Spammed Account HOWTO
    What to do if someone notifies you that an account has been spammed

1. Verify that the account is, indeed, spammed.  If there is active
exploit code living in their web_scripts, this is not a spammed
account, this is a hacked account.  Go to hacked-account-howto.txt

2. Place the mitnet-htaccess.txt file as .htaccess file in the hacked
directory, replacing the name and date with your name and date.

3. Notify the complaining party that the website has been disabled:

Hello,

We have disabled access to the website, which appears to have been
compromised, and notified the account owner.

Thanks,
The scripts.mit.edu team

4. Notify the owner of the locker that their website has been
spammed and blocked from external access. Do this by creating a new
blank ticket with that user as the Requestor with status waiting for
User Reply, and then posting a "Reply to requestors" comment with the
following contents:

Hello,

It has come to our attention that your website has been overrun with spam:

    OFFENDING URL HERE

We have accordingly disabled off-campus access to your website. Please
clean up your compromised account, upgrade your software, and notify us
when you have done so so we can restore off-campus access. Please let us
know if you need any assistance in doing so.

Thanks,
The scripts.mit.edu team