Hi,

If a script for gathering Form data (like Matt's Formmail script) is ABUSEd by Unknown SPAMmer, and the Reseller is not aware of it, then should the REseller Account be Suspended?

Similarly if the Resold account faces similar problem then should the Reseller Suspend the account? or the Reseller Account gets Suspended by the provider?

Any views on this?

Thanks!

Ban the use of the formail script

But my question is not this.
Ok i have stressed now with Bold and underline.

Thnx!

Originally posted by mk123
Hi,

1 - If a script for gathering Form data (like Matt's Formmail script) is ABUSEd by Unknown SPAMmer, and the Reseller is not aware of it, then should the REseller Account be Suspended?

2 - Similarly if the Resold account faces similar problem then should the Reseller Suspend the account? or 3 - the Reseller Account gets Suspended by the provider?

Any views on this?

Thanks!

Here's my views

1 - inform the reseller (obvious), you turn off the script asap (chmod 000)
2 - same as 1, the resller then deals with his client
3 - personally I'd say no, IF the reseller didn't break any rules

dhabets is correct

The reseller's customers are your customers, you suspend the reseller, you suspend the rest of your customers, why punish them? This is freaking basic, and you're handling resellers?

But the Reseller should be responsible for the scripts used in his master domain??

And can the Reseller prove that he didn't SPAM from the scripts?

If you were nice, you would determine intent, talk to them, if they punked you out then you would suspend his account.

What would you do with his customers? Anything you want I guess.

Any more ideas, technically to prove that the Resellers didn't fault (SPAMmed) ?

Why would you need it?This one customer can affect every customers and even your business if your site resides on the same server, dump him.,

As a Reseller your responsible for YOUR clients...
If your clients are abusing your host system (and they see it before you do). I do not think suspending your reseller account is right!!! Your host can inform you of issue and have you take measures or take it themselves! But suspending the reseller (and hurtin their other customers) is Absurd!!!!!
If this happened to me I would be on a new Host in 24hrs!!

As far as the resellers client he should be removed regardless!!!!

Dumping anyone is easy.

Just imagine the Reseller is you. What would you do if I (Provider) Suspend your services because of the SPAM from your script?
(you are my Reseller for last 6 months though and maybe I didn't faced any such activity from your script in the past)

What you think guys?? any more opinions?

Yeah Eric you are right, but how would you move on to a new Reseller host if you are Suspended with your clients
And more to it you have paid Annual advance, and just 6 months you have availed.

Let me add this:

if the reseller had the intent to spam, then they probably wouldn't use formmail but just log into a shell and fire the spam off.

I'd say just turn of the script and notify them.

However, let's say the spam send is advertising the resellers business, well, then I'd have a really good talk with them.... (but even then, check your logs to see if it was really the reseller or someone else).

thanks dhabets, that was useful addon:)

can you explain a bit about how would you check the logs? IP address of the Resellers location or what?

Thanks

Originally posted by mk123
thanks dhabets, that was useful addon:)

can you explain a bit about how would you check the logs? IP address of the Resellers location or what?

Thanks

ehm, you could simply do

last | grep username

this will give you the last few logins with the ip from where they logged in. Match that with the ip in your webserver logs. If they match, well, then either thing could have happened:
- the username/password got comprised
- they decided to spam (in a very complicated way, but still)

if they don't match, well....

What are your choices if the Provider has Suspended your Reseller Account?

Only Ticket based support is there who only responded once in 24 hrs by saying 'Your account has been Suspended due to SPAM from your script'

After that No reply for your pleas and explanations?

Any comments from any Hosting Provider?

Vox, httpme, splash etc?

Suspending a reseller account like that is pretty unacceptable. If i find a formmail script thats being abused i normally disable the script and leave a message in that folder for the user or contact the user.

Xmmm, spamming through form mail scripting? If they used your mail server such as mail.mysite.com , it is something u can't prevent, so suspension is not an acceptable measure. Almost every site which uses mail @mysite.com has an easy to figure out mail server. And of course there are lots of spamming programs in which you can enter the wished mail server, so the one who takes the mail thinks its from u! It's common sense my dear... so always check if your partners are ready to think the way you do...

I am not a perl dude, but surely it should be easy to determine where the script is being used?
In my formail script I usually have to put in something along the lines of my sendmail. Now when I have received mail thru that it 'usually' has the domain in there where the perl script came from, you know the domain used to send it?
Or am I being so noob about this that I should go and play with my action man doll?

:-)

Ecuuleus.

Actually just had a thought, I agree with splashost.
Disable the script, talk to the person concerned and work things out from there. Heck there's always external cgi resources if they are THAT determined to spam, hmm, maybe you might be able to drop an email to these cgi providers and ask how they deal with this sort of thing, well, you never know they might help ?

Erm, right thats me the noob making myself look stupid, now where did I leave my action man doll? :-)

Ecuuleus.

Why would anyone believe a reseller was abusing a form to mail script on an account they owned - why not just send it out directly? We get enough spam from other hosts to know that people do just that.

For the original question, though, we would not suspend the reseller's account for something like that. Before we disabled formmail.*, we would simply find the script, chown it to root, chmod it nonexecutable, and notify the reseller to have their user put a secure mailer in place. Real spammers are still shot on sight, but having some unsuspecting victim's mailer abused is not a capital offense.