1. Purpose

This Abuse Handling Policy explains how Hostfist ("we", "us", "Provider") receives, assesses, investigates, and responds to reports of abusive or unlawful activity affecting our managed services (hosting, domains, webmail, Google Workspace management). Our goal is to protect the security, integrity, and availability of services for all customers while respecting legal and privacy obligations.

2. Scope

This policy applies to abuse reports relating to:

• Hosting abuse (malware, phishing sites, malware distribution, crypto-mining, botnets).
• Spam, bulk unsolicited email sent from hosted mailboxes or services.
• Phishing, spoofing or domain misuse.
• Denial-of-Service (DDoS) or other network attacks originating from or targeting resources we manage.
• Illegal content (child sexual abuse material, copyrighted material distributed without authorization, explicit criminal activity) hosted on managed resources.
• Compromised accounts or unauthorized access to customer systems or mailboxes.

3. Definitions

• Abuse: Any action that compromises security, contravenes law, violates our Terms, or harms users or infrastructure.
• Reporter: Person or organization that submits an abuse complaint.
• Subject: Customer account, IP address, domain, mailbox, or resource alleged to be involved in abuse.

4. Prohibited Conduct

Examples of conduct considered abuse (non-exhaustive):

• Distribution of malware, ransomware, or exploit kits.
• Hosting or serving phishing pages or credential harvesting forms.
• Open proxies, spam operations, or mass unsolicited email.
• Launching or supporting DDoS attacks or port scans.
• Hosting or distributing CSAM or other unlawful content.
• Unauthorized access, account takeover, or lateral movement inside infrastructure.

5. Reporting Abuse

To report abuse, provide as much of the following information as possible:

• Reporter name, organization, email, and phone (optional but helpful).
• Type of abuse (spam, phishing, malware, DDoS, etc.).
• Evidence: URLs, sample emails with full headers, IP addresses, timestamps, screenshots, and file hashes (MD5/SHA1/SHA256) where applicable.
• Targeted resources (domain name, hosting account identifier, IP address, mailbox address).
• Date/time (with timezone) of observed abuse.

Submit reports via:

• Email: abuse@hostfist.in
• Webform / Support Portal: https://hostfist.com/legal/abuse-handling-policy
• Emergency / Phone (for active incidents): +91-XXXXX-XXXXX

We will acknowledge receipt of valid reports and may request additional information if evidence is insufficient.

6. Investigation & Takedown Procedure

1. Receipt & Triage: We log and triage incoming reports to determine credibility and urgency.
2. Validation: We verify evidence (reproduce phishing/malware sample, validate headers, check file hashes, consult threat feeds).
3. Notification to Subject: When appropriate and where it does not hinder investigation, we notify the account owner or administrator of the alleged abuse and request remediation.
4. Mitigation: We may take actions including blocking URLs, quarantining mailboxes, revoking compromised credentials, applying firewall rules, or isolating affected services.
5. Takedown or Suspension: If abuse is confirmed and not remediated promptly, we may suspend the offending account, disable hosting, or remove content until the issue is resolved.
6. Restore & Remediation: Services are restored only after confirmation of cleanup, patching, or other mitigations. Restoration may require additional security verification by the account owner.

7. Response Times & Prioritization

We prioritize reports based on severity:

• Critical (CSAM, ongoing fraud, active phishing, live malware hosting, severe data breach): Initial acknowledgement within 1–4 hours and immediate mitigation actions where possible.
• High (mass spam, resolved compromises, active DDoS): Acknowledgement within 24 hours, investigation within 24–72 hours.
• Medium / Low (policy violations, suspected abuse with limited evidence): Acknowledgement within 3 business days.

These are targets — actual times may vary due to complexity or third-party dependencies (registrars, upstream hosts, Google Workspace).

8. Evidence Preservation & Logging

We preserve relevant logs and evidence (access logs, mail logs, disk snapshots) for a limited period to support investigations and law enforcement requests. Preservation period varies by data type and legal requirements; contact abuse team if you require specific retention for an ongoing case.

9. Account Suspension & Termination

We reserve the right to suspend or terminate accounts to protect our network and other customers. Suspension steps may include:

• Temporary suspension with notification and remediation instructions.
• Immediate suspension without notice for severe or ongoing abuse.
• Permanent termination for repeated or egregious violations.

Where possible, we provide steps to remediate and a process for restoration. We are not responsible for data loss resulting from suspension if the user failed to maintain backups.

10. Law Enforcement Requests

We cooperate with lawful requests from law enforcement agencies. When served with a valid legal request (subpoena, court order), we may disclose account information and preserved logs as required by law. Where permitted, we will attempt to notify the affected account holder unless prohibited by the request.

11. Appeals & Disputes

If your account or content was suspended and you believe this was in error, you may file an appeal to our abuse team. Appeals must include:

• Account identifier, domain, or resource in question.
• Explanation of why the suspension was incorrect and evidence of remediation (patches applied, passwords reset, cleaned files).

Appeals will be reviewed and responded to in a reasonable timeframe. Restoration is not guaranteed and may be contingent on additional security measures.

12. Repeat Offenders

Customers who repeatedly violate this policy may be permanently terminated and reported to relevant authorities or upstream providers. Repeat offenders may also be blacklisted from certain services.

13. Privacy & Confidentiality

We handle abuse reports in accordance with our Privacy Policy. Reporter identities and non-public data may be treated as confidential where appropriate, subject to legal obligations. We will not share reporter contact details without consent except when required by law.

14. Changes

We may update this Abuse Handling Policy periodically. Material changes will be posted on this page and, where appropriate, communicated to customers. Continued use of services after changes indicates acceptance.

15. Contact

To report abuse or contact our abuse team:

• Email (preferred): abuse@hostfist.in
• Support Portal / Webform: https://hostfist.com/legal/abuse-handling-policy
• Emergency / Phone: +91-XXXXX-XXXXX

This policy is a general template. For regulated environments, incidents requiring legal action, or high-risk investigations, consult legal counsel and follow applicable laws and local procedures.