[opendais]

So you shutdown the VM due to what appears to be a compromise. That is typical host behavior at least.

Locking the user out of their account seems...odd, tho. I've never had that happen, personally, at any host.

[csomar]

Maybe Ben can explain what "locking" an account is actually is. If the customer did, in fact, break the TOS, I think it's logical to lock his account.

[toomuchtodo]

Locking the account should put it in a read-only mode. No changes to your DNS, no ability to start the droplet back up, firewall rules put in place at the hypervisor/network layer that block outbound traffic, but still allows you inbound access.

[opendais]

That would be ideal. Its sounds like it was more than preventing changes to the account information tho.