Acceptable Use Policy
This Policy forms part of the Agreement between the Client and Afrihost and is binding on Clients using Afrihost’s services. The AUP sets out in detail what forms of conduct Afrihost regards as unacceptable on the part of its Clients and the steps which Afrihost may take in response to unacceptable use of its services. Please take the time to acquaint yourself fully with the provisions of this Policy.

1. General

1.1 By contracting with Afrihost for services, the Client agrees, without limitation or qualification, to be bound by this Policy and the terms and conditions it contains, as well as any other additional terms, conditions, rules or policies which are displayed to the Client in connection with the Services.
1.2The purpose of this AUP is to:
1.2.1 ensure compliance with the relevant laws of the Republic;
1.2.2 specify to Clients and users of Afrihost’s service what activities and online behaviour are considered an unacceptable use of the service;
1.2.3 protect the integrity of Afrihost’s network; and
1.2.4 specify the consequences that may flow from undertaking such prohibited activities.
1.3 This document contains a number of legal obligations which the Client will be presumed to be familiar with. As such, Afrihost encourages the Client to read this document thoroughly and direct any queries to
1.4 Afrihost respects the rights of Afrihost’s Clients and users of Afrihost’s services to freedom of speech and expression, access to information, privacy, human dignity, religion, belief and opinion.
2. Unacceptable Use

2.1 Afrihost’s services may only be used for lawful purposes and activities. Afrihost prohibits any use of its Services including the transmission, storage and distribution of any material or content using Afrihost’s network that violates any law or regulation of the Republic. This includes, but is not limited to:
2.1.1 Any violation of local and international laws prohibiting child pornography, obscenity, discrimination (including racial, gender or religious slurs) and hate speech, or speech designed to incite violence or hatred, or threats to cause bodily harm.
2.1.2 Any activity designed to defame, abuse, stalk, harass or physically threaten any individual in the Republic or beyond its borders; including any attempt to link to, post, transmit or otherwise distribute any inappropriate or defamatory material.
2.1.3 Any violation of Intellectual Property laws including materials protected by local and international copyright, trademarks and trade secrets.
2.1.4 Any violation of another’s right to privacy, including any effort to collect personal data of third parties without their consent.
2.1.5 Any fraudulent activity whatsoever, including dubious financial practices, such as pyramid schemes; the impersonation of another client without their consent; or any attempt to enter into a transaction with Afrihost on behalf of another client without their consent.
2.1.6 Any violation of the exchange control laws of the Republic.
2.1.7 Any activity that results in the sale, transmission or distribution of pirated or illegal software.
3. Threats to Network Security

3.1 Any activity which threatens the functioning, security and/or integrity of Afrihost’s network is unacceptable. This includes:
3.1.1 Any efforts to attempt to gain unlawful and unauthorised access to the network or circumvent any of the security measures established by Afrihost for this goal.
3.1.2 Any effort to use Afrihost’s equipment to circumvent the user authentication or security of any host, network or account (“cracking” or “hacking”).
3.1.3 Forging of any TCP/IP packet headers (spoofing) or any part of the headers of an email or a newsgroup posting.
3.1.4 Any effort to breach or attempt to breach the security of another user or attempt to gain access to any other person’s computer, software, or data without the knowledge and consent of such person.
3.1.5 Any activity which threatens to disrupt the service offered by Afrihost through “denial of service attacks”; flooding of a network, or overloading a service or any unauthorised probes (“scanning” or “nuking”) of others’ networks.
3.1.6 Any activity which in any way threatens the security of the network by knowingly posting, transmitting, linking to or otherwise distributing any information or software which contains a virus, trojan horse, worm, malware, botnet or other harmful, destructive or disruptive component.
3.1.7 Any unauthorised monitoring of data or traffic on the network without Afrihost’s explicit, written consent.
3.1.8 Running services and applications with known vulnerabilities and weaknesses, e.g. insufficient anti-automation attacks, any traffic amplification attacks, including recursive DNS attacks, SMTP relay attacks.
3.1.9 Failing to respond adequately to a denial of service attack (DOS / DDOS).
4. Definitions

