The AUP is a description of the types of activities that are not allowed on Hetzner’s network and as such forms part of Our Hosting Terms.
Hetzner reserves the right to require changes or disable, as necessary, any website, account, database, or other component that does not comply with its established policies, or to make any such modifications in an emergency at its sole discretion. To meet the changing needs of our customers, our business, the Internet environment and the legal landscape, this AUP may be revised at any time and we encourage our customers to review this AUP regularly.
If you feel you have discovered a violation of any area of our AUP please report it to: firstname.lastname@example.org
SPAM and Unsolicited Email
Last updated: January 2013.Sending unsolicited commercial communication (including, but not limited to email, instant messaging, SMS, chat rooms, discussion boards and newsgroups) is not permitted via Hetzner’s network.
Regardless of how the recipient’s email address was acquired, if email communication was not explicitly requested or consented to by the recipient or if the recipient would not expect to receive it as a result of an existing relationship, the communication is considered unsolicited (this applies to communication sent to both personal email addresses and company email addresses e.g. email@example.com). Email communication that does not clearly originate from a consensual sender or which appears to come from a 3rd party or affiliate is considered unsolicited.
Examples of unsolicited communication:
- Purchased mailing lists, “safe lists” and harvesting of email addresses, where the users of those email addresses have not explicitly agreed to receive communication from a specified consensual sender is considered unsolicited.
Sending emails where the recipient must opt-out of receiving further emails that they didn’t originally request is considered unsolicited.
Sending a once-off invitation to receive further information, which was not explicitly requested or consented to by the recipient is considered unsolicited.
Email communication to a mailing list including addresses of unwilling recipients or a recipient who has indicated that they wish to be removed from such list, yet continues to receive unwanted emails after a reasonable period, is considered unsolicited.
- Mailing list operators should maintain meaningful records of recipient requests and their consent to receive said email communications. There should also be an option for the recipient to unsubscribe from receiving further email communications.
- When Hetzner receives a spam complaint, in order to establish if the communication was unsolicited, we may ask you to verify whether the recipient agreed to receive communications from you and if so, when and where you recorded their email address.
- Hetzner reserves the right to suspend or terminate the account of any user who sends out unsolicited email otherwise known as Spam with or without notice in accordance with its General Terms and Conditions.
- As a Hetzner customer, should you infringe this policy, you will be held liable for any costs incurred by Hetzner, both monetary and in reputation. Hetzner reserves the right to charge the customer of the account used to send any unsolicited email a clean-up fee or any charges incurred for blacklist removal. This cost of the clean-up fee is entirely at the discretion of Hetzner.
- The use of any other service for the purposes of sending SPAM with any reference to Hetzner services (including but not limited to mailboxes, autoresponders, and Web pages), will also be grounds for suspension/termination as described above. If your website was compromised and exploited for the purpose of sending unsolicited communications, Hetzner will be more lenient in resolving the issue. However, repeat exploitations of the same website and/or customer account would be grounds for suspension/termination.
For further information, please read our FAQ on Spam Abuse
Back to top
Last updated: May 2011.
Back to top
- Hetzner does not allow any of the following content or links to such content, to be published on its Hosting Systems:
- Content of a pornographic, sexually explicit or violent nature.
- “Hate” sites or content that could be reasonably considered as discriminatory in any way including by way of sex, race or age discrimination.
- Content of an illegal nature (including stolen copyrighted material).
- Content that is defamatory or violates a person’s privacy.
- Content that involves theft, fraud, drug-trafficking, money laundering or terrorism.
- Pirated software sites.
- Illegal gambling sites.
- If Hetzner in its sole discretion determines that any customer content violates any law, including the Film and Publications Act, 65 of 1966 or this policy, it may:
- Request the customer to immediately remove such content; and/or
- Require the customer to modify such content; and/or
- Without notice, suspend or terminate access to any services; and/or
- Without notice, delete the offending content; and/or
- Notify the relevant authorities of the existence of such content (if required by law or otherwise), make any backup, archive or other copies of such material as may be required by such authorities, disclose such elements of the customer’s data as may be requested by the authorities and take such further steps as may be required by such authorities.
