US KVM ipv4 VPS $2/mo with recurring 50% OFF all orders + Free FTP250G Storage Account
CharityHost_org
Hosting Provider
FLASH POST for 7 days promo!
Recurring 50% OFF for the life of any service ordered by end of April, 2025!
The discount is valid until 2025/05/1!!
Use coupon code: 50%-OFF-APRIL-2025
Network test:
https://looking-glass.charityhost.org
Request the free FTP250G Storage by ticket once you have paid for any order on this promotion.
Additional hard drives from 500GB to 16000GB also enjoy a 50% discount!
Below prices posted with discounts:
1 USD/month
VPS SSD .5
1 vCPU Xeon E5-2699v4 (50% share)
512 MB DDR4 memory
10 GB SSD RAID 10
500 GB bandwidth
1 GbE Public
10 GbE private
IPv6 only
dns64 for outstation ipv4 conversion
Order link: https://charityhost.org/account/store/vps-ssd-highmem/vps-ssd-point5/?promocode=50%-OFF-APRIL-2025
1.50 USD/month
FTP 500GB
500 GB HDD RAID 5
500 Mbps network speed
5 FTP accounts
Cyber Panel FTP control panel
Order link: https://charityhost.org/account/store/ftp-storage/ftp-500gb/?promocode=50%-OFF-APRIL-2025
2.00 USD/month
VPS SSD 1
1 vCPU Xeon E5-2699 v4
1 GB DDR4 memory
20 GB SSD RAID 10
1 TB bandwidth
1 GbE Grid
10 GbE Private Network
IPv4 Address
IPv6 /64 Network
Order link:https://charityhost.org/account/store/vps-ssd-highmem/vps-ssd-1/?promocode=50%-OFF-APRIL-2025
2.00 USD/month
VPS 500G
1 vCPU Xeon E5-2690 v3
1 GB DDR4 memory
500 GB HDD RAID 5
1.5 TB bandwidth
1 GbE Public
10 GbE private
IPv4 Address
IPv6 /64 Network
Order link:https://charityhost.org/account/store/vps-hdd-storage/vps-500g/?promocode=50%-OFF-APRIL-2025
2.50 USD/month
Charity 10 Plesk Nginx Mysql Web Trust
2 vCPU
2 GB memory
55 GB SSD RAID 10
256MB PHP memory
1 GbE unlimited flow
Order link:https://charityhost.org/account/store/optimal-web-hosting/charity-10/?promocode=50%-OFF-APRIL-2025
2.50 USD/month
VPS NVMe Gold 1
1 vCPU Xeon Gold 6248
1 GB DDR4 memory
20 GB NVMe RAID 10
1 TB bandwidth
1 GbE Public
10 GbE private
IPv4 Address
IPv6 /64 Network
Order link:https://charityhost.org/account/store/vps-nvme-gold/vps-nvme-gold-1/?promocode=50%-OFF-APRIL-2025
3.00 USD/month
VPS NVMe 7950X3D 1
1 vCPU Ryzen 9 7950X3D
1 GB DDR5 memory
20 GB NVMe RAID 10
1 TB bandwidth
1 GbE Public
10 GbE private
IPv4 Address
IPv6 /64 Network
Order link: https://charityhost.org/account/store/vps-nvme-ryzen-9-x3d/vps-nvme-7950x3d-1/?promocode=50%-OFF-APRIL-2025
Comments
PSA: Please read their AUP. You don’t have freedom of speech when using this provider.
“Disparage, tarnish, or harm us or the Services.”
Insert signature here, $5 tip required
Nothing wrong with that. Why would you want to do anything illegal in the name of free speech anyways ?
blog | exploring visually |
This means if you publicly share a bad experience, then it’s grounds for banning your service.
Honestly that’s just absurd. Every other host usually accepts any and all feedback vs shuns users who say anything.
Insert signature here, $5 tip required
Would avoid them, they snoop trough your data
How so? Public data in public_html? Know your facts dont make assumptions
“Disparage, tarnish, or harm us or the Services.”
and
"if you publicly share a bad experience, then it’s grounds for banning your service."
I see your point. That's the Tarnish/disparage part. Harm can also mean doing "naughty" things with network, or sharing some types of "iso" files that may be frowned upon etc. That is where my first comment came from. Thanks for clarification.
Someone had put it nicely.. this is called Peeking into my garden.
Peeking is not cool
blog | exploring visually |
We accept constructive criticism, but not insults and berating staff in public or private support tickets.
So I'm allowed to look through my customers data in the public_html folder even tho there is actual a authentication mechanism infront of it?
