What happens when we receive an abuse report

How reports reach us

Abuse reports arrive either directly to our abuse contact or forwarded by the underlying cloud provider (spam complaints, scanning detections, DMCA notices, attack reports). Every report is tied to a specific server by IP and timestamp.

Triage: hours, not weeks

We classify each report by severity. Critical abuse — active attacks, malware command-and-control, phishing pages — triggers immediate suspension of the affected server, because every minute it stays up hurts other customers' IP reputation.

Everything else — a copyright notice, an open resolver flagged by a scanner, a single spam complaint — starts with a notification, not a takedown.

What you will see: 24 hours to act

For non-critical reports you receive an email with the complaint details and a 24-hour deadline to remove the reported content or respond with your side. Fix it in time and the case is closed; no strikes, no drama.

If the deadline passes with no response and no action, the server is deleted. Before deletion we take a full backup of its disk and keep it for 7 days — your data is not the hostage here, the abusive workload is.

Your backup: 7 days, one click to a new server

The backup is a complete disk snapshot of the deleted server. For 7 days after deletion you can restore it onto a fresh server in one click from the dashboard — same plan or bigger, same region or a different one. The new server boots from your snapshot with all files, configs and software exactly as they were.

Restoring costs nothing beyond the new server's normal hourly price. After 7 days the backup is permanently and irreversibly deleted.

One honest caveat: if the restored server resumes the same abusive behavior, the next report skips the warnings and goes straight to account review.

Appeals

Reply to the abuse notice with your side: logs, context, evidence the report is mistaken. False positives happen — security scanners flag legitimate Tor relays, VPN endpoints and game servers all the time, and we reinstate wrongly suspended servers.

What gets you banned outright

Spam infrastructure, phishing, malware distribution or C2, botnets, DDoS attacks and CSAM lead to account termination, not a notice. We are privacy-friendly, not abuse-friendly — this line is what keeps the platform's IP space clean for everyone else.

How to avoid reports in the first place

Most reports against honest users come from misconfiguration: open DNS resolvers, open SMTP relays, unsecured proxies that get found and exploited. Close what you don't use, keep software updated, and rate-limit anything public-facing.