Results 1 to 25 of 25
  1. #1

    Should I give customers files back

    Hi

    I had a customer who was running a phishing website. Somebody emailed me letting me know and I backup and terminated the account right away after doing some investigation of my own. It looked like he installed a script that had a bunch of different clones.

    He wants his files back and said it was in my best interest "legally".

    Anybody encounter anything like this. Should I turn him in? Your thoughts are much appreciated.

    By the way he has been banned from DP forums.

    Thanks
    HostDogs.com
    Email: [email protected]
    MSN: [email protected]

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Was he intentionally phishing or were one of his scripts compromised?

    I would say return the files (with maybe an extra fee for your time) if his scripts were compromised, however if he was intentionally phishing and you're 100% positive... tell him to go pound sand.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    Are you sure he did it intentionally or was it done via an exploited script? I've never seen an incident of someone uploading phishing files to their account on purpose.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  4. #4
    Join Date
    Sep 2007
    Location
    Saint John, NB, Canada
    Posts
    91
    I would give him his files and be done with him.
    HostDemon.net - Web Hosting & Design Solutions at Sinful Prices!
    30 Day Money Back | 24/7 Support | No Overselling | Instant Backups | 99.9% uptime | Adult Websites Allowed
    Official Twitter Stream- Check it out and consider following us!

  5. #5
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Am I missing something? The OP said:
    I had a customer who was running a phishing website.
    Are you sure he did it intentionally or was it done via an exploited script? I've never seen an incident of someone uploading phishing files to their account on purpose.

    --Tina
    Really? Unless I misunderstood your reply, people do it all the time, they're called phishers...

    I don't see how you legally have to give them his script used for illegal purposes back, so don't and ignore him, if he goes to court he will be laughed at, than sued himself.
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  6. #6
    Join Date
    Dec 2007
    Posts
    271
    as the others stated. I would be willing to bet that his site was exploited. I have a lot of clients that run PHPNuke sites and Galleries that have been exploited. In those cases I remove all rights from the exploited folder and then notify the client.

    So unless you know 100% that he did it himself I would return the files.

  7. #7
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    Quote Originally Posted by daejuanj View Post
    Really? Unless I misunderstood your reply, people do it all the time, they're called phishers...
    Phishers don't have to purchase hosting, there are millions of exploitable scripts ripe for the picking.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  8. #8
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Quote Originally Posted by AH-Tina View Post
    Phishers don't have to purchase hosting, there are millions of exploitable scripts ripe for the picking.

    --Tina
    True. But you said they don't have to, the majority I've encountered, are simple sites dedicated to phishing. I'm sure (hope) the OP knows the difference between an exploited script and phishing script.
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  9. #9
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    Quote Originally Posted by daejuanj View Post
    True. But you said they don't have to, the majority I've encountered, are simple sites dedicated to phishing.

    In the 10 years I've been doing this, I've never encountered a phishing site that was "just" a phishing site. Exactly 100% of the time, its been an exploited script. YMMV.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  10. #10
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781

    *

    Quote Originally Posted by AH-Tina View Post
    In the 10 years I've been doing this, I've never encountered a phishing site that was "just" a phishing site. Exactly 100% of the time, its been an exploited script. YMMV.

    --Tina
    Agreed than.
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  11. #11
    Join Date
    Sep 2003
    Location
    Washington, USA
    Posts
    3,219
    Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.

    Before handing back over his files though, I would censor them to ensure that no phished customer data is stored anywhere.
    SHAW NETWORKS Simple. Professional. Reliable. Web Hosting Done Right.
    Low Cost & Award-Winning: cPanel Reseller Plans 24/7/365 Live Technical Support
    Website: www.shawnetworks.com Fast Response E-mail: sales @ shawnetworks.com
    Sick of downtime? Fed up with excuses? Drop your host! Switch to Shaw Networks.

  12. #12
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Quote Originally Posted by Shaw Networks View Post
    Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.

    Before handing back over his files though, I would censor them to ensure that no phished customer data is stored anywhere.
    I agree with you ONLY if this wasn't a dedicated phishing script, because if it was, you should not give him the means to commit a crime by giving him the files back.
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  13. #13
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Quote Originally Posted by Shaw Networks View Post
    Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.
    That's such an awful comparison...

    If the client was intentionally running a phishing website, and I have to agree with Tina that most phishing websites are the result of a compromised script, why the hell should you return their files?

    Willfully doing so, is probably illegal in itself given the nature of the crime.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  14. #14
    Join Date
    Jan 2005
    Location
    Minneapolis, MN
    Posts
    967
    If running a phishing site is against your TOS/AUP (I would sure hope it is) and your TOS/AUP says you reserve the right to cancel any account found in violation of said terms and that you are not responsible for their data, don't give them anything. This situation is exactly why you have those documents.

