What to do about illegal links from spam bots for users?
I've got one particular user who runs a blog, and one day my automated file scanner detected a file containing hundreds of links to illegal content (lets just say the word "preteen" appears a lot). I checked the file out and it appears to be a .txt file of all of the comments made to their blog. I have gone through and manually deleted the comments (which are made by spambots) but the next day the same links appear in the same file but from a different bot. This has been going on for the past 8 days and the user has taken no action to prevent this same bot from returning each day.
I decided to delete comments and chmod the directory to read only to prevent further writes to the file but at what point should the user be held accountable for the illegal links on their account created by spam? I can understand that it's not the user's fault the links are being posted publicly on their site, but they have not taken any action to either remove the spam comments or prevent the spam from continuing.
The way I see it is regardless if it's being done purposely or not the fact that I have links to illegal content on my server puts both my company, my hardware, and my datacenter at risk. So, as a host, what would you do in my situation? Now consider this user was using your services for free, would your actions be any different? Should I wait for my datacenter or law enforcement to contact me before taking further action?