Misuse of account features
Last updated: July 2011.
Back to top
- Operating any service which makes an account feature available to third parties for any use other than normal access to that account’s Web site is forbidden. Operating any service which enables or assists anonymous or abusive behaviour by third parties is forbidden. Operating any service which affects the stability or reliability of any Hetzner server or network component, impacts other users or the company negatively, or degrades quality of service is forbidden. All account features are to be used solely in order to develop and implement the Web site(s) associated with that account.
- Reselling Multiple Domains on Hetzner’s Web Hosting packages to a third party is not allowed. Multiple Domains are to be used solely for the Profile Owner’s own websites.
Shared Systems and Resource Usage
Last updated: August 2012.
Customers hosting on our shared environment may not use any shared system provided by Hetzner in a way that interferes with the normal operation of the shared system, or that consumes a disproportionate share of the system’s resources. For example, excessive server hits, excessive bandwidth usage, excessive disk usage, inefficient scripts or database queries may compromise other users of the shared hosting environment. Hetzner is authorised to suspend a user’s account should it be found that excessive resource usage is negatively impacting on other customers of our shared hosting environment. In most cases, the examples below do not apply to Hetzner Dedicated servers.
Back to top
- Users may not, through a cron job, CGI script, interactive command, or any other means, initiate the following on Hetzner’s shared servers:
- Run any process that requires more than 50MB of memory space.
- Run any program that requires more than 30 CPU seconds.
- Run more than 10 simultaneous processes.
- Send out mail to more than 500 recipients (email addresses) within one hour. 500 recipients represent one of the following: 500 recipients for one email, 500 individual emails or a combination of the two.
- Send or receive, through mail, any file larger than 20MB.
- Should we discover that a customer is performing bulk mail runs on our shared systems that exceeds the limit communicated in 4.1.4 above, regardless of whether it constitutes SPAM or not, Hetzner will deactivate the user’s account.
- Custom server-side CGI scripts are to be run only by users with the appropriate package types (in Hetzner’s case the Web Hosting Basic package or higher). No user may run CGI scripts for the benefit of external sites or services. The use of system resource limits is intended to prevent runaway CGI scripts on an unattended server. Also, processes with large memory footprints or hungry CPU requirements will incur swapping and other slowdowns that cause problems for every site on the server.
- Interactive Web applications, commonly known as “chat”, are not allowed on Hetzner’s shared systems. These applications are better placed on dedicated servers.
- MySQL databases are provided to users of the Web Hosting Basic package and higher:
- Each qualifying individual package is limited to the allocated quota as published in the product matrix.
- Each individual database is allotted a maximum of 500 MB disk space.
- Databases may not be used for circumventing package disk allowances by storing web sites within the database.
- Databases may only be used in conjunction with Hetzner hosted packages. Access to databases from outside our local network is provided strictly for site and database development.
- Only 10 concurrent MySQL connections per database user are allowed.
- Databases may not be used to store binary files (including but not limited to image and application files). The database needs to reference the image on the user’s site rather than actually storing the image i.e. these files should be stored within the user account and referred to in the database by using a link.
- Hetzner reserves the right to require changes to databases and database usage should they have an adverse impact on a database server and/or other user databases on that server. Hetzner may move the database to a new server, or in extreme cases, Hetzner reserves the right to disable any database determined to be harming performance of a database server.
- The use of “cron jobs” (processes that are run automatically at certain times, in accordance with a “crontab” file set up by each user), are allowed on Hetzner servers, subject to the following conditions and restrictions:
- To be used only by customers of the Web Hosting Basic package and higher.
- The job must not execute more often than every two hours.
- If a cron job is likely to consume excessive CPU usage, it should be given a lower CPU priority.
- Resource limits are enforced by automatic monitoring systems. This is not applicable to Fully Managed Dedicated servers, providing that it does not interfere with Hetzner’s ability to manage the server on the customer’s behalf.
Server side processes
Last updated: May 2011.
Back to top
- The installation or operation of any stand-alone, unattended server-side process (daemons) on Hetzner servers, with the exception of cron jobs as per point 4 above, is not possible. Violation of this policy will result in immediate account termination without warning. This is not applicable to Hetzner’s Dedicated servers, providing that it does not interfere with Hetzner’s ability to manage the server on the customer’s behalf.
- This policy exists for several reasons:
- To protect the CPU and memory resources available on each server.
- To protect and enhance system security by not allowing unapproved third-party programs to accept connections from the outside world.
Last updated: May 2011.
You may not use our network to engage in illegal, abusive, or irresponsible behaviour, including:
Compliance with the acceptable use policies of any network or system with which you connect through our service is required. If inappropriate activity is detected, all accounts of the user in question will be deactivated until the investigation is complete. Prior notification to the user is not assured. In extreme cases, law enforcement will be contacted regarding the activity.
Back to top
- Unauthorised access to or use of data, services, systems or networks, including any attempt to probe, scan or test the vulnerability of a system or network or to break security or authentication measures without express authorisation of the owner of the system or network;
- Monitoring data or traffic on any network or system without the authorisation of the owner of the system or network;
- Interference with service to any user, host or network including, without limitation, mail bombing, flooding, deliberate attempts to overload a system and broadcast attacks;
- Use of an Internet account or computer without the owner’s authorisation;
- Collecting information by deceit, including, but not limited to Internet scamming (tricking other people into releasing their passwords), password robbery, phishing, security hole scanning, and port scanning;
- Use of Hetzner’s service to distribute software that covertly gathers information about a user or covertly transmits information about the user;
- Any activity or conduct that is likely to result in retaliation against our network;
- Any activity or conduct that is likely to be in breach of any applicable laws, codes or regulations including the Electronic Communications and Transactions Act 25 of 2002 (see ECT Act) which renders you liable to a fine or imprisonment;
- Introducing intentionally or knowingly into Hetzner’s service any virus or other contaminating program or fail to use an up to date virus-scanning program on all material downloaded from the Web;
- Forging email or other messages is forbidden. Trafficking in pirated software is forbidden. Port scanning or the use of similar tools is forbidden.
- Use of Hetzner services to publish or otherwise disseminate information about the availability of pirated software or other material that is being made available illegally, including the publication of a list of links to such material, regardless of disclaimers, is specifically forbidden. We do not condone any illegal material or behaviour.
Last updated: May 2011.
Hetzner customers must take reasonable security precautions. Negligence could result in the hacking of websites as well as compromised mailboxes due to vulnerable PCs, website software or the use of weak passwords, which could affect other Hetzner customers through blacklisting, phishing or spamming.
For further information, please read our FAQ on Secure Passwords.
Back to top
- It is the customer’s responsibility to ensure that scripts/programs installed under their account are secure (using the latest version) and permissions of directories are set properly, regardless of installation method. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. It is required that customers use a secure password. If a password is found to be weak, Hetzner will notify the user and allow time for the user to change/update the password. Failure to make a password change that inadvertently leads to the website being compromised could result in the user’s account being suspended / terminated.
- Passwords should consist of at least 11 mixed alpha and numeric characters with case variations. Customers should not use a common word as a password and should change their passwords regularly. In the event of abuse Hetzner reserves the right to reset a password.
Last updated: July 2016.
Back to top
- Accounts with many files can have an adverse effect on server performance. Hetzner has the following limit: 200 000 files (i.e. an email, webpage, image file, folder etc.), or 50 000 files per folder. Accounts exceeding the above limit will have those files and/or folders excluded from our backup system.
- Using our servers as a personal storage facility is not permitted. Any content stored must be directly related to the website(s) in question.
- Mailboxes that build up large volumes of email without being accessed are not allowed (e.g. catchall mailboxes or bounce message mailboxes). The primary cause of excessive disk usage can be due to customers having their catchall address enabled, yet never checking their primary account mailbox. Over time, tens of thousands of messages build up, pushing the account past our file limit.
- Email older than five years may not be stored on the server.
- Individual emails that are 5 MB or larger may not be stored on the server for more than 1 month.
- Hetzner has a disk usage quota in place for its Web Hosting packages. Where applicable, customers are sent monthly emails from Hetzner notifying them of domains that have exceeded the allocated quota, providing an opportunity to reduce disk space or upgrade to a higher package in order to avoid unnecessary charges for over-usage. Customers can regularly monitor their disk usage via konsoleH by clicking on ‘Disk Usage’ under Statistics & Reports, which will give customers a reading of the total size of the package together with a summary of individual folder sizes.
- In order for Hetzner to operate with greater efficiencies and for our customers to have the flexibility and control of actively managing their disk space, an automated system tracks, notifies and charges for over-usage.
Last updated: July 2016.
Back to top
- Our Web Hosting packages do not have a set quota on the data transfer (traffic) provided as we’d like our customers to have the resources needed to offer a viable, growing online presence. Find out more about our unlimited traffic policy. It is expected that all customers comply with this Acceptable Use Policy, designed to preserve Hetzner’s server and network performance for the benefit of all our customers.
- Using our Web Hosting packages primarily for online file storage, archiving electronic files or streaming excessive video or hosting music is not permitted.
- Certain services may not be hosted on our dedicated servers & our Colocation offering without prior consultation. Examples include, but are not limited to:
- Public mirroring services that are made available for general public use
- Any website or service where the primary focus is to drive or redirect traffic from one network to another
- Reselling bandwidth and/or network capacity as internet access to end users
If you’d like to discuss your requirement in more detail, please contact firstname.lastname@example.org
Combining traffic quotas across multiple servers is not supported
Last updated: September 2014.
First, the general principle regarding quotas:
The generous quotas provided by hosting providers are based on an aggregated usage model. What this means is that each hosting product, at full quota use, runs at a loss.
In reality, 99% of customers use a fraction of their quotas while less than 1% are high or excessive users. As a result, the aggregate usage across the cumulative customer base remains within profitable margins. This makes it entirely feasible to offer quota levels that provides both peace of mind as well as the flexibility for occasional or permanent high usage without raising the cost.
Regarding combined dedicated server traffic quotas:
In the case of dedicated servers (Managed Dedicated & TruServ) that are combined to deliver a single service, the principle of an aggregated usage model can not be applied. When lumped together to service an ever growing need, it is as though a “super-computer” is being created and the traffic quotas that are allocated to its parts are not subject to an aggregated usage model. In other words, it’s a new product with different product characteristics.
Traffic routed between Colocation Racks and TruServ Servers:
Traffic generated from a Colocation network that is destined for the internet should not be routed via a TruServ server or network.
An example would be the hosting of a video processing system which requires a large number of servers to perform the required processing, including database, backup and redundancy servers. Combining the quotas of all the servers used for this purpose into a single large quota is simply not feasible due to the loss that this would incur for Hetzner.
Other examples are:
Very popular Websites (eg. news24.com)
Large SaaS implementations
Servers used for mass download purposes or caching proxies
Mass mail services (eg. a free Webmail service)
Cloud hosting platforms
99% of customers with clustered servers remain well within the acceptable aggregated data usage pattern. A further 1% may be contacted to discuss a viable quota model. So why do we explain this policy so elaborately? Because we want you to understand the basis on which you are using the service and to give us the recourse to collaborate with you on options should we feel the need to do so.
Very simply, if you are not being contacted, it’s not a concern for us. If you are concerned or would like greater predictability, please contact email@example.com.