To who sell virtual hosting services, how do you deal with customers who had wordpress, joomla, etc CMS sites compromised? Usually those sites get filed modified, send spam and sometime have some php tools to browse files on server. We have all accounts restrictes so we do not have mayor risks, out biggest problem is the spam those scripts send. When we detect this i usually clean the site and the customer never knows. Now we want to let the customer clean his mess and we don't know how to deal with it, i mean if we suspend the account the customer can't access to clean. How do you do this this problem?