    But like Tina, in 8 years I've never seen someone upload a phishing site to their own web space, so I would suspect it's a compromised site.
    Doyle Lewis
    BuyHTTP Internet Services - In business since 2003
    Business Hosting | nginx, CloudLinux, Varnish cache, and CDP with every business account
    Shared, Reseller, Semi Dedicated, VPS, Cloud, Dedicated - We can grow with you

  15. #15
    Join Date
    Oct 2007
    Location
    United States
    Posts
    563
    Quote Originally Posted by Shaw Networks View Post
    Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime. Simiarly, if someone owed you a sum of money and declared they were not going to pay you back, you are not automatically given the right to steal their car to recoup your losses; you have to go through the courts.
    Thats a bad comparison. It's more like whether or not you should give a gun back to a serial killer who you just saw murder someone in cold blood...but theirs a plot twist: The guy had a twin brother who is a cop, and now your not sure who you should give the gun back to because you don't know if its a serial killer or the cop your giving it to. If it was me I would just hold on to the gun and run to the local authorities and let them argue over who gets the gun back
    eLief - Where your business matters.
    cPanel Hosting - Reseller Hosting - VPS - Dedicated Servers - Magento Specialists
    Celebrating over 4 years of providing quality hosting.
    cPanel/WHM - LiteSpeed - CloudFlare - R1Soft Backups - 15k Cheetah's - 24x7 Support eLief.com

  16. #16
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Quote Originally Posted by Handy Man View Post
    Thats a bad comparison. It's more like whether or not you should give a gun back to a serial killer who you just saw murder someone in cold blood...but theirs a plot twist: The guy had a twin brother who is a cop, and now your not sure who you should give the gun back to because you don't know if its a serial killer or the cop your giving it to. If it was me I would just hold on to the gun and run to the local authorities and let them argue over who gets the gun back
    Sounds like a M. Night Shyamalan film.
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  17. #17
    Join Date
    Dec 2007
    Posts
    271
    Quote Originally Posted by daejuanj View Post
    I agree with you ONLY if this wasn't a dedicated phishing script, because if it was, you should not give him the means to commit a crime by giving him the files back.

    if it was a dedicated phishing site I am pretty sure he already has the files since he uploaded them in the first place. If he is that worried about retrieving his files I still think he had a legitimate site. Someone that knowingly commited a crime would have cut his losses and went elsewhere.

  18. #18
    Join Date
    Feb 2006
    Posts
    466
    Quote Originally Posted by Shaw Networks View Post
    Of course you should give the files back to him, just because he committed a crime doesn't give you the right to commit a crime.
    My lawyer told me if someone is uploading illegal content to a server (such as a warez site) giving the files back to him would mean that I am supporting his crime for I am helping him to continue. Therefore from a legal point of view I would be breaking law by assisting someone to commit a crime.

    So you should be very very careful about giving someone illegal content back. It is really pretty much like giving a serial killer his gun back like someone said before me.

  19. #19
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    I'm going to go ahead and point out the obvious. Its probably a pretty sure bet that the customer was innocent and that he just had an exploited script. If this was the case (OP checked, right?) - why even cancel the account? A better route would have been to suspend the account, notify the customer and tell him to fix his script so that you can keep him as a loyal customer.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  20. #20
    Join Date
    Nov 2001
    Location
    Philadelphia, Pa
    Posts
    949
    But like Tina, in 8 years I've never seen someone upload a phishing site to their own web space, so I would suspect it's a compromised site.
    I've seen someone sign up, and intentionally use their space as a fileserver for warez. IP that ftp'd the content matched the ip that signed up. But I've never seen someone intentionally upload a phishing site. Like Tina, it's always been exploited sites.

  21. #21
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    Quote Originally Posted by derek.bodner View Post
    I've seen someone sign up, and intentionally use their space as a fileserver for warez. IP that ftp'd the content matched the ip that signed up. But I've never seen someone intentionally upload a phishing site. Like Tina, it's always been exploited sites.
    Yeah, kids like to upload warez and movies/music downloads. That's a given. But, that's quite a different issue. That group wouldn't know what to do with a bunch of info gathered via phishing.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  22. #22
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,190
    Quote Originally Posted by AH-Tina View Post
    ... suspend the account, notify the customer and tell him to fix his script ...
    SOP

    So, yeah. Give him his files back.
    There is no best host. There is only the host that's best for you.

  23. #23
    I never encountered anything like this. Never thought that the files were an exploit. I did back up the site just because. I probably jumped the gun but ...

    1. The guy was banned from DP because he was stealing 2 bucks from a bunch of people at DP with some affiliate scam.

    2. He replied to me canceling his account with this "your mom". That was his reply. Why didnt he plea with me?

    3. His next email was can I at least have my files back. So he still hadn't pleaded his innocence to this point.

    4. He never had an index file uploaded to his public_html folder. All the files were buried deep.

    I am going to take a look at the files and make sure he did or didnt upload the script before I give or dont give his files back.

    Thanks for everyones replies you all make excellent points.
    HostDogs.com
    Email: [email protected]
    MSN: [email protected]

  24. #24
    Join Date
    Apr 2005
    Location
    San Diego, CA
    Posts
    517
    I don't think you are legally obligated to give him the files back. I just hope you have a legal team.
    TWC, LLC - USA based w/ three teams behind us!
    We will beat any web development or design quote

    http://totalwebcentral.com/

  25. #25
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,190
    Quote Originally Posted by HostDogs View Post
    ...

    I am going to take a look at the files and make sure he did or didnt upload the script before I give or dont give his files back.

    Thanks for everyones replies you all make excellent points.
    Yup. I have seen one case where the phisher definitely was the customer. So, it 'can' happen.
    There is no best host. There is only the host that's best for you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •