[edwincheese]

I think everyone agreed on that the service provide have to investigate and take action on any abuse claim. But what is questioning now is that is it reasonable to shutdown a suspect case of abuse without giving time for the service provider to investigate and respond to this case?

[mtigas]

According to http://archive.nyu.edu/bitstream/2451/15020/2/Infosec+BOOK_T... “experimental studies have shown that the bulk of victim credentials are collected within 24 hours of mailing the bait messages.”

Once a phishing form is “in the wild,” every minute counts.

The burden is on the service (your site) to prevent or quickly act to rectify a situation, but if your provider determines that it must intervene, then it is well within it's right to.

[nl]

is it reasonable to shutdown a suspect case of abuse without giving time for the service provider to investigate and respond to this case?

Yes, if there are enough complaints and harm that may come from it is serious enough.

[chopsueyar]

So, the writer of the article had one complaint. The forms cannot take passwords.

A second complaint, without any investigation, would result in the termination of his account and destruction of data.

That is not reasonable.

[epochwolf]

> So, the writer of the article had one complaint. The forms cannot take passwords.

We don't know this. We have no idea how many complaints rackspace has against this guy. It could be one or it could be dozens.