Throttling limits the throughput of all services and protocols. Regardless of the DSL line speed, a throttled account will only be able to achieve limited throughput in total whilst using that account on their line. The DSL line itself is not affected, and using an unthrottled account will return line performance to normal. throttling is applied on an individual user basis, based on usage over a 30 day rolling window threshold. Throttling is applied only when demand on the network exceeds available network capacity, and is relieved when demand decreases.
Shaping is the implementation of protocol based priority, to manage demand on the network. When shaping is implemented, realtime, interactive services are given higher priority over non-realtime, non-interactive services, effectively slowing the performance of non-prioritised services in favour of those given priority. Shaping is applied to all users in general (not based on usage thresholds), and the impact to non-priority services is determined by the level of demand and available network capacity. Shaping is applied only when demand on the network exceeds available network capacity, and relieved when demand decreases.
5. Uncapped Monthly Thresholds, Throttling, Shaping and Bandwidth Priority

5.1Home Uncapped Packages have a threshold (based on a 30 day rolling window) after which speeds could be subject to shaping and throttling based on network demand. Premium and Business Uncapped Packages may also be subject to shaping when demand on the network is high. Our aim is to apply as little (or no) shaping or throttling to our Uncapped accounts, where network resources allow. In the case of increases in demand, throttling and shaping will be applied to Home Uncapped accounts first, then shaping to Premium Uncapped accounts. Shaping will only be applied to Business Uncapped accounts in cases of extreme network congestion.
5.2Home Uncapped Packages are subject to throttling only when a user has reached their monthly threshold. Throttling is only applied during peak demand periods, when required, to manage overall network demand. Users who have exceeded their threshold will experience unthrottled speeds during off-peak hours. Premium Uncapped Packages are not subject to throttling or monthly thresholds, and will enjoy full speed real-time services under all normal circumstances, but may be subject to shaping of downloads only if the network is under strain. Business Uncapped Packages are not generally shaped, but can be subject to shaping, should the network experience high levels of demand. Business Uncapped accounts also have a user controllable feature via ClientZone to prioritise non-P2P traffic on their account to ensure business-critical services always get the highest priority.
5.3 Home, Premium and Business Uncapped users will be able to access significant amounts of data, regardless of whether shaping or throttling is applied (as per 1 and 2). For examples of the amount of usage possible, visit the Afrihost Uncapped Leaderboard.
5.4Monthly Thresholds:
1 Mbps: 20GB
2 Mbps: 40GB
4 Mbps: 80GB
5 Mbps: 80GB
8 Mbps: 100GB
10 Mbps: 120GB
20 Mbps: 200GB
40 Mbps: 250GB
50 Mbps: 250GB
100 Mbps: 300GB
1000 Mbps: 1000GB
6. Contention

6.1 Network capacity and performance is subject to contention for services from users. This means that a significant rise in demand can affect the availability of bandwidth to users. Afrihost manages contention through the implementation of Quality of Service, Shaping and Throttling (on applicable products). Contention is a function of demand from users and is not strictly within Afrihost’s direct control, however Afrihost will use the provisions of the AUP and Terms and Conditions to manage contention and minimise the impact to performance to offer the best possible experience at all times.
7. Spam and Unsolicited Bulk Mail

