to avoid being a part of a problem most people are totally unaware even exists.

When a new "pharmacy" customer signs up, you could make it a requirement that they fax proof that they're licensed to operate in your country/province (or "country/state" if you're in the USA) before you'll even consider doing business with them, and make it clear that you will probably verify it with the issuing government agency.