Is it just the public_html folder or do you snoop trough all folders called public?
Since facts are so important to you, it's probably also worth mention that the site was not actually connected to any valid domain, and therefore not actually publicly accessible.
Since when did public_hmtl have auth on ti?
You need to setup htpasswd and htaccess for that!
Look up, man curl. if you know anything about cli cmd in linux or even windows. Look for --resolve.
public browse into the open public park with curl --resolve from a hosting management perspective is not intruding privacy on public_html hosted data. Let's be clear and sensible.
You said in the previous thread the user did not have a domain connected to the storage and that you do not have a default domain for each box - so how was it public?. Would be good to clear that part up if possible.
If you search the threads, (vanilla's poor search capabilities notwithstanding), "Peeking into garden" has a very clear meaning as does "iso" or "chicken". I am very clear in my statement about the peeking part. If you interpret it otherwise, that is your prerogative. On the other hand,
If you think that is NOT sensible, then I wish you well. With that attitude, may you get customers who are okay with a high horse rider. I am not, and this concludes my message in this or any other discussion where your hosting is involved. Best regards.
Edit: Have self flagged my posts, since the conversation is heading nowhere, and in community spirit.
blog | exploring visually |
The issue here is, to check if a .htaccess exist, you first need to look in the directory.
Ahh, I was waiting for that argument.
So, you say anyone could have accessed the file if they
A: Know the server IP address
B: know the none existing domain name
C: Know that this none existing domain name is actually "hosted" on said IP address
D : Actually make the effort to spoof the host header in a request to said server
I'm sorry my friend, but this really does not public to me
You think customer could not have shared the domain and the ip? He had both, does not matter if the domain resovled or not. public_html is public
I do not agree. But I'll give you this, you are not insulting us, you are just sending your opinion, it's not reality based of facts, it's your opinion. I can respect that and still disagree.
All FTP accounts we service to customers have a domain but it can be any domain, does not have to resolve. However, if autoindex is on as it was to accomodate easier file sharing browsing, curl --resovle will list the autoindex, so will a browser. public_html === public data
But if you supply a dead domain (e.g. dfjs231dlkfs.com) and you don't have a temporary domain to access the data over the web - how is this public? autoindex wouldn't matter as you couldn't resolve it anywhere on the web. Only you (the host) could see this by browsing the files - this is the part I don't understand.
Customer can also share the FTP account username and password.
Thus, the entire account, regardless of public_html, is pubic information.
No hostname left!
By that logic everything is public.
So, you not only claim the right to snoop trough your customers public_html folder, but trough everything since customers could have shared login details with someone else?
just to be very clear here from what could be taken away in the threads at OGF:
IMHO the main point here is, the provider saw the disk space is full and checked what is going on. when he found porn he suspended the client and tried to extort an admin fee. after the client went public they tried to justify looking into the clients data with a weird definition of it being public and therefore against their AUP. regardless of the fact, that the client wasn't even aware of that technical possibility, the domain had no A record and nearly no one really understands how to actually access that data "publicly"
the fact remains, that if you hit some quota, the provider will access your data and look into what you have stored there.
@CharityHost_org a word of advise if I may... while all the technical stuff with directory index and curl resolve and whatnot is for sure a working solution, no one (me included) is going to believe, that you will actually use this as a procedure to look for anything your monitoring is triggering. let's be real, every provider has full access to all data anyway, so why would one jump through hoops.
or do you want to suggest that, if there would not have been any data in public_html but instead it would have been in any other folder (not 'public' by your definition), you would not have investigated further, what is taking up that space?
any reasonable provider has to act on monitoring alerts - which is fine. no one is gonna check diskusage via come cringy curl lookups on public folder. you can run simple du commands to see which folder is taking up space and then check the webserver logfiles, to see if there is actual access from some public/external IP.
and even then... you probably could have handled the comms with the client much better 😅
also please! don't take your tone of voice from OGF over to here. that would not be appreciated.
in this case indeed it was...
Is this the mighty CH that throwing tantrum everywhere?
Well hello there, heard that these good for your SEO.
kinda bored recently
Do I recall correctly that it also wasn't mentioned that this FTP Storage was web available? People expected a place to dump files and got a place to dump files that you could share unintentionally?
Yea, the AI summaries will love all the threads about CharityHost snooping into customer data 😅
yes, from what was shared, it wasn't mentioned in the mail after setup. the user was kind of expected to find and welcome this as a great feature because of the folder name and the requirement to provide a domain name.
it's even below the level of putting notes in the motd that say "don't type sudo, or else"