To clear up some confusion:
The account in question was found because it was bringing the Apache service down due to too many connections downloading the same ~300 meg executable files simultaneously. The tech who was working on the server status at that time brought it to my attention and said that upon downloading the files they appeared to be a cracked game.
The subdomain the files were hosted under contained no files except “setup.exe” and “visasetup.exe.zip”. No HTML, text, or any other files explaining what the files might contain. Initially due to one of the file names including visa, as well as the subdomain itself including “visa”, phishing/fraud was suspected. The 300 meg size of the files made this incredibly unlikely, so we downloaded and scanned them for viruses. When that turned up empty, the tech who originally came across the Apache service looked at the .cab file for the executable and determined that it looked like a cracked game. I don’t run Windows, so I couldn’t examine it myself, and believed their observation to be probable due to the suspicious nature of the subdomain, and the hundreds of connections downloading the file very common for Warez sites).
I have determined that my judgement was made in error, and I have accordingly apologized to the account owner. The account was reactivated the same day it was disabled, when I checked my email before heading to bed that evening and determined that their claim seemed plausible. The files were reviewed again yesterday (when I was able to access a Windows PC) and the account owner was written this morning to let them know it’s all clear and they may resume distributing the files.
That said, I strongly recommend to anyone reading this to not create empty directories under otherwise-empty subdomains and plop large executable files in them with generic names such as “setup.exe” without some sort of indication as to what the files contain. This particular incident could have been avoided had there been an associated web page accompanying the files, a text file explaining the file contents, or even a hidden file called “.DREAMHOST_README” explaining the file contents.
I do acknowledge that this particular case should have been handled more thoroughly, and that will be something I keep in mind in the future. I would like to publicly apologize again to the account owner in question (OP) for my mistake, and thank them for their patience and understanding while this was resolved.
As for this case’s perceived implications to everyone else – we almost always write folks about copyright concerns before taking action, except in the most egregious cases. This case was simply judged mistakenly. On the whole, unless you’re hosting Warez you have nothing to worry about. If you’re hosting files that you think we might suspect to be Warez, just ensure that the domain they are hosted under pertains to the files (ie: we certainly would view it reasonable to host game mod .exe files under a domain that has a web page about a game mod) and, preferrably, that the file names pertain to what the file contains, rather than something generic like “setup.exe”. If you want to be extra careful, create a hidden file called “.DREAMHOST_README” in the same directory with some text clarifying the files’ purpose. Any of these measures should prevent a situation like occurred here, as we do generally give people the benefit of the doubt.
DreamHost Abuse Team