Acceptable Use Policy (AUP)
Casbay is committed to providing services at a standard of excellence commensurate with the best practice in the industry.
Casbay primary goal is to preserve the value of the Internet as a resource for information and free expression and respect the privacy and security of Internet users. Casbay values itself as responsible hosting provider and strongly discourages irresponsible practices, which degrade the usability of network resources and thus the value of Internet services. This Acceptable Use Policy (AUP) specifies the actions prohibited by Casbay. Casbay reserves the right to modify the Policy at any time, effective upon posting of the modified Policy to this webpage. Use of Casbay services is conditional upon acceptance of AUP. It is Customer’s responsibility to regularly check for modifications. (Customers, users, and visitors are referred collectively as Customer)
Complaints and Disputes
Suspension of Services
Unauthorised access to or use of data, systems or networks, including any attempt to probe, scan or test the vulnerability of a system or network or to breach security or authentication measures without express authorisation of the owner of the system or network.
2. Unauthorised Monitoring
Unauthorised monitoring of data or traffic on any network or system without express authorisation of the owner of the system or network.
Interference with service to any user, host or network including, without limitation, mail bombing, flooding, deliberate attempts to overload a system and broadcast attacks.
Forging of any TCP-IP packet header or any part of the header information in an email or a newsgroup posting.
5. Offensive Material
Use of Casbay service to transmit any material (by e-mail, uploading, posting or otherwise) that threatens or encourages bodily harm or destruction of property.
Use of Casbay service to commit fraud which including and not limiting to fake investment websites, speculation websites, fake banks and investment institution.
7. Virus, Trojan and Malware Distribution
Use of Casbay service to distribute Virus or any other forms of data which can cause considerable harms to any network. Using or storing any type of software which is designed to or is likely to abuse or negatively impact Internet service, including, but not limited to, port scanners, hacking tools, ping flooding programs, security/root exploits, packet sniffers, and spam software.
8. Terrorism Activities
Use of Casbay services to promote terrorist activities which including and not limiting to forums for terrorists, personal websites for terrorists, audio, photo and videos of terrorist activities.
9. System Resources Overload
Overload of Casbay services until the system performance or other customers’ business is affected which including and not limiting to CPU resources overload, bandwidth overload, memory resources overload, MySQL connections overload and massive email spamming by scripts.
10. Spam (UNSOLICITED EMAIL)
Customer shall not transmit or disseminate unsolicited commercial e-mail (UCE), or unsolicited bulk messages (Spam), including advertisements, informational distributions, and charitable or other solicitations. Nor shall Customer utilise UCE or Spam to promote or benefit any sites or businesses that are located on the Casbay network, nor to collect responses from UCE or Spam regardless of whether sent over the Casbay network. Do not violate the CAN-SPAM Act of 2003. Do not send E-Mail Marketing Messages or facilitate E-Mail Marketing, even if such conduct is CAN-SPAM compliant. Do not host or allow to be hosted any site or information that is advertised by E-Mail Marketing, even if such conduct is CAN-SPAM compliant. Customer may not send or attempt to send e-mail messages or transmit any electronic communications using a name or address of someone other than Customer for purposes of deception. Any attempt to impersonate someone else by altering source IP address information or by using forged headers or other identifying information, including the domain name is prohibited. Any attempt to fraudulently conceal, forge, or otherwise falsify Customer’s identity in connection with use of the Service is prohibited. Confirmed Opt-In (also known as Double Opt-in), is the only method we allow for the e-mail lists operated by our customers.
11. Child Pornography
Child pornography includes related material, such as simulated child pornography, non-nude child pornography, or sites linking to such material, whether it is determined to be legal or not. Offenses of this nature will be reported to the federal authorities and prosecuted to the fullest extent of the law. Customer is held fully responsible for any misuse of account regardless of whoever committed the act.
12. Russian Business Network (RBN)
The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted cybercrime organisation, specialising in and in some cases monopolising personal identity theft for resale. It is the originator of MPack (software) and an alleged operator of the Storm botnet. Due to the threat of RBN, we reserve the right to suspend the account pending further investigation which may lead to account termination.
13. Storage Device
Using a shared hosting account as a backup/storage device is strictly not permitted. Shared hosting account are meant for hosting Customer’s website content.
14. Internet Relay Chat (IRC)
IRC is well-known for being a platform for a Command and Control or “C&C” type of technology, where malware that was placed (or downloaded and ran) on a machine on local network connecting outbound, “beaconing” back to the C&C server (generally just an IRC channel with a password) so that the Master of the malware could control the other computers known as a botnet.
