> I guess the first step is to set up better monitoring services to prevent your system from being abused by even one bad apple.

I'd love to, but when you have the volume we do there are going to be false negatives. Bad apples will slip through. And if somebody slips through, we're vulnerable for getting blacklisted.

> If your paying customers are important to you, use a different system for them.

This is a very good plan. I'm definitely looking into that...

> I'd love to, but when you have the volume we do there are going to be false negatives. Bad apples will slip through. And if somebody slips through, we're vulnerable for getting blacklisted.

This doesn't mean you have to auto-ban people - but you could easily setup listings that you can quickly glance at to see what your monitoring found. If you are picking up too many false positives, then you can refine your monitoring. Yes - you can't prevent all of them, but once your system starts getting abused you have to assume that others will do it as well. Additionally, you could very well be losing money in service costs due to these people (I don't know your business model so it's just an assumption) - you want to protect that as well.

Right, that works really well for YouTube. The great problem that is created when one tries to apply rules in this way is that, look, big companies won't suffer, and small ones will unduly.

The internet is full of user-generated-content sites and the core objection to SOPA is that we cannot police every posting. We do not currently have a legal obligation to do anything other than respond to complaints.

Further, as a veteran of the hosting industry, I'm really disappointed in BlueHost for taking action against a paying customer's domain name. Be sure to read the SLA and TOS when you sign up for services.

I am against SOPA just like everyone else; however that does not mean we don't have a duty to police our own sites. In this case, someone misusing a service caused the whole service to suffer - including paying customers. This has nothing to do with SOPA but with making sure your business runs properly, and won't affect or cast a bad light on your service.

As for the disappointment at BlueHost - they should have probably let the customer know before taking action - but other than that I think they did the right thing. As a veteran of the hosting industry, if one of your customers wordpress blog was hacked and hosting a phishing site, would you not disable the site and let the customer know right away that they need to clear things up? That's just a random example, but any sane company will protect their servers via a TOS - if they didn't I would be quite concerned about the service they are offering. Just my $0.02 on this..

I'm sorry, DNS/Registration is NOT the same as an exploited website.

There is nothing intrinsically bad about DNS that it needs to be turned off; the OP has already said they were using different hosting.

BlueHost was in no way vulnerable, and in no way needed to protect itself, as the only traffic was DNS requests. GoDaddy tries to pull the same thing with disabling DNS[1].

I feel like we need a Chris Crocker video about DNS systems this month.

1: http://en.wikipedia.org/wiki/Go_Daddy#Suspension_of_Seclists...

You are correct - this is different since they were only providing DNS, too many hours had passed when I replied that I forgot that part of the story.

Excellent point about that. You could always break up free users into a different domain than paying, and even break those up further from there.

Not pretty, but it would help ensure against it.