Results 1 to 11 of 11

Thread: A Legal Issue

  1. #1

    A Legal Issue

    Hi I'm new here and am seeking opinions or advise in a dilema.

    I am currently involved in a war of words over a bill from my Internet Services Provider that I fear will end up in court. Whilst my partner and I have had an internet presence since about ’95, we first commissioned a dedicated website for our small but very international business in ’99. We were/are a group of artists who performed at festivals in Canada, Europe, NZ as well as all over Australia and it was a considerable investment then but an exciting tool for our business. The site was made by reputable designer and was simple, with several galleries and a custom-made postcard service. It was beautiful to look at and, as I was told only weeks ago by a web-designer analyzing it, beautifully constructed.

    It was hosted by a small new company, that I’ll call Funnelweb for now, at the expensive prices of the time and lived there happily for over 3 years. In 2001, a guest book was a popular addition.

    By 2002, it was time to update our site, much had to be added, new galleries and lots more attention to details like credits, context etc, so, as our previous designer was unavailable we engaged a new designer and had a new site built. A lot of stuff was carried over including the postcard service and the guest book. It was also beautiful and worth every cent. It lived happily at Funnelweb for another 2 years.

    We hired people to do this work for us because we were basically computer ignorant. Our first site was up for over 6 months before we actually got connected at our home office. It took us some months to get a handle on email and basic surfing. The only computer course I have ever done was an introduction to Photoshop in 2002 and my partner has not had even the most basic instruction from anyone other than me.

    Late in 2002 an undiagnosed bone disease and minor accident resulted in my suffering 3 broken vertebrae and whilst I’m lucky enough to not be crippled, my life changed dramatically overnight, some parts collapsed completely. I had to hire other artists to fulfill commitments in Japan, Canada and New Zealand but life goes on and the website was our single most important tool for providing work for my partner, her trainee and several other artists that we are able to pass paid work and other opportunities on to.

    The trouble began sometime around Aug 2004, although it wasn’t until Dec. when I received a bill for $2,182 (over 20 times my usual) that I became aware of it. On enquiring about this bill I was told it was for excess traffic and that, yes, there did seem to be a problem. I didn’t even know what excess traffic was. I had received bills with minor variations for excess traffic but had assumed it had to do with the site’s re-build and the increased size of the site and just paid them without question. Shortly after, Justnet informed me that it appeared a hacker had entered the system via my bulletin board and that it was spewing out millions of spam emails. My immediate response was to ask how this happened, who was responsible and what can Funnelweb do about it. I do not have an email account with Funnelweb who simply host my website. All my internet access and email accounts are with Primus.

    I immediately changed the access codes (whilst being talked through it) and it took me a day or so to contact the original website designer who immediately pulled the bulletin board thus blocking the traffic leak. Despite the fact that I gave Funnelweb permission to do anything necessary to stop the problem (including pulling the entire site) apparently my designer beat them to it.

    I rang and pointed out that I was not in a position to pay the $2000+ bill as I was on a pension and was even less inclined to do so because I questioned my responsibility for such an event. I asked why this happened for three months before anyone noticed and queried the service I was getting for what had now become fees well above the going rate

    I received an email offering to reduce the bill by 75% (to about $554, still more than 5 times my usual bill) and was informed that I was paying for premium service but if I was unhappy they could provide me with a cheaper but slower off-shore service and to let them know. I was not impressed and rang the company to say that I was still not prepared to pay this unreasonable bill. For the next 11 months my regular accounts turned up accompanied by the $2,182 bill. I paid the regular accounts and ignored the extraordinary bill. No further correspondence was entered into until I received a message to contact the company about my account.

    I rang the company and tried to explain my position and was told the matter would be looked into. Approximately 15 mins later I received an email with an additional bill totaling $4169.99 for, quote, “Misc 7 hours professional services (resulting from misuse of service) 02-Nov-05 02-Nov-05”.

    When I rang to enquire about this bill, my call was cut off. My second call to the company was also cut off. I was advised by email that this new account was because, quotewe had to spend approximately 6 hours getting our systems functioning again; removing the offending scripts and removing our systems from lists of known spammers”. “We” being Funnelweb, of course. I was told that if I paid the original bill, immediately. the additional bill would be waived “as a show of good faith”. I perceived this to be little more than a blatant attempt at intimidation.

    Later that day I managed to speak again to the company but by this time I was furious and the conversation was fruitless. The next day I was then informed that the company was confident of their position legally and that, quote, “I am now of the firm belief that either you or your webdesigner may actually have been responsible’. Later that day in another email, I was informed that one of the company’s personnel, quote,spent approximately 7 hours restoring our services for other customers who were affected by your sending the 600,000 emails (or your agent or someone acting with your permission)”.

    The situation now seems to be almost irretrievable.

    It has been and still is my contention thatFunnelweb’s system was insecure and that persons unknown have stolen from Justnet not me. It is obvious that the thief gained access via my bulletin board but to hold me responsible is akin a burglary victim trying to hold their neighbour responsible because the burglar gained access via the neighbour’s backyard. Should someone hack into a bank account and steal funds, it is not the account holder’s responsibility but the bank’s. I still don’t even know the content of the spam that was sent.