15. Game Hosting Server
Casbay strictly prohibits clients from hosting game servers on shared hosting. Game servers are only allowed to be installed and hosted on Windows VMware based virtual private server (VPS) or dedicated servers platforms only. Please contact sales for more information on both solutions for hosting Game Servers.
16. Distributed Denial of Service (DDoS)
No Casbay resources and servers may be used to perform any form of DoS attacks. If a server is being attacked by any form of DoS, the said account will be terminated with immediate effect. Customers may subscribe to our anti DDoS protected network to have the account re-activated and protected from further attacks. If the attack continues and goes beyond the limit where our DoS protected network could mitigate, Casbay will null-route, ACL or otherwise suspend the services in its entirety to maintain quality of service for other Customers on our network.
17. TOR Hosting Server
Use of Casbay Network/hosting to host “TOR” hosts / Onion network is prohibited as it may cause IPs in the same network to be blacklisted.
Investigation and Cancellation of Services
Casbay reserves the right to disable service or terminate service and/or to remove content in order to investigate suspected violations of this AUP. Casbay at its best effort will notify any customers of any violation so that the customer can investigate the case and provide necessary explanation or solution. Failure to respond to email from our abuse department may result in the suspension or termination of services. In some critical cases, Casbay reserves the right to disable or terminate service without first given notice if the violation affects the entire operation. If the explanation or solution is accepted, customer is given a warning and/or incurs an abuse fees. If Casbay feels as though this first offence was a deliberate attempt then the account and all associated accounts will be closed without warning and without a refund. Casbay does not issue refunds for terminating service due to any of the causes specified above. Dedicated Server or Websites with unresolved Abuse or AUP matters which are not responded to within 10 days will be considered abandoned and will be deleted from the offending account.
Casbay reserves the right to refuse service to anyone. Any material that, in our judgment, is illegal, of threats or violates our terms of service in any manner may be removed or suspended from our servers with or without notice.
For Resellers: We will suspend the site in question and will notify you to take action. If Customer’s account has repetitive occurrence of this type, it may result in the immediate termination of Customer’s account.
For Direct customers: Customer’s services will be terminated with or without notice.
DDOS Attack Policy
DDoS Attacked (Being Attacked)
1) If a server’s IP is being DDOS, the said DDOS IP will be nullrouted/blackholed for a minimum of 24-48 hours.
NOTE: For servers with Anti DDoS subscribed, the mitigation process will be automatically performed and a notification will be sent to the server owner. Take note that the IP under mitigation would be IMCP disabled as part of our mitigation strategy. Therefore the said server will appear to be unreachable when PING is performed.
2) The server hosting will only be released until it is relocated to a different network segment that has minimal DDoS mitigation service to try and protect the server from the current DDoS attacks.
3) If there is a second recurring DDOS attack, the server will be suspended to prevent a major network outage on all network devices and servers. A one time fee of RM450 is applicable to perform nullroute/ blackhole on the server to reinstate the server.
4) Should the same server is to be attacked for a third time, Permanent Suspension will be enforced and hosting subscription will be terminated with no refund.
DDoS Attacking (Attacking Others)
1) If a server is found to be sending out attacking DDOS packets, the server will be put under suspension with the IP being nullrouted/ blackholed immediately. Customer will be alerted and will be required to investigate and perform the necessary fix on the compromised server. In order to do so, our support engineers will extend the ability for the server owner to connect the server’s RDC or SSH connection. Server will be reinstated upon confirmation that the root cause for the outgoing attacks are fixed and cleared.
NOTE: For Co-Location Server hosting, server owners will be required to send their engineers onsite to the data center to perform the investigation and necessary fix before the server is reinstated.
2) The server hosting will be terminated and a Permanent Suspension notice will be sent to the server owner for any reoccurring outgoing attacks.
For Shared Hosting subscriptions, the first DDoS attack (incoming or outgoing) will be considered coincidental and will be released after 24 – 48 hours. If the account is attacked for the second time, a permanent suspension will be performed for the said subscription There will be no plea upon the final decision on the Permanent Suspension. Customer may request for the data backup link. AntiDDOS subscription is only applicable for the IP that is mitigated. Clients are recommended to subscribe to the Anti DDoS protection for all IP addresses under their server subscription. You may contact Sales for a discounted quote.