I have a reseller package with a company that I will not mention for the security of my current customers, considering the nature of this post.

Yesterday I received an email from a customer who said he received an error message saying hosting account had been suspended while he was attempting to setting up an email alias.

After looking into the situation and confirming that the account had indeed been suspended, I emailed the hosting company for support.

The reply I got looked like this:

The error message was this:

"Attempt to create an alias for mailbox
'H?v`H?vR°?¶$yð?ddress=editcustomer@telocity:com' - mailbox does not exist

As you can see your customer is messing about with odd characters for reasons best know to himself. If he tries anything malicious such as this again, your entire account may be suspended."

Correct me if I am wrong, but it looks like the he made a simple typo, where the colon in 'telocity:com' should be a period. I can understand where this would trigger errors, because I believe that colon would make the system think he was setting a password (this is why I am a reseller, and don't have my own servers :)).

As for those 'special characters' in the beginning of the string, I can not even try to explain. I am hoping these were just generated because of his typo...

I guess what I am looking for here is if anybody else here believes this customer was doing anything malicious, or if I should look for a different hosting provider for my customers becoming hostess because of a simple typo?

Any type of insight would be greatly appreciated.

The two things I would do, A.S.A.P. are:

contact my Hoster and get them to explain exactly "why" they feel it is a "malicious" act; so you can hopefully prevent it in the future.

contact the client and ask why they did what they did - the way that they did.

The answers to the above (and some God given guidance) will tell you to which to ditch.

For example, I recently had a client apply for Hosting - yet they would not answer any Emails I sent them. The Emails stated they had left out some required information; which I would need to setup the account. After a week with "no reply" from them (not even why their Hosting account was not setup yet), I cancelled the account and refunded their money.

I do not know what their "real" intension was, because they would not communicate with me. In your situation, you don't mention how long this client has been with you, but at least it sounds like they will talk to you. ;)

Make it work for you as you need to know.

Just a thought.

Originally posted by CoreyC
As you can see your customer is messing about with odd characters for reasons best know to himself. If he tries anything malicious such as this again, your entire account may be suspended."
Honestly, if I were a reseller (and I used to be) and my provider told me that they'd suspend my account because of the actions of one of my users I'd absolutely, without question, immediately, start looking elsewhere.

Originally posted by JayC
Originally posted by CoreyC
As you can see your customer is messing about with odd characters for reasons best know to himself. If he tries anything malicious such as this again, your entire account may be suspended."
Honestly, if I were a reseller (and I used to be) and my provider told me that they'd suspend my account because of the actions of one of my users I'd absolutely, without question, immediately, start looking elsewhere.
Indeed. That would be quite disturbing to hear from your host.

As a reseller, you do need to be somewhat responsible for the actions of your users. However, not to the point where you're constantly watching every move they make. It's just not possible, not without full access to the system.

Now, on the other hand, your customers can be held responsible for your actions. For example, if you don't pay any of your bills, your customers' sites will be turned off as well. However that's to be expected.

IMHO, to block access to your and all of your customers' websites because one of your customers may have been engaged in some "malicious" activity is a tad bit extreme.

A side note... as a system administrator myself, that error looks a bit suspicious. If I saw something like that in a logfile, I would definitely be a bit wary of that customer. I'm not sure if it was intentional or not... it just looks fishy. :nuke:

Best Regards,
Matt Lightner
mlightner@site5.com

I highly doubt that this customer of yours was trying to crack into the server. I do not know of any security holes which have ever been exploitable by creating linenoise email aliases -- far more likely this was caused by a software problem (probably a buffer overflow).

In any case, I'd either demand a better explanation from your host or ditch them outright.

Maybe your user speeks a foreign language, is using a different character map and the characters have some meaning for him.

I greatly appreciate all of your replies. I'll try to reply to all of them here...

WebSite Rob: I should have posted that I did take a step you suggested (contacting the hosting company and asking why they feel the customer performed a "malicious" act) and got no response, at least as of yet (sent over 24 hours ago). Also in that email, I explained what I felt had caused the problem (the period being mistyped with the colon)

I also contacted the customer (his website was reactivated BTW) and showed him the error message and asked him to be more careful in the future.

JayC: You seem to know exactly how I am feeling. It is hard to be a successful reseller when you are constantly worried about what the hosting company is going to do with your customers next...

cpercia: I was thinking the same thing (software problem). I had an earlier problem with their software that also suspended my account. I mistyped a domain while setting an account up (forgot the 'dot' in .org) and had to get support to reactivate it.

Walter: This is very possible. The software this host uses rejects any kind of special characters, even to the point where you can not create email accounts (or forwards) with dashes in them. Login names can only use alpha characters (no numbers)

Site5-Matt: Thanks for your professional insight. I constantly monitor bandwidth and space usage and visit the sites to check for illegal content, but other than that what can a reseller do?

I really can not see the logic of this host in their threat to suspend my entire account if this happens again. They really can not expect me to delete this users account for an error that resulted because of a typo. They have not been able to provide me with any other information that would lead me to believe that this was anything more than a typo.

Thanks again to everybody who replied.

-Corey