    I find it curious that the spamming event went on undetected for over 90 days whilst, according to Funnelweb, compromising their system, interrupting services and inconveniencing other customers. I also do not understand why the spam continued for a couple of days after I advised them to take any action necessary to stop it. My designer, who doesn’t charge in excess of $550 an hour, was able to stop it within minutes of being aware of the problem. All this begs the question of just how secure is Funnelweb’s system and the services and accounts of their clients. I was told the company now has tens of thousands of clients. I was one of the first thousand.

    Funnelweb’s spokesman tells me that if this matter went to the NSW courts, I would not have a leg to stand on. This may well be so and it may also prove just how inadequately protected the consumer of this industry’s products really is. How can an industry blame its most basic-level consumer for failings that happen at levels way above our comprehension. If the Bolte bridge fell down, would CityLink be allowed to bill the poor bastards driving on it at the time? Considering the staggering and still growing importance of this industry, I consider Funnelweb’s attitude quite scarey. I revisited the company’s so called “terms and conditions” found that they apparently haven’t be updated since Spellcheck was invented.

    Their spokesman now suggests I’m the thief that stole their product. They will of course not take out and win criminal charges against me because I simply didn’t do it. But they can drag me through the lesser courts over the details in the contract, win and bill me for the extravagant costs. Whilst they are intimidating me the hacker moves on.

    I spoke to the Telecommunications Industry Ombudsman’s office (TIO) and received a reference number, which I forwarded to Funnelweb. Their spokesman responded by sending me the TIO’s jurisdiction guidelines and pointing out that web hosting was not among them. It may be that the TIO and he differ on the TIO’s authority to investigate breaches of Industry Codes of Conduct. The additional bill prepared for me last week is very questionable.

    I see strange parallels between my life and the Internet industry since I put that first little site up in ’99 with Funnelweb. Both of us were thriving and healthy, then suffered serious set-backs. Mine, was a bone disease that crumbled my spine, the industry had also found itself with crumbling bones. Both suffered shock, serious depression and much reflection. Unfortunately my body does not have the resilience of the Internet industry and will not enjoy a spectacular recovery. I’m currently trying to cope with living on the pension and a cocktail of painkillers, antidepressants and other drugs.

    After a little more thought I will make one more attempt to bring this problem to a reasonable conclusion with Funnelweb. I have no personal problem with the company or its staff, the person I spoke to last year was actually very nice. Perhaps this other spokesman was just having a worse day than me last week.

    Can I really be bullied into paying for something I clearly didn’t ask for, want or use?

  2. #2
    Join Date
    Apr 2005
    Posts
    69
    First off, Australian company, right?

  3. #3
    There are some hidden clauses in the Terms of Service(TOS) which you accept when signing up with the hosting company. You need to read those terms of service carefully so that you will get an idea that the excess charges they are charging are according to their terms of service.

    Most of the host simple suspend the account once the alloted data transfer limit is reached. To unsuspend that account they inform you about the access charges. Again this all depends of the Web Hosts policy.

    So one cannot get any idea about the legal actions you can take without reading the TOS.

  4. #4
    Join Date
    Dec 2002
    Location
    Quad Cities, Iowa
    Posts
    1,606
    First things first. Are you still hosted with this company? If you are I would advise you to make backups of all your web content and databases. That way if your account is suspended for any reason, you can easily move to another provider.
    Need a new Web Host?
    Become a Host Refugee and receive TRUE 24/7 Support

    cPanel + Fantastico, PHP4 or PHP5
    HostRefugee.com - See our current promotions

  5. #5
    Join Date
    Dec 2001
    Location
    Toronto, Ontario, Canada
    Posts
    6,896
    Quote Originally Posted by john551
    There are some hidden clauses in the Terms of Service(TOS) which you accept when signing up with the hosting company. You need to read those terms of service carefully so that you will get an idea that the excess charges they are charging are according to their terms of service.

    Most of the host simple suspend the account once the alloted data transfer limit is reached. To unsuspend that account they inform you about the access charges. Again this all depends of the Web Hosts policy.

    So one cannot get any idea about the legal actions you can take without reading the TOS.
    Terms of Service, and Acceptable Use Policies aren't "hidden clauses", they're the *terms* that you're agreeing to. If you're too ignorant to read a contract before you sign it, thats your problem, it doesen't make anything you neglected to read a "hidden clause" of any nature. Most hosts will specifically prevent you from signing up until you have confirmed (generally with a check box) that you have read the TOS/AUP.

    CCircle, While I feel your pain, you are at fault. Your comparisons are somewhat inaccurate unfortunately. Consider this: If you held a holding box at a major bank, and you made this available for public use (much like your forum is available for public use). If someone then put a bomb into this box, and blew up the bank, do you honestly think that you wouldn't be held accountable to any degree? After all, you made it available for public use.

    Its a users responsibility to ensure the security of any scripts they upload to their host. If you upload scripts, you're responsible for keeping them up to date, and secure, this is not within the hosts reasonable realm of control (how do they know what software all their users have uploaded? what custom mods are out there? etc.). Likewise, hosts are punished by their upstreams for such activities, they are answerable for anything inappropriate you may do while on their servers.
    Myles Loosley-Millman - admin@prioritycolo.com
    Priority Colo Inc. - Affordable Colocation & Dedicated Servers.
    Two Canadian facilities serving Toronto & Markham, Ontario
    http://www.prioritycolo.com

  6. #6
    Join Date
    Jun 2005
    Posts
    98
    Yep, regardless of your own personal knowledge regarding any issues you are responsible for what scripts you upload to your host, if they are insecure and allow spam, If you don't have shell access they obviously should have said something long ago however.

    I too have had problems on webservers regarding spam abuse - and its becoming more common for webhosts to disallow certain scripts that are well known to be insecure.

    The only thing you really have going for you is how long it took for them to notify you of the issue, Like the previous posters have mentioned - I would also review their TOS//AUP.

    But its pretty industry-standard, you are obviously (and understandbly with large companies) held liable for any such scripts uploaded on your host. I'd get your backups quick if I were you.

    Good luck with getting that worked out!

  7. #7
    Join Date
    Oct 2003
    Posts
    9,264
    CCircle,

    The first course of action would be to review their TOS and AUP thoroughly.
    You'll see exactly how much you technically owe (if it's well done) and why you're being charged that much.

    If you don't: They've pulled a few numbers out of their butt and are charging you whatever they choose (or it could be based on their actual fees incurred, but it sounds a bit extravagant).
    Read, read, read.

    Let us know the results.


    I'm sure you can work something out with your provider - just remember that any scripts that are installed MUST be secured and updated: phpBB and other common forums go out of date very quickly and can leave nasty gaping security holes open.

  8. #8
    Join Date
    May 2005
    Location
    Chicago, IL USA
    Posts
    1,430
    CCircle,

    First, welcome to WHT!

    It certainly sounds like FunnelWeb, or JustNet, handled this very poorly. However, it is your responsability to keep your scripts up to date. Forums are notorious for being hacked, and most all the popular forums are continually updating thier code. It is the users responsability to then update thier version. From your OT, it sounds like this had not been done for some years.

    That said, it still sounds like your ISP, whatever thier name is, should have handled this much better - especially since you are a long time customer.
    ||| Mike Bowers - Marketing Director
    ||| atOmicVPS LTD
    ||| OnApp Powered Linux & Windows Cloud Hosting ► [Shared] ► [Reseller] ► [VPS]
    ||| Follow the atOmicVPS Blog

  9. #9
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,687
    Check your host's Terms of Service and Acceptable Use Policy - post it here, if you would like us to review it for you.

    Basically, the files you had on their servers were compromised. Its not the host's fault, its yours. Because your files were compromised, your account used far more bandwidth than you originally intended. This is not the host's fault, its yours. Do you honestly expect the host to just eat the money for your bandwidth use?

    Consider this: You go on vacation and someone sneaks over to your yard and turns on your outside garden hose and leaves it running at full blast for 1 month. You come back from vacation and find that the water company has sent you a bill for $1200 because of the extra water usage. Do you really expect that you can just phone them up and say "Someone maliciously used up all that water, I didn't. I'm not going to pay.". Absurd.

    As a hosting customer, its your responsibility to make sure your files are secure. The host should probably keep an eye on things and sort out any problems that they notice, just as good practice. However, its not their fault if they overlook your crappy script and you end up owing a bunch in bandwidth fees.

    Personally, I think that was pretty nice of them to offer a 75% reduction in your bandwidth bill (sounds like they were giving it to you at their cost). You should have smiled, bent over backwards thanking them....and promised to pay the reduced bill. At this point, it looks like its going to cost you a whole lot more.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  10. #10
    I have to agree on the point that CCircle in responsibe for the misuse of his account. Clients are 100% responsible for any and all abuse caused by insecure scripts. No question there.

    But I think that this "funnelweb" letting it go on for 90 days is also looking to score. There is no way I would let 600,000 emails get out without noticing immediately. And I think the charges for "cleanup" etc are definitely a blackmail attempt to get CCircle to settle for the original amount.

    But even so, while I feel the pain, legally, CCircle is responsible for the overages and abuse of his site. CCircle, you say that all the work was done by a third party, including the installation of the bulletin board, right? Was this a as-needed type arrangement, or was this person being paid regularly to maintain the site? If so, legally, you may be able to hold him partly responsible for not maintianing the forums by applying regular security updated, etc. Just a thought, but in the end you are where the buck stops....it's your site and you are responsible for it.

  11. #11
    You need to talk to a lawyer in NSW about this. Ignore what people on here say about TOS- every jurisdiction is different, and under, for instance, Scots law, the court would laugh at attempts to count TOS as a part of a contract. At least, the way most hosts distribute their TOS.
    Don't give the hosting company any money at present. If they have even a slim case against you, they will try to take you to court.

    The following act may be applicable to your case- http://www.legislation.nsw.gov.au/su...62%22&nohits=y

    Oh, and get backups of your site and find a new host soonish.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •