We help IT Professionals succeed at work.

1and1 billed me £2100 for a months hosting

kmorrisroe asked
Medium Priority
Last Modified: 2013-12-14
I have recently had my 1and1 virtual server package hacked and my server hijacked. They used the server to transport files across the world ending up in a bill from 1and1 to me for £2100. When I told them it was not me they told me I was responsible for the traffic. They told me they have to pay for the traffic also.

I find this hard to believe because because the next option up is £30 extra and has unlimited bandwidth. So for an extra £30 a month this would of prevented a bill for £2100. I cant see how 1and1 can expect me to pay this bill. I also signed up for a 3 month free hosting package to which they have kindly charged me every month for.

Has anyone else had any experience with this and can they give me any advice on how to proceed. Technically I am going to migrate to a dedicated server with better firewall options but this bill is going to cripple me!  Is this a breach of contract by billing me for the first three months server rental?  I am I really liable for this bandwidth?
Watch Question

Top Expert 2009

£2100 !!!

I would not pay!!

Your comments :
I also signed up for a 3 month free hosting package to which they have kindly charged me every month for.

so this incident happended within this 3 month ?

can you explain me little bit more :
what do you meant by "They used the server to transport files across the world " ??
Cloud/Infrastructure Solutions Architect
IANAL, but I recommend getting yourself a lawyer as soon as possible and explaining the situation to them. Experts-Exchange is really not the place for this kind of question as it is not of a technical issue, but more of a account rules and terms of service issue.


I took a quick check of 1and1's FAQ, and its pretty much stated you are responsible for everything that happens to your account -- hacked or not.

2.1.5. -- Unless provided otherwise in the specifications for your Services, Bandwidth use, including but not limited to data retrieval from your Web Site, e-mail traffic, and downloads, shall not exceed six gigabytes per month. Your combined mailbox use per account shall not exceed twenty-five gigabytes per month. You are responsible for monitoring your Bandwidth and mailbox use, and agree to check your e-mail and download or delete your e-mail on a regular basis in order to ensure compliance with this paragraph. Should you exceed your mailbox use limits 1&1 may return or reject any and all e-mails sent to you to the originating sender without liability to you. You agree that 1&1 may debit the Payment Account for usage in excess of permitted amounts at the rates set forth in the then-current Fee Schedule.

3.3. -- All Fees must be paid in United States Dollars in advance of the provision of services. 1&1 will charge the monthly fee and any additional fees to the Payment Account unless specifically provided otherwise. You also agree that 1&1 may automatically debit your Payment Account, without further authorization from you, for any renewal term, additional services, and any fees or expenses applicable to Your Services or Your Website, including but not limited to fees for excessive bandwidth use or other surcharges for services in excess of those included within Your Services or Your Web Site. If payment in full is not received by 1&1 from the provider of your Payment Account or its agents, you agree to pay all amounts due from you for Your Services upon demand by 1&1.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


they installed .rar files to my machine, When I looked they were films like bond and so on. They used FTP to hack into my server. Windows firewall was enabled but they dont provide adequate firewall add ons unless you choose a deciated package.

They provide no techincal assistance either to help you deal with such a situation and to be honest dont really care. I rebuilt the server to get rid of them but they are still trying to hack me now. I have disabled FTP for the time being.
I wish I couldnt pay but they have taken it from credit card.
Top Expert 2009

When they took out the money then you should speak with lawyer .

does this happended within this 3 month trial period ??

didnot they provide any control panel to check how much bandwidth is going out ??

from termandconditions , its saying you are responsible, but every company monitor the bandwidth, like due to spamming my isp they blocked me as my server has been compromised and sending out too much trafiq hence the bandwidth. they should have that kind of facilities and they offcourse monitor ...  but why they didnot warn you, its wired ...
Expert of the Quarter 2009
Expert of the Year 2009
You need to get some legal advice, but I don't think you have much to go on.
You have probably learnt a hard lesson the facts of life when it comes to the internet - that may seem harsh, but that is the case.

2100 looks like it is the price for about 410gb of data. Considering what could be pulled out, you probably got away lightly. It is perfectly possible to get 2tb out of a server in a month.

It is perfectly possible to run an FTP site behind the standard Windows firewall. Even with a top of the range firewall you wouldn't have been protected. The techniques are very simple - a brute force attack against the server, most likely against the Administrator account. Either that or a simple password was used and was easily guessed.

As for the bill - well there is no such thing as unlimited bandwidth, although the advertising authorities seem to allow it to be used. Most sites will have an acceptable use level, because if they don't then it is abused in the way that you have experienced. A host offering genuine unlimited bandwidth would be out of money within weeks. A YouTube clone would use the bandwidth, probably to stream adult content.

What could you have done? A good password policy would be a start, locking down the server to the Microsoft best practises. While you may have done that, obviously something slipped through.

A monitoring application looking at the traffic on the network card would allow you to see a spike in traffic. Doesn't have to be anything very clever, just something that will tell you how much data went through the card in the past x hours.

The host could take some of the blame for not seeing the traffic spike, instead of just waiting until the end of the month, but many hosts simply don't care and just churn out the bill. I am no lawyer, but that is probably the closet you could get to a defence - a reasonable expectation of care.

Unfortunately the simple fact is that there are many people out there who are simply looking for a server that they can abuse for as long as they can get away with it.

As I have already said, it may seem harsh, but that is the way of the world these days.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.