7.1 Afrihost regards all unsolicited bulk email (whether commercial in nature or not) as spam, with the following exceptions:
7.1.1 Mail sent by one party to another where there is already a prior relationship between the two parties and the subject matter of the message(s) concerns that relationship;
7.1.2 Mail sent by one party to another with the explicit consent of the receiving party.
7.1.3 Clients should only receive bulk mail that they have requested and/or consented to receive and/or which they would expect to receive as a result of an existing relationship.
7.2 Afrihost will take swift and firm action against any user engaging in any of the following unacceptable practices:
7.2.1 Sending unsolicited bulk mail for marketing or any other purposes (political, religious or commercial) to people who have not consented to receiving such mail.
7.2.2 Using any part of Afrihost’s infrastructure for the purpose of unsolicited bulk mail, whether sending, receiving, bouncing, or facilitating such mail.
7.2.3 Operating or maintaining mailing lists without the express permission of all recipients listed. In particular, Afrihost does not permit the sending of “opt-out” mail, where the recipient must opt out of receiving mail which they did not request. For all lists, the sender must maintain meaningful records of when and how each recipient requested mail. Afrihost will also monitor Clients deemed to be operating “cleaning lists”, which is using illegally obtained email addresses but removing addresses as complaints arise. Should Afrihost, at its discretion, believe that this is the case, it will be treated as SPAM.
7.2.4 Failing to promptly remove from lists invalid or undeliverable addresses or addresses of unwilling recipients or a recipient who has indicated s/he wishes to be removed from such list, or failing to provide the recipient with a facility to opt-out.
7.2.5 Using Afrihost’s service to collect responses from unsolicited email sent from accounts on other Internet hosts or e-mail services that violate this AUP or the AUP of any other Internet service provider. Advertising any facility on Afrihost’s infrastructure in unsolicited bulk mail (e.g. a website advertised in spam).
7.2.6 Including Afrihost’s name in the header or by listing an IP address that belongs to Afrihost in any unsolicited email whether sent through Afrihost’s network or not.
7.2.7 Failure to secure a Client’s mail server against public relay as a protection to themselves and the broader Internet community. Public relay occurs when a mail server is accessed by a third party from another domain and utilised to deliver mails, without the authority or consent of the owner of the mail-server. Mail servers that are unsecured against public relay often become abused by unscrupulous operators for spam delivery and upon detection such delivery must be disallowed. Afrihost reserves the right to examine users’ mail servers to confirm that no mails are being sent from the mail server through public relay and the results of such checks can be made available to the user. Afrihost also reserves the right to examine the mail servers of any users using Afrihost’s mail servers for “smarthosting” (when the user relays its mail via an Afrihost mail server to a mail server of its own or vice versa) or similar services at any time to ensure that the servers are properly secured against public relay. All relay checks will be done in strict accordance with Afrihost’s Privacy Policy and the laws of South Africa.
8. Users Outside of South Africa

8.1 Where any user resides outside of the Republic, permanently or temporarily, such user will be subject to the laws of the country in which s/he is currently resident and which apply to the user. On presentation of a legal order to do so, or under obligation through an order for mutual foreign legal assistance, Afrihost will assist foreign law enforcement agencies (LEAs) in the investigation and prosecution of a crime committed using Afrihost’s resources, including the provisioning of all personal identifiable data.
9. Hosting

9.1 Afrihost offers unlimited bandwidth (web traffic) usage on Shared Hosting platforms. However, this is subject to reasonable and responsible usage, as determined at Afrihost’s discretion. Shared Hosting is designed for serving personal hosting requirements or that of small enterprises, and not medium to large enterprises. Afrihost reserves the right to move Clients deemed to have excessive bandwidth usage to a Cloud product, which will better suit their requirements. Clients will be given notice as such, and will be informed of any cost implications.
9.2 Disk Space on Shared Hosting may only be used for Website Content, Emails and related System Files. General data storage, archiving or file sharing of documents, files or media not directly related to the website content is strictly prohibited. Unauthorised storage or distribution of copyrighted materials is prohibited, via FTP hosts or any other means.
9.3 For Shared Hosting and Managed Dedicated Solutions, Afrihost will implement security updates, software patches and other updates or upgrades from time to time, to maintain the best performance, at their sole discretion. These upgrades include, but are not limited to, PHP, MySQL and CPanel release versions. Afrihost is under no obligation to effect such upgrades, or to rectify any impact such changes could potentially have to Hosting Clients.
9.4 Afrihost will not be liable or responsible for the backing up, restoration or loss of data under any circumstances. Clients are solely responsible for ensuring their data is regularly backed up and for restoring such backups in the event of data loss or corruption.
9.5 Afrihost prohibits Clients from doing the following on hosting platforms administered by Afrihost:
9.5.1 Running applications that are not production-ready. Any applications on the hosting platform must be optimised with respect to memory usage and must have appropriate data indexing.
9.5.2 Running applications with inadequate security controls.
9.5.3 Generating significant side-channel traffic from an application, whether by design or otherwise. Databases should be stored locally, and remote content should be cached.
9.5.4 Failure to maintain proper “housekeeping” on a shared server including storing or generating useless content, including comment spam, unused cache files, log file and database entries.
9.5.5 Storing malicious content, such as malware or links to malware.
9.5.6 Monopolising server resources, including CPU time, memory, network and disk bandwidth.
9.5.7 Maintaining long-running processes and long-running database queries.
9.5.8 Storing or running back-door shells, mass mailing scripts, proxy servers, web spiders, phishing content, or peer-to-peer software.
9.5.9 Sending bulk mail of any form, particularly mail that cannot be efficiently delivered due to volume or incorrect addresses.
9.5.10 Using poor passwords.
9.5.11 Sharing security credentials with untrusted parties.
9.5.12 Running Torrents for download or Seed Servers.
9.5.13 Running TOR (or other Online Anonymity Services).
9.5.14 Otherwise circumventing the Acceptable Use Policy or intended use of the product.
10. Protection of Minors

10.1 Afrihost prohibits Clients from using Afrihost’s service to harm or attempt to harm a minor, including, but not limited to, by hosting, possessing, disseminating, distributing or transmitting material that is unlawful, including child pornography and cyber bullying.
10.2 Afrihost prohibits Clients from using Afrihost’s service to host sexually explicit or pornographic material of any nature.
11. Privacy and Confidentiality

11.1 Afrihost respects the privacy and confidentiality of Afrihost’s Clients and users of Afrihost’s service. Please review Afrihost’s Privacy Policy which details how Afrihost collects and uses personal information gathered in the course of operating its Services.
12. User Responsibilities

12.1 Clients are responsible for any misuse of Afrihost’s services that occurs through the Client’s account. It is the Client’s responsibility to ensure that unauthorised persons do not gain access to or misuse Afrihost’s service.
12.2 Afrihost urges Clients not to reply to unsolicited mail or “spam”, not to click on any suggested links provided in the unsolicited mail. Doing so remains the sole responsibility of the Client and Afrihost cannot be held liable for the Client being placed on any bulk mailing lists as a result.
12.3 Where the Client has authorised a minor to use any of the Afrihost’s services or access its websites, the Client accepts that as the parent/legal guardian of that minor, the Client is fully responsible for: the online conduct of such minor, controlling the minor’s access to and use of any services or websites, and the consequences of any misuse by the minor.
13. Complaints Procedure

13.1 Complaints relating to the violation of this AUP should be submitted in writing to Complaints must be substantiated, and unambiguously state the nature of the problem, and its connection to Afrihost’s network and services.
14. Action Following Breach of the AUP

14.1 Upon receipt of a complaint, or having become aware of an incident, Afrihost may, in its sole and reasonably-exercised discretion take any of the following steps:
In the case of Clients, warn the Client, suspend the Client account and/or revoke or cancel the Client’s Service access privileges completely;

In the case of an abuse emanating from a third party, inform the third party’s network administrator of the incident and request the network administrator or network owner to address the incident in terms of this AUP and/or the ISPA Code of Conduct (if applicable);

In severe cases suspend access of the third party’s entire network until abuse can be prevented by appropriate means;

In all cases, charge the offending parties for administrative costs as well as for machine and human time lost due to the incident;

Assist other networks or website administrators in investigating credible suspicions of any activity listed in this AUP;

Institute civil or criminal proceedings;

Share information concerning the incident with other Internet access providers, or publish the information, and/or make available the users’ details to law enforcement agencies; and/or

suspend or terminate the Service as provided for in the Agreement.

14.2 This policy applies to and will be enforced for intended and unintended (e.g., viruses, worms, malicious code, or otherwise unknown causes) prohibited usage.
15. Reservation and Non Waiver of Rights

15.1 Afrihost reserves the right to amend or alter this policy at any time, and without notice to the Client.
15.2 Afrihost reserves the right to take action against any individuals, companies or organisations that violate the AUP, or engage in any illegal or unlawful activity while accessing Afrihost’s services, to the fullest extent of the law.
15.3 Afrihost reserves the right, at its sole discretion, to act against other types of abuse not listed in this document and to investigate or prevent illegal activities being committed over Afrihost’s network.
15.4 Afrihost does not waive its right to enforcement of this AUP at any time, or prejudice its right to take subsequent action, should Afrihost fail, neglect or elect not to enforce a breach of the AUP at any time.

The AUP is a description of the types of activities that are not allowed on Hetzner’s network and as such forms part of Our Hosting Terms.

Hetzner reserves the right to require changes or disable, as necessary, any website, account, database, or other component that does not comply with its established policies, or to make any such modifications in an emergency at its sole discretion. To meet the changing needs of our customers, our business, the Internet environment and the legal landscape, this AUP may be revised at any time and we encourage our customers to review this AUP regularly.

If you feel you have discovered a violation of any area of our AUP please report it to:

SPAM and Unsolicited Email »
Hetzner has a zero tolerance SPAM policy.
Server Side Processes »
Certain processes are not permitted on our shared systems.
Offensive Content »
Certain content is not permitted on Hetzner’s network.
Internet Abuse »
Using our network to engage in illegal, abusive, or irresponsible behaviour is a violation.
Misuse of Account Features »
Your account features are for use with your sites only.
Security »
Negligence will put Hetzner’s network at risk.
Shared Systems and Resource Usage »
Excessive resource usage will cause performance and stability problems.
Disk Usage »
Disk space usage is monitored with automated billing for over-usage.
Traffic Usage »
While our traffic usage is generous, it is regulated and is subject to reasonable use.
Combining traffic quotas across multiple servers »
It is not possible to combine the traffic quotas of dedicated servers that are combined to deliver a single service.

SPAM and Unsolicited Email

Last updated: January 2013.Sending unsolicited commercial communication (including, but not limited to email, instant messaging, SMS, chat rooms, discussion boards and newsgroups) is not permitted via Hetzner’s network.

Regardless of how the recipient’s email address was acquired, if email communication was not explicitly requested or consented to by the recipient or if the recipient would not expect to receive it as a result of an existing relationship, the communication is considered unsolicited (this applies to communication sent to both personal email addresses and company email addresses e.g. Email communication that does not clearly originate from a consensual sender or which appears to come from a 3rd party or affiliate is considered unsolicited.

Examples of unsolicited communication:

Purchased mailing lists, “safe lists” and harvesting of email addresses, where the users of those email addresses have not explicitly agreed to receive communication from a specified consensual sender is considered unsolicited.
Sending emails where the recipient must opt-out of receiving further emails that they didn’t originally request is considered unsolicited.
Sending a once-off invitation to receive further information, which was not explicitly requested or consented to by the recipient is considered unsolicited.
Email communication to a mailing list including addresses of unwilling recipients or a recipient who has indicated that they wish to be removed from such list, yet continues to receive unwanted emails after a reasonable period, is considered unsolicited.

Mailing list operators should maintain meaningful records of recipient requests and their consent to receive said email communications. There should also be an option for the recipient to unsubscribe from receiving further email communications.

When Hetzner receives a spam complaint, in order to establish if the communication was unsolicited, we may ask you to verify whether the recipient agreed to receive communications from you and if so, when and where you recorded their email address.

Hetzner reserves the right to suspend or terminate the account of any user who sends out unsolicited email otherwise known as Spam with or without notice in accordance with its General Terms and Conditions.

As a Hetzner customer, should you infringe this policy, you will be held liable for any costs incurred by Hetzner, both monetary and in reputation. Hetzner reserves the right to charge the customer of the account used to send any unsolicited email a clean-up fee or any charges incurred for blacklist removal. This cost of the clean-up fee is entirely at the discretion of Hetzner.

The use of any other service for the purposes of sending SPAM with any reference to Hetzner services (including but not limited to mailboxes, autoresponders, and Web pages), will also be grounds for suspension/termination as described above. If your website was compromised and exploited for the purpose of sending unsolicited communications, Hetzner will be more lenient in resolving the issue. However, repeat exploitations of the same website and/or customer account would be grounds for suspension/termination.

For further information, please read our FAQ on Spam Abuse

Back to top

Offensive Content

Last updated: May 2011.

Hetzner does not allow any of the following content or links to such content, to be published on its Hosting Systems:
Content of a pornographic, sexually explicit or violent nature.
“Hate” sites or content that could be reasonably considered as discriminatory in any way including by way of sex, race or age discrimination.
Content of an illegal nature (including stolen copyrighted material).
Content that is defamatory or violates a person’s privacy.
Content that involves theft, fraud, drug-trafficking, money laundering or terrorism.
Pirated software sites.
Illegal gambling sites.
If Hetzner in its sole discretion determines that any customer content violates any law, including the Film and Publications Act, 65 of 1966 or this policy, it may:
Request the customer to immediately remove such content; and/or
Require the customer to modify such content; and/or
Without notice, suspend or terminate access to any services; and/or
Without notice, delete the offending content; and/or
Notify the relevant authorities of the existence of such content (if required by law or otherwise), make any backup, archive or other copies of such material as may be required by such authorities, disclose such elements of the customer’s data as may be requested by the authorities and take such further steps as may be required by such authorities.

Back to top

Misuse of account features

Last updated: July 2011.

Operating any service which makes an account feature available to third parties for any use other than normal access to that account’s Web site is forbidden. Operating any service which enables or assists anonymous or abusive behaviour by third parties is forbidden. Operating any service which affects the stability or reliability of any Hetzner server or network component, impacts other users or the company negatively, or degrades quality of service is forbidden. All account features are to be used solely in order to develop and implement the Web site(s) associated with that account.
Reselling Multiple Domains on Hetzner’s Web Hosting packages to a third party is not allowed. Multiple Domains are to be used solely for the Profile Owner’s own websites.

Back to top

Shared Systems and Resource Usage

Last updated: August 2012.
Customers hosting on our shared environment may not use any shared system provided by Hetzner in a way that interferes with the normal operation of the shared system, or that consumes a disproportionate share of the system’s resources. For example, excessive server hits, excessive bandwidth usage, excessive disk usage, inefficient scripts or database queries may compromise other users of the shared hosting environment. Hetzner is authorised to suspend a user’s account should it be found that excessive resource usage is negatively impacting on other customers of our shared hosting environment. In most cases, the examples below do not apply to Hetzner Dedicated servers.

Users may not, through a cron job, CGI script, interactive command, or any other means, initiate the following on Hetzner’s shared servers:
Run any process that requires more than 50MB of memory space.
Run any program that requires more than 30 CPU seconds.
Run more than 10 simultaneous processes.
Send out mail to more than 500 recipients (email addresses) within one hour. 500 recipients represent one of the following: 500 recipients for one email, 500 individual emails or a combination of the two.
Send or receive, through mail, any file larger than 20MB.
Should we discover that a customer is performing bulk mail runs on our shared systems that exceeds the limit communicated in 4.1.4 above, regardless of whether it constitutes SPAM or not, Hetzner will deactivate the user’s account.
Custom server-side CGI scripts are to be run only by users with the appropriate package types (in Hetzner’s case the Web Hosting Basic package or higher). No user may run CGI scripts for the benefit of external sites or services. The use of system resource limits is intended to prevent runaway CGI scripts on an unattended server. Also, processes with large memory footprints or hungry CPU requirements will incur swapping and other slowdowns that cause problems for every site on the server.
Interactive Web applications, commonly known as “chat”, are not allowed on Hetzner’s shared systems. These applications are better placed on dedicated servers.
MySQL databases are provided to users of the Web Hosting Basic package and higher:
Each qualifying individual package is limited to the allocated quota as published in the product matrix.
Each individual database is allotted a maximum of 500 MB disk space.
Databases may not be used for circumventing package disk allowances by storing web sites within the database.
Databases may only be used in conjunction with Hetzner hosted packages. Access to databases from outside our local network is provided strictly for site and database development.
Only 10 concurrent MySQL connections per database user are allowed.
Databases may not be used to store binary files (including but not limited to image and application files). The database needs to reference the image on the user’s site rather than actually storing the image i.e. these files should be stored within the user account and referred to in the database by using a link.
Hetzner reserves the right to require changes to databases and database usage should they have an adverse impact on a database server and/or other user databases on that server. Hetzner may move the database to a new server, or in extreme cases, Hetzner reserves the right to disable any database determined to be harming performance of a database server.
The use of “cron jobs” (processes that are run automatically at certain times, in accordance with a “crontab” file set up by each user), are allowed on Hetzner servers, subject to the following conditions and restrictions:
To be used only by customers of the Web Hosting Basic package and higher.
The job must not execute more often than every two hours.
If a cron job is likely to consume excessive CPU usage, it should be given a lower CPU priority.
Resource limits are enforced by automatic monitoring systems. This is not applicable to Fully Managed Dedicated servers, providing that it does not interfere with Hetzner’s ability to manage the server on the customer’s behalf.

