Hi Max,
On Sat, Feb 18, 2012 at 04:14:16AM -0800, Max B wrote:
Which leads me to ask some questions of this list:
1) Do I have a duty in law to maintain a phishbot-virus-free VPS?
I don't think I've ever heard of a sysadmin being prosecuted for
being incompetent, but I suppose it is theoretically possible.
is extremely rare.
I read a news story recently where the estate of a person that
committed suicide by jumping in front of a train was successfully
sued for negligence by a bystander who was hit and injured by the
dead person's body parts. Since that actually happened, I would
hesitate to say "absolutely not" to the question of if a sysadmin
can be sued if one of their servers does some damage to someone.
More pertinently you have a contractual obligation with us to
maintain your service and not (allow your VPS to) engage in any
abusive activity.
2) Can a mandamus order shut down an innocent VPS
owner whose server hosts a phishbot virus?
I don't know what one of those is, but realistically BitFolk, once
presented with evidence of abusive activity, which a customer was
unable to identify/explain/fix, would terminate their service a long
time before the processes of law got around to having a say on the
matter.
This is a good thing because unfortunately trying to bring the law
to bear on an Internet miscreant, especially one in another country,
doesn't tend to work very well unless you are a huge corporation.
Law enforcement for the most part are not interested.
3) Has a bitfolk VPS owner ever been targetted by
phishbots? If so, what were the symptoms and what were the ramifications?
Customer VPSes are compromised all the time and used to send out
phishing emails, phishing blog comments, participate in denial of
service attacks on other people, do SSH dictionary attacks, host
fake phishing web sites, and so on. I wouldn't say people are
targeted — people are compromised by widespread scanning for known
exploits and weak passwords.
The abusive activity is either reported to us by third parties, or
else is detected by us, and then we diable the VPS's network and ask
the customer to investigate. Customers that are unable to get to the
bottom of the problem are let go.
We've never had a victim of an attack from one of our customers
threaten legal action against us or the customer but I suppose it is
theoretically possible. It seems unlikely to happen since we would
do the best we could to curtail the activity as soon as possible, so
it would be hard to argue that we'd ever acted negligently. I'd
rather that no one try to test this non-legal-professional theory
though!
Contact from law enforcement or third party's legal representatives
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting