Where do you draw the line between heavy usage and abuse?
- Thread starter Tyler
- Start date
1. Most abuse is a result of compromised VMs running mining, spam, DoS operations. When this happens out of the blue, we analyze the situation and in almost all cases, a breach is detected.
2. When there is no breach of security, there is a breach of the ToS/AUP, meaning the customer deliberately does the above things.
3. In some very rare cases, the VPS is undersized for the task at hand. We tolerate loads higher than 100% for a while if they are not very high or very long even on budget lines although we state the opposite, for example, and are very liberal on non-budget products, however, eventually, too much is too much and it must stop either by asking the customer to leave or by moving to a more appropriate product.
The line is drawn where the abuse hinders other people/jeopardizes the stability of the node, for example when the application locks cores causing st values above 0, when traffic goes over 50% of the 1 Gbps link (600 Mbps are allowed in some higher end products with much lower density per node) or PPS above 40k for longer than short bursts and when disk passes sustained rates of 20-30 MB/s on regular HDD and SAN storage and 50+ on SSD raids for hours at a time when we notify the customer to check for possible breach and undersized VM situations. Huge abuse leads to shutdown, such as 200 MB/s for more than a few minutes regarding disk or over 800 mbps/80k pps and/or packet loss in case of network abuse, CPU usually has to go a long way to be saturated, except in core locking applications. Repeat abuse and/or ignoring abuse tickets leads to suspension in case of new customers, while an old customer gets repeated warnings and chances to solve the issue before suspension occurs.
farhanideas
Member
There was limit made by hosting provider to all user to use CPU ram and disks to avoid abuse by customer. Than also some are using heavy usage and making abuse for that hosting provider stop that customer which doesn't affect other customer
jarland
The ocean is digital
Relative is definitely the right word, as @Jonathan touched on. If pressed, I think I would define abuse when I answer yes to one of these points:
1. Is this impacting other customers?
2. Should it be impacting other customers?
3. Does this usage limit capacity to levels that prevent minimum desired profit margins?
The problem here is that many customers always see the accusation as a statement of "I need to oversell this to such a degree that I can't have you bursting this resource in the way that you are, because I need maximum profit squeezed out of this server like water from a wet rag." They see it that way because, frankly, that is how a lot of the big names in the hosting industry have operated for years. You might not have that kind of intent to oversell, but there's still a number, and it's still relative. The customer doesn't really know what it's relative to though, and to some extent neither do you as the host.
You either sell dedicated resources or you take a risk that too many customers who neighbor each other will burst at the same time, or consistently use more than average together. If you're a good provider, you're looking at those customers and asking yourself "Should what they're doing be causing a problem for other customers? Is this because I took too big of a risk or because they're being unreasonable in their usage?" The answer requires context.
Example: Customer runs a blog. It's not popular. It's not featured anywhere popular. One IP is connecting to it. It's maxing out 6 CPU cores. Unreasonable.
Example 2: Customer is CPU mining bitcoin. Neighbors are seeing poor CPU/disk performance. Unreasonable.
Example 3: Customer runs a blog. It's just been featured on reddit. Thousands of IPs are connecting at once. It's maxing out 2 CPU cores. Perfectly reasonable.
1. Is this impacting other customers?
2. Should it be impacting other customers?
3. Does this usage limit capacity to levels that prevent minimum desired profit margins?
The problem here is that many customers always see the accusation as a statement of "I need to oversell this to such a degree that I can't have you bursting this resource in the way that you are, because I need maximum profit squeezed out of this server like water from a wet rag." They see it that way because, frankly, that is how a lot of the big names in the hosting industry have operated for years. You might not have that kind of intent to oversell, but there's still a number, and it's still relative. The customer doesn't really know what it's relative to though, and to some extent neither do you as the host.
You either sell dedicated resources or you take a risk that too many customers who neighbor each other will burst at the same time, or consistently use more than average together. If you're a good provider, you're looking at those customers and asking yourself "Should what they're doing be causing a problem for other customers? Is this because I took too big of a risk or because they're being unreasonable in their usage?" The answer requires context.
Example: Customer runs a blog. It's not popular. It's not featured anywhere popular. One IP is connecting to it. It's maxing out 6 CPU cores. Unreasonable.
Example 2: Customer is CPU mining bitcoin. Neighbors are seeing poor CPU/disk performance. Unreasonable.
Example 3: Customer runs a blog. It's just been featured on reddit. Thousands of IPs are connecting at once. It's maxing out 2 CPU cores. Perfectly reasonable.