Back to top

Server side processes

Last updated: May 2011.

The installation or operation of any stand-alone, unattended server-side process (daemons) on Hetzner servers, with the exception of cron jobs as per point 4 above, is not possible. Violation of this policy will result in immediate account termination without warning. This is not applicable to Hetzner’s Dedicated servers, providing that it does not interfere with Hetzner’s ability to manage the server on the customer’s behalf.
This policy exists for several reasons:
To protect the CPU and memory resources available on each server.
To protect and enhance system security by not allowing unapproved third-party programs to accept connections from the outside world.

Back to top

Internet Abuse

Last updated: May 2011.
You may not use our network to engage in illegal, abusive, or irresponsible behaviour, including:

Unauthorised access to or use of data, services, systems or networks, including any attempt to probe, scan or test the vulnerability of a system or network or to break security or authentication measures without express authorisation of the owner of the system or network;
Monitoring data or traffic on any network or system without the authorisation of the owner of the system or network;
Interference with service to any user, host or network including, without limitation, mail bombing, flooding, deliberate attempts to overload a system and broadcast attacks;
Use of an Internet account or computer without the owner’s authorisation;
Collecting information by deceit, including, but not limited to Internet scamming (tricking other people into releasing their passwords), password robbery, phishing, security hole scanning, and port scanning;
Use of Hetzner’s service to distribute software that covertly gathers information about a user or covertly transmits information about the user;
Any activity or conduct that is likely to result in retaliation against our network;
Any activity or conduct that is likely to be in breach of any applicable laws, codes or regulations including the Electronic Communications and Transactions Act 25 of 2002 (see ECT Act) which renders you liable to a fine or imprisonment;
Introducing intentionally or knowingly into Hetzner’s service any virus or other contaminating program or fail to use an up to date virus-scanning program on all material downloaded from the Web;
Forging email or other messages is forbidden. Trafficking in pirated software is forbidden. Port scanning or the use of similar tools is forbidden.
Use of Hetzner services to publish or otherwise disseminate information about the availability of pirated software or other material that is being made available illegally, including the publication of a list of links to such material, regardless of disclaimers, is specifically forbidden. We do not condone any illegal material or behaviour.
Compliance with the acceptable use policies of any network or system with which you connect through our service is required. If inappropriate activity is detected, all accounts of the user in question will be deactivated until the investigation is complete. Prior notification to the user is not assured. In extreme cases, law enforcement will be contacted regarding the activity.

Back to top


Last updated: May 2011.
Hetzner customers must take reasonable security precautions. Negligence could result in the hacking of websites as well as compromised mailboxes due to vulnerable PCs, website software or the use of weak passwords, which could affect other Hetzner customers through blacklisting, phishing or spamming.

It is the customer’s responsibility to ensure that scripts/programs installed under their account are secure (using the latest version) and permissions of directories are set properly, regardless of installation method. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. It is required that customers use a secure password. If a password is found to be weak, Hetzner will notify the user and allow time for the user to change/update the password. Failure to make a password change that inadvertently leads to the website being compromised could result in the user’s account being suspended / terminated.
Passwords should consist of at least 11 mixed alpha and numeric characters with case variations. Customers should not use a common word as a password and should change their passwords regularly. In the event of abuse Hetzner reserves the right to reset a password.
For further information, please read our FAQ on Secure Passwords.

Back to top

Disk usage

Last updated: July 2016.

