I have no problem with the hosting company suspending the account until the problem is resolved.
Where things get tricky (and you've said this before, Rudi) - often the client doesn't have the skills to identify what is causing the problem, or to resolve the problem, and at times doesn't have access to the tools needed either.
Just how far do you go as the hosting company to help resolve the problem?
Well, if the client is on "supported hosting", I think you need to do what it takes to secure the site. Not patch the code, perhaps, but identify the user profile that's been hacked / shut down email sending / change insecure folder write and execute permissions...
I had a redundant sub-account hacked earlier this year on an overseas server. The hosting company identified the hacked profile, disabled the user, and sent me an email telling me what they had done. In this case I simply deleted the user profile as the site had been moved elsewhere.
Obviously there are a number of potential scenarios. I suggest as a bare minimum, the host should bundle the site into a backup that is made available to the client to download. Just deleting the whole account (even if the onus is on the client to maintain their own backups) simply isn't on i.m.o.
Did you like this article? Share it with your favourite social network.