This was inspired by the poll: http://www.webhostingtalk.com/showthread.php?s=&threadid=75566


For you webhosting guys, how often (if ever) do you look at your clients websites?

Is it unethical to look at a website from the inside out? Looking at the files instead of going www.whatever.com .

Thoughts on this?

I regularly check accounts that show unusual signs of change (ie, 1GB bandwidth in a day for a "personal blog site")

The only thing I do not check is client email - that is unethical. Nor do I open files unless I feel there is a need to. IE, if a *.zip is named essays.zip and i have no reason to suspect that essays.zip contains anything but essays, i will not open it - just ignore it and move on.

As a side: very rarely do I actually do this - only when I feel that something fishy is up.

We always ask that customers with adult sites provide some way for us to access their site content, and ask the same of anyone that tells us they are hosting "software downloads" ... but we have never had occasion to use this access.

We always ask that customers with adult sites provide some way for us to access their site content

You dirty buggar ye!! :stickout lol

Originally posted by Eurofficial


You dirty buggar ye!! :stickout lol

LOL ... you're not the first to accuse us of that, but I'd rather be up front and tell the customer that we may do spot checks on content than to go in through an SSH session or something.

And, if there is ever any illegal content reported, we would be able to confirm it without having to simply suspend the client's account. Very few people have had a problem with us telling them that up front. Those that have have found other hosts.

all files under the /home partition are keyword searched. i have had to view a number of sites, and a good thing too. there was some crazy **** on there in places.

I do all the time. Only to the degree that is neccessary, and so far, only with permission.
I do pay attention to how many MB of files they have vs how many MB of transfer they are using, if it seems right, I never look.
To me it would be like renting an apt to somebody. I wouldn't go in and look at their stuff. Now if the utility bills were outragously high, or I supected them of illegal activities, I would do what it took to protect my investment.

I believe that you should have access to check for illegal activity upon suspision... however, you should not do it for fun or when bored. Yes, that would be unethical.

I think that it is absoultely unethical to look at your client's websites from any other prespective than that of an end user. That means that going under telnet/SSH and FTP is not allowed. What people put in private directories is of no concern to me.

Second of all, I am not the type to go out and police the network. Thats why we all pay ridclious amounts of taxes every year, to hire, train and maintain a police force. I am not going to go out and play police man and write up citations for moral sins and cite sections of my TOS like they are law.

Finally, I would not answer any questions without a court order. Why? Because it protects me from liability if I do answer them and second of all, just because a cop asks dosent mean the law says he has a right to know. (Case in point: Tattered Cover vs. State of Colorado -- http://www.abfee.org for more details). Regardless of what your personal opinion on this is, the law is THE LAW. Cops only have the right to information when the court says they do, not whenever they come into my office and raise a stink.

Sometimes it protects criminals. Sometimes it protects citizens. But I can tell you that I would much rather set 1,000 murders free than be part of the machine that imprisioned one man for a crime he didnt commit. Many people would disagree with this. "Its worth the cost." some say, while others write it off and proclaim "freedom has a price" (thanks, George W. Bush for that quote) and similar sayings. No, thats not the price of freedom.

For those who disagree with me on this, how about we lock YOU up for a crime you didnt commit and then say "That's the price of freedom". See my point?

Note that there are no cybercrime laws (if there are than they aren't beeing enforced) that the authorities can use to police the internet like they do the streets...


....therefore, it is our (the hosts) responsibility to ensure that our servers hold legal content...we are subleasing our servers/bandwidth to tenants.

if you owned an apartment building, would you want one of your tenants dealing drugs out of his apartment? no - that lowers the property value (if it came to be known).

similar with hosting - if a client specifically wants a server that contains no adult websites then it is your responsibility to make sure that happens, which means you have to play a preemptive role in finding out these criminals(a la Bush - no more bush talk in this thread :D) if the client or new clients were to found out that you host illegal content and you dont do anything about it, chances are they'll move on..


edit:
as for the freedom of speech/press amendment
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

That means that private citizens and companies have a right to refuse service as it feels necessary

Originally posted by akash



as for the freedom of speech/press amendment

That means that private citizens and companies have a right to refuse service as it feels necessary

Double edge sword there. You have a right to refuse services, but if you accept services then later on try to terminate the services without just cause ( let's say it's a hate america site ), you can not. you have to wait till contract renewal date and advise the client that you will not renew.

Now you say it's my servers and I can do what I want. well yes it's your server, but since you are running a business with those servers you have to abide by consumer/business laws.

that's why we have long winded TOS and AUP and Privacy policies ...

to protect the business.

another good example of this is porn, If you don't state that you will not host porn, then you are letting your servers be avalible for porn. try to remove them, and if they really want to they can take you to court.

another fun thing is the statement " terms of the TOS/AUP can change at anytime" well, US law requires that thier be a general notice of change in terms of contract, it's as simple as posting it to your forum and that would solve everything. Don't think that you can change it all of a sudden without warning people. Does not work that way. Nobody make's a suit for the 25.00 a month business, but if your hosting at $100 or more a month and or have e-commerce sites that are earning good money and you pull a change and they have to leave, then you really have to start worrying.

Mike

Mike

Mike: well said :)

you are correct it is a double edge sword - as long as we hosts keep ourselves safe in our TOS there should be very little to worry about

Originally posted by kkimmel
I think that it is absoultely unethical to look at your client's websites from any other prespective than that of an end user. That means that going under telnet/SSH and FTP is not allowed. What people put in private directories is of no concern to me.

If you are responsible for the server, the ultimate liability for the contents of said server is yours. If you are running a business, it is in your best interest to be aware of what is on your server(s) at all times. If you apply the "live and let live" thing here, you may possibly find yourself out of business, or worse.


-Bob

Sometimes it becomes necessary to look a little deeper into a customers' content. Most of the reasons have already been listed. It's, generally, something out of the ordinary happening that gets my attention; and I look.

It's already been said, but I will check out an account only when there's something fishy calling out to me in the logs.

As for someone stating that it shouldn't be done for the fun of it, I can think of a billion more things more fun than eavesdroppping on a customer's webspace.

Only when the logs give the impression there may be a problem.

-WC-

We run little spot checks at least once a week, depending on what's going on signup-wise. I like to make sure customers that I haven't spoken with personally are not abusing services. Also, I like to check for vulnerable formail.pls and the like.

The idea isn't to invade privacy, but to insure the integrity of our service, which is something I take very seriously.