Acceptable Use Policy

01Purpose

This Acceptable Use Policy ("AUP") sets out activities and content that are not permitted on infrastructure operated by Onehostplanet s.r.o. ("hostfory"). It is part of, and incorporated by reference into, the Terms of Service.

The AUP exists to keep our network stable, our IP space clean, and our customers protected. We aim to be one of the most permissive providers in Europe — but a small set of activities are non-negotiable.

02Illegal content & activity

You may not use the services for any activity illegal under Czech law, European Union law, or international treaties applicable to your jurisdiction or ours. This includes, without limitation:

• Material depicting child sexual abuse (CSAM) — zero tolerance, immediate termination, mandatory reporting.
• Content inciting terrorism, genocide, or large-scale violence.
• Trafficking of humans, weapons, or controlled substances.
• Fraud, identity theft, or financial crime.
• Distribution of state secrets or classified material.

03Network abuse

The following network activities are prohibited regardless of target:

• Originating or knowingly participating in DDoS, DoS, or amplification attacks.
• Operating open recursive DNS resolvers, open NTP, open SNMP, open Memcached, or any service known to be abusable for amplification.
• Port scanning, vulnerability scanning, or brute-force attempts against systems you do not own and are not contractually authorized to test.
• BGP hijacking, route leaks, IP spoofing, or announcement of prefixes you do not own or have not been authorized to announce.
• Operating residential or open proxies designed to obscure attacker traffic.
• Launching coordinated automated traffic that imitates organic users to manipulate ad networks, search rankings or social-media metrics.

04Email & messaging

Outbound mail must comply with all applicable anti-spam law (Directive 2002/58/EC, CAN-SPAM Act, etc.). Specifically:

• You must have verifiable opt-in consent from every recipient.
• You must implement working unsubscribe, bounce handling, and complaint feedback loops.
• SPF, DKIM and DMARC alignment is mandatory for any production mail traffic.
• Bulk mail is prohibited from shared IP ranges and must be requested in writing for dedicated ranges.
• SMS spam, robocalls, automated push spam and fake-account messaging on third-party platforms are prohibited.

Repeated complaints (Spamhaus, SORBS, UCEPROTECT, ESP feedback loops) are grounds for immediate suspension.

05Security & malicious code

You may not host, distribute, command-and-control, or knowingly facilitate:

• Malware, ransomware, spyware, keyloggers or rootkits.
• Phishing pages, fake banking portals, or credential-harvesting kits.
• Botnet C2 servers, infostealer endpoints, RAT panels.
• Exploit kits, drive-by-download landing pages, or browser-hijack toolkits.
• Stolen databases, credentials dumps or "combo lists".

Security research is permitted, including penetration testing of systems you own or are explicitly authorized to test. We expect responsible disclosure practices.

06Intellectual property

You may not host, distribute or facilitate access to material that infringes copyright, trademark, patent or trade-secret rights. We respond to legitimate notices submitted to abuse@hostfory.com and follow a notice-and-action procedure consistent with the EU Digital Services Act.

Bad-faith, automated or fraudulent takedown requests will be challenged on behalf of our customers.

07Resource usage

Plans are sold with stated bandwidth, storage and compute resources. Use within those limits is unrestricted. Sustained use that materially degrades shared infrastructure, despite documented limits, may result in throttling or relocation to dedicated capacity.

• VPS plans share underlying CPU, disk and network capacity. Sustained 100% utilization across all cores for extended periods is grounds for an upgrade conversation.
• Unmetered ports on dedicated servers are unmetered — but the rated port speed is the cap, not a guarantee against shared-uplink contention.
• Inbound traffic, including DDoS targeting your IPs, counts toward port utilization. We provide DDoS protection by default; "absorption mode" without protection is not a service we offer.

08Prohibited content categories

The following are not permitted on hostfory infrastructure regardless of legality in any jurisdiction:

• CSAM and any sexualized content involving minors — zero tolerance.
• Non-consensual intimate imagery ("revenge porn").
• Content that endangers identifiable individuals (doxing, swatting coordination).
• Public-facing crypto-mixing or sanctions-evasion services.
• Operating darknet marketplaces dealing in illegal goods.
• Content explicitly glorifying mass-casualty attacks or their perpetrators.

09Reporting abuse

Send abuse reports to abuse@hostfory.com. Include:

• The IP address or domain involved.
• Timestamps in UTC with timezone offset.
• Log excerpts, headers or other evidence.
• The category of abuse (spam, malware, phishing, copyright, illegal content, network attack).

Acknowledgement is automated and immediate. Initial human review of legitimate, well-formed reports is within 1 business hour. Critical reports (active attacks, CSAM) are handled 24/7.

10Enforcement

Depending on severity and history, we apply graduated responses:

• Notice — for a first, minor, isolated infraction (e.g. a single misconfigured open service).
• Suspension — for a confirmed AUP violation that has not been remediated, or where harm is ongoing.
• Termination — for severe, repeated, or non-remediable violations.
• Immediate null-route or shut-down — for active outbound attacks, CSAM, or imminent network harm. No prior notice.

Customers may appeal enforcement actions in writing. Appeals are reviewed by a senior engineer not involved in the original decision.

11Law-enforcement cooperation

We cooperate with valid legal orders from competent authorities in the Czech Republic and the European Union. We require:

• A formal written request signed by an authorized officer.
• Specific identification of the data, account or IP in question.
• Legal basis under Czech or EU law, including reference to the relevant statute.

We do not provide bulk or speculative data dumps. We push back on overbroad requests. Where the law permits, we notify affected customers before disclosing their data.