Benchmarked faster than DigitalOcean, Vultr & OVH. Your price never rises at renewal. See the numbers Benchmarked #1. No renewal hikes. See the numbers
Skip to content
Legal, Acceptable use

Acceptable Use Policy

Stability, security and compliance rules apply to all plans, storage, network and management.

Scope and Definitions

The Acceptable Use Policy applies to all current services which users have access to. This includes VPS, dedicated resources, storage, backups, network, IP addresses and management layers. The goal is stability, security and compliance for all accounts.

Services: All systems, networks, software and interfaces that are part of the platform.

Account: Any subscription, user, API key, token and sub-user.

Content: Data, code, logs, images, containers, databases and traffic.

Basic Rules

  • The system functions under all laws which control the relevant jurisdictions.
  • The platform and network and third parties must remain free from any activities which cause damage.
  • The account remains responsible for actions of users, integrations and automated processes.
  • Access, credentials and keys remain protected. The system needs to resolve all insecure configuration issues right away.

Prohibited Activities

The following activities are not allowed on BuyVPS infrastructure.

Illegal content and trade

  • Content that is illegal in the hosting location or the user location.
  • Trade in stolen data, stolen accounts, carding, phishing kits or similar fraud.
  • Exploitation of minors. This case will be blocked and reported immediately as required.

Malware and unauthorized access

  • Malware, ransomware, botnets, keyloggers, droppers and exploit kits.
  • The system faces three types of security threats which include unauthorized entry attempts and privilege elevation and unauthorized access to other network systems.
  • The attackers used four different methods to launch their attack which included Hostname spoofing and ARP spoofing and BGP abuse and routing manipulation.

Network abuse

  • DDoS, reflection, amplification or participation in DDoS networks.
  • The execution of port scans and vulnerability scans and brute force and exploit scans requires the target to provide explicit permission.
  • Open proxies, open relays or services that facilitate abuse.

Spam and messaging abuse

  • Unsolicited email, bulk mail without valid opt-in or misleading headers.
  • SMS, push or messaging spam via hosted tools.
  • Lead scraping with abuse towards third parties.

Resource abuse and platform impact

  • Workloads that pull disproportionate I/O, CPU, RAM or network due to misconfiguration.
  • Infinite loops, fork bombs or traffic that causes congestion.
  • Crypto mining or proof-of-work mining on shared nodes or where explicitly forbidden in the plan. Allowed forms are defined in the product terms.

Content that structurally creates risk

  • Public download mirrors which have not received prior coordination pose a high risk of being abused.
  • Bulletproof hosting claims or knowingly facilitates abuse.

Email and Deliverability Requirements

For SMTP and email services there are extra requirements:

  • SPF, DKIM and DMARC must be correctly configured.
  • Reverse DNS functionality is required to meet the operational requirements of the system.
  • The system requires proper operation of its bounce handling system and its unsubscribe functionality.
  • Restrict or terminate service when number of abuse complaints reach or exceed a certain number.

Security Requirements

  • The system needs both operating system updates and critical package updates to operate correctly.
  • For all remote management access and functionality that an organization supports, and for which it has implemented security, 2FA protection must be activated.
  • All non-required ports and services need to be disabled.
  • Admin panels for access should be IP allowlisted, or accessed via VPN as appropriate.
  • Logs and monitoring for incident forensics.

See our Security Policy for infrastructure-level security.

IP Addresses and Reputation

  • Detecting abuse on our network IP addresses will create two big problems for us. The first problem is related to routing, the second one is a blacklisting.
  • In case of abuse an IP can be blocked immediately.
  • In case of structural abuse the IP can be revoked.
  • The process of reputation recovery needs organizations to perform configuration audits as part of their recovery efforts.

Abuse Reports and Investigation

Reports are investigated on the basis of logs, network data and system signals. The system requires additional evidence when it fails to recognize what is taking place in a particular situation. Security tests need authorization proof which can be shown through headers or permission documents that the target organization needs to supply.

The website enables users to submit their reports through an abuse channel which they should use for this purpose. Preferably include IP, timestamp, timezone, logs and a brief explanation. The process becomes faster because of this method.

Enforcement

The level of enforcement activities depends on two factors which include the seriousness of the situation and its need for immediate action.

  • Rate limiting or temporary network filters.
  • Blocking of ports or protocols.
  • Quarantine of a VPS or container.
  • Temporary suspension of an account.
  • The organization needs to terminate all staff members who break company policies to the most severe extent.

In case of acute risk, immediate action may be taken. The system can activate without any previous indication.

Data and Evidence

Where possible, evidence is recorded. This includes timestamps, IPs, flow data and relevant logs. The organization needs to establish data retention practices which fulfill all necessary legal requirements and established policies.

Recovery and Reactivation

The process of reactivation happens when:

  • The platform must remove all prohibited content and services from its platform.
  • Patching and hardening.
  • Rotation of keys and passwords.
  • Demonstrable measures to prevent recurrence.

Appeals

A request for review can be submitted when dealing with a measure. Include technical details. Examples:

  • Change log of fixes
  • Timestamps
  • Relevant configuration
  • Statement of intended use

External Requests and Legal Claims

The system will run commands based on authorized official requests which need proper submission through their designated channels. The system needs to remove content right away while blocking all access for both notice-and-takedown and copyright infringement cases.

Changes

This policy may be updated. The new regulations became effective when they first appeared in print. The current state of operations needs to achieve compliance through a timeframe which the authorities will determine as appropriate.

Contact for Abuse

The website enables users to submit their reports through an abuse channel which they should use for this purpose. Preferably include IP, timestamp, timezone, logs and a brief explanation. The system lets users detect problems quickly while offering them methods to resolve these problems.

Acceptable Use Policy

The most important questions about what is allowed and what is not on BuyVPS infrastructure.