Accounts with many files can have an adverse effect on server performance. Hetzner has the following limit: 200 000 files (i.e. an email, webpage, image file, directory etc.), or 50 000 files per directory. Accounts exceeding the above limit will have those files and/or directories excluded from our backup system.
Using our servers as a personal storage facility is not permitted. Any content stored must be directly related to the website(s) in question.
Mailboxes that build up large volumes of email without being accessed are not allowed (e.g. catchall mailboxes or bounce message mailboxes). The primary cause of excessive disk usage can be due to customers having their catchall address enabled, yet never checking their primary account mailbox. Over time, tens of thousands of messages build up, pushing the account past our file limit.
Email older than five years may not be stored on the server.
Individual emails that are 5 MB or larger may not be stored on the server for more than 1 month.
Hetzner has a disk usage quota in place for its Web Hosting packages. Where applicable, customers are sent monthly emails from Hetzner notifying them of domains that have exceeded the allocated quota, providing an opportunity to reduce disk space or upgrade to a higher package in order to avoid unnecessary charges for over-usage. Customers can regularly monitor their disk usage via konsoleH by clicking on ‘Disk Usage’ under Statistics & Reports, which will give customers a reading of the total size of the package together with a summary of individual directory sizes.
In order for Hetzner to operate with greater efficiencies and for our customers to have the flexibility and control of actively managing their disk space, an automated system tracks, notifies and charges for over-usage.

Back to top

Traffic Usage

Last updated: July 2016.

Our Web Hosting packages do not have a set quota on the data transfer (traffic) provided as we’d like our customers to have the resources needed to offer a viable, growing online presence. Find out more about our unlimited traffic policy. It is expected that all customers comply with this Acceptable Use Policy, designed to preserve Hetzner’s server and network performance for the benefit of all our customers.
Using our Web Hosting packages primarily for online file storage, archiving electronic files or streaming excessive video or hosting music is not permitted.
Certain services may not be hosted on our dedicated servers & our Colocation offering without prior consultation. Examples include, but are not limited to:
Public mirroring services that are made available for general public use
Any website or service where the primary focus is to drive or redirect traffic from one network to another
Reselling bandwidth and/or network capacity as internet access to end users
If you’d like to discuss your requirement in more detail, please contact

Back to top

Combining traffic quotas across multiple servers is not supported

Last updated: September 2014.
First, the general principle regarding quotas:
The generous quotas provided by hosting providers are based on an aggregated usage model. What this means is that each hosting product, at full quota use, runs at a loss.

In reality, 99% of customers use a fraction of their quotas while less than 1% are high or excessive users. As a result, the aggregate usage across the cumulative customer base remains within profitable margins. This makes it entirely feasible to offer quota levels that provides both peace of mind as well as the flexibility for occasional or permanent high usage without raising the cost.

Regarding combined dedicated server traffic quotas:
In the case of Dedicated servers (Managed and Self-Managed) that are combined to deliver a single service, the principle of an aggregated usage model can not be applied. When lumped together to service an ever growing need, it is as though a “super-computer” is being created and the traffic quotas that are allocated to its parts are not subject to an aggregated usage model. In other words, it’s a new product with different product characteristics.

Traffic routed between Colocation Racks and Self-Managed Servers:
Traffic generated from a Colocation network that is destined for the internet should not be routed via a Self-Managed server or network.

An example would be the hosting of a video processing system which requires a large number of servers to perform the required processing, including database, backup and redundancy servers. Combining the quotas of all the servers used for this purpose into a single large quota is simply not feasible due to the loss that this would incur for Hetzner.

Other examples are:
Very popular Websites (eg.
Large SaaS implementations
Servers used for mass download purposes or caching proxies
Mass mail services (eg. a free Webmail service)
Shared hosting
Cloud hosting platforms

What now?
99% of customers with clustered servers remain well within the acceptable aggregated data usage pattern. A further 1% may be contacted to discuss a viable quota model. So why do we explain this policy so elaborately? Because we want you to understand the basis on which you are using the service and to give us the recourse to collaborate with you on options should we feel the need to do so.

Very simply, if you are not being contacted, it’s not a concern for us. If you are concerned or would like greater predictability, please contact