Acceptable Use Policy

1.Why this exists

Shared hosting is — literally — shared. Hundreds of accounts run on a single physical server. One account hosting malware, sending bulk spam, or running an out-of-control script can degrade the experience for everyone else, get the server's IPs blacklisted, or attract legal complaints to our datacenter.

This AUP draws clear lines so we can act quickly when needed, and so honest customers don't pay (in performance or downtime) for someone else's misuse.

2.Prohibited content

You must not use our service to host, store, distribute, or link to:

• Child sexual abuse material (CSAM). This is reported to authorities and the account is terminated immediately and permanently.
• Malware, ransomware, exploit kits, phishing pages, command-and-control panels, credential stealers, or any tool designed to harm or compromise other systems.
• Pirated software, films, music, books, courses, fonts, or any material distributed in violation of copyright (including warez forums, illegal IPTV/streaming services, cracked-software directories).
• Content that is unlawful under applicable law — including content lawful authorities have ordered taken down.
• Content that incites violence, hatred, or discrimination on the basis of religion, ethnicity, gender, or sexual orientation.
• Personal data dumps, leaked credentials, or doxing material.
• Sexually explicit content involving real persons without their verified, freely given consent.

3.Prohibited activity

You must not, from your account or your application:

• Send unsolicited bulk email (spam) of any kind. See §4.
• Run port scans, vulnerability scans, brute-force tools, or denial-of-service tools against any system you don't own — or against systems you do own without explicit written authorisation.
• Use the server as an open proxy, anonymiser, public VPN endpoint, TOR exit node, or open mail relay.
• Host cryptocurrency miners, traffic-exchange scripts, ad-injection networks, or any service whose primary purpose is to consume disproportionate CPU/network for non-website use.
• Run public file-sharing / file-locker services, public Pastebin clones, or public shorteners that aren't tied to your own brand.
• Operate Ponzi/pyramid schemes, HYIP sites, or fraudulent investment platforms.
• Operate online gambling/betting services unless you hold a valid licence from a recognised authority and have disclosed this to us in writing.
• Impersonate another person or organisation (including for phishing, fake support pages, or fake government portals).
• Attempt to escalate privileges, escape the CloudLinux account boundary, or read another customer's data.

4.Email & anti-spam

• Every recipient on your mailing list must have opted in. Purchased lists, scraped lists, “business directory” lists, and database leaks are all considered spam — even if the offer is legitimate.
• Every marketing email must include a working unsubscribe link and your real sender identity.
• Outbound email is rate-limited to 500 messages per hour per shared hosting account. Higher-volume senders should use a dedicated transactional email provider (Amazon SES, Postmark, Mailgun, etc.) and configure SPF/DKIM/DMARC for their domain.
• If our outbound IP is blacklisted because of email sent from your account, we may suspend outbound mail from that account until you remediate.

5.Resource fairness

Each plan has CPU, RAM, I/O, and process-count limits enforced by CloudLinux. These are documented on the plan page. We don't oversell beyond what these limits allow.

If your account regularly hits its limits and degrades performance for other accounts on the server, we'll contact you and one of these will happen:

• You optimise the application (caching, query tuning, cron consolidation).
• You upgrade to a plan with higher limits.
• You move to a VPS or dedicated server — either with us when we offer them, or another provider.

We don't suspend accounts for hitting CloudLinux limits in normal operation; throttling handles that automatically. We do contact (and, if unanswered, restrict) accounts whose pattern is harmful to others.

6.Security obligations

• Keep your CMS (WordPress, Joomla, etc.), themes, and plugins up to date. Out-of-date software is the #1 cause of compromise on shared hosting.
• Use strong, unique passwords for cPanel, FTP, email, and your database.
• If we notify you that your site is compromised, you have 72 hours to remediate or take it offline. After that we may suspend the account to protect the server.
• Do not store unencrypted credit card data on shared hosting. PCI-regulated workloads belong on a compliant environment, not here.

7.Enforcement

When we receive a complaint or detect a violation, this is what usually happens:

1. We investigate. If it's a false positive, we close the case and tell you.
2. If it's a fixable issue (out-of-date plugin, leaked password, misconfigured form), we email you with what we found, what to do, and a deadline.
3. If it's a severe issue (active malware, live phishing page, ongoing DDoS source, CSAM, court order), we suspend the affected file/site/account immediately and contact you afterwards.
4. Repeated or wilful violations result in account termination. Refunds in this case are governed by §9 of the Refund Policy.

8.Reporting abuse

If you believe a site we host is violating this policy, send the URL and a brief description to:

We acknowledge abuse reports within 1 working day and act on them within 72 hours for non-urgent matters, faster for urgent ones.