Acceptable Use Policy

Q: What does the Acceptable Use Policy cover?

The AUP applies to all services including VPS, dedicated resources, storage, backups, network, IP addresses and management layers. The goal is stability, security and compliance for all accounts.

Q: What consequences does a person face when they break the rules which the organization has established through its policy?

The level of severity in violations will determine the enforcement actions which may include rate limiting and port blocking and VPS quarantine and temporary suspension or immediate termination. The organization needs to take immediate action when an acute risk occurs even though it does not provide any warning before taking the action.

Q: How do I report abuse?

Send reports to abuse@buyvps.net. The system requires IP address information together with timestamp data and timezone details and log records and a short description for implementation.

Q: Can I appeal a suspension?

Yes. You can submit a request for review. The document requires technical information which includes a list of fixed issues together with their corresponding timestamps and system configurations and an explanation of how the system should be used.

Q: The law enables crypto mining operations to start their operations.

Crypto mining or proof-of-work mining on shared nodes is generally prohibited. Allowed forms are defined in the product terms.

Rules for stability, security and compliance across all VPS plans, storage, network and management layers.

Contact Report abuse

Scope

Scope and Definitions

The Acceptable Use Policy applies to all current services which users have access to. This includes VPS, dedicated resources, storage, backups, network, IP addresses and management layers. The goal is stability, security and compliance for all accounts.

Services: All systems, networks, software and interfaces that are part of the platform.

Account: Any subscription, user, API key, token and sub-user.

Content: Data, code, logs, images, containers, databases and traffic.

Services

Account

Content

Rules

Basic Rules

The system functions under all laws which control the relevant jurisdictions.
The platform and network and third parties must remain free from any activities which cause damage.
The account remains responsible for actions of users, integrations and automated processes.
Access, credentials and keys remain protected. The system needs to resolve all insecure configuration issues right away.

Prohibited

Prohibited Activities

The following activities are not allowed on BuyVPS infrastructure.

Illegal content and trade

Content that is illegal in the hosting location or the user location.
Trade in stolen data, stolen accounts, carding, phishing kits or similar fraud.
Exploitation of minors. The system triggers blocking and reporting procedures which become active right away when necessary.

Malware and unauthorized access

Malware, ransomware, botnets, keyloggers, droppers and exploit kits.
The system faces three types of security threats which include unauthorized entry attempts and privilege elevation and unauthorized access to other network systems.
The attackers used four different methods to launch their attack which included Hostname spoofing and ARP spoofing and BGP abuse and routing manipulation.

Network abuse

DDoS, reflection, amplification or participation in DDoS networks.
The execution of port scans and vulnerability scans and brute force and exploit scans requires the target to provide explicit permission.
Open proxies, open relays or services that facilitate abuse.

Spam and messaging abuse

Unsolicited email, bulk mail without valid opt-in or misleading headers.
SMS, push or messaging spam via hosted tools.
Lead scraping with abuse towards third parties.

Resource abuse and platform impact

Workloads that pull disproportionate I/O, CPU, RAM or network due to misconfiguration.
Infinite loops, fork bombs or traffic that causes congestion.
Crypto mining or proof-of-work mining on shared nodes or where explicitly forbidden in the plan. Allowed forms are defined in the product terms.

Content that structurally creates risk

Public download mirrors which have not received prior coordination pose a high risk of being abused.
Bulletproof hosting claims or knowingly facilitates abuse.

Email and Deliverability Requirements

For SMTP and email services there are extra requirements:

SPF, DKIM and DMARC must be correctly configured.
The system needs Reverse DNS functionality to fulfill its operational requirements as specified.
The system requires proper operation of its bounce handling system and its unsubscribe functionality.
The system enforces restrictions or termination of service when abuse complaints reach or exceed the established threshold.

Security

Security Requirements

The system needs both operating system updates and critical package updates to operate correctly.
Organizations need to activate 2FA protection for all remote management operations when they possess this security functionality.
All non-required ports and services need to be disabled.
Access to admin panels must be protected with IP allowlisting or VPN where appropriate.
Logs and monitoring must be in place for forensics in case of incidents.

See our Security Policy for infrastructure-level security.

IP Addresses and Reputation

The detection of abuse on our network IP addresses will create two major problems which affect routing operations and lead to blacklisting occurrences.
In case of abuse an IP can be blocked immediately.
In case of structural abuse the IP can be revoked.
The process of reputation recovery needs organizations to perform configuration audits as part of their recovery efforts.

Reporting

Abuse Reports and Investigation

Reports are investigated on the basis of logs, network data and system signals. The system requires additional evidence when it fails to recognize what is taking place in a particular situation. Security tests need authorization proof which can be shown through headers or permission documents that the target organization needs to supply.

The website enables users to submit their reports through an abuse channel which they should use for this purpose. Preferably include IP, timestamp, timezone, logs and a brief explanation. The process becomes faster because of this method.

abuse@buyvps.net

Enforcement

The level of enforcement activities depends on two factors which include the seriousness of the situation and its need for immediate action.

Rate limiting or temporary network filters.
Blocking of ports or protocols.
Quarantine of a VPS or container.
Temporary suspension of an account.
The organization needs to terminate all staff members who break company policies to the most severe extent.

In case of acute risk, immediate action may be taken. The system can activate without any previous indication.

1 2 3

Evidence

Data and Evidence

Where possible, evidence is recorded. This includes timestamps, IPs, flow data and relevant logs. The organization needs to establish data retention practices which fulfill all necessary legal requirements and established policies.

Recovery

Recovery and Reactivation

The process of reactivation happens when:

The platform must remove all prohibited content and services from its platform.
Patching and hardening.
Rotation of keys and passwords.
Demonstrable measures to prevent recurrence.

Appeals

A request for review can be submitted when dealing with a measure. Include technical details. Examples:

Change log of fixes
Timestamps
Relevant configuration
Statement of intended use

Legal

External Requests and Legal Claims

The system will run commands based on authorized official requests which need proper submission through their designated channels. The system needs to remove content right away while blocking all access for both notice-and-takedown and copyright infringement cases.

Policy

Changes

This policy may be updated. The new regulations became effective when they first appeared in print. The current state of operations needs to achieve compliance through a timeframe which the authorities will determine as appropriate.

View plans Contact

Contact

Contact for Abuse

abuse@buyvps.net

Contact page

Common questions

Acceptable Use Policy

The most important questions about what is allowed and what is not on BuyVPS infrastructure.

What does the Acceptable Use Policy cover?

What consequences does a person face when they break the rules which the organization has established through its policy?

How do I report abuse?

Can I appeal a suspension?

The law enables crypto mining operations to start their operations.