ARTIST DIRECT TERMS AND CONDITIONS The following terms and conditions (these "Terms") govern the provision by DIGEX, Inc. ("Company") of the services and/or products (referred collectively herein as "Services and Products") described on the Server Order Form and Contract attached hereto ("Order Form") and defined in Company's product support listing, to the customer ("Customer") identified on the Order Form. The Order Form, these Terms and the attachments hereto, which are identified on the Order Form, executed with respect to the Services and Products are referred to herein, collectively, as this "Agreement." 1. OBLIGATIONS OF COMPANY. Company shall install within ten business days after execution by Company of the Order Form, unless otherwise specified in the Order Form, and maintain the Services and Products which are designated in the Order Form (as such may be supplemented pursuant to Section 5, below). Company will use its best efforts to assure that Customer's Internet server will be available 24 hours a day, seven days a week. If the Customer's Internet server is unavailable for more than a total of 4 hours in any week, other than as a result of the maintenance activities described in Section 4, below, fees for that week will be waived and the applicable monthly invoice will be adjusted accordingly. For the purposes of this Agreement, a week shall be considered to run from Sunday to Saturday. Customer's Internet server shall be deemed to be not available for purposes of this Section 1 if Company's standard hardware, software, or operating system is functioning in a manner that prevents http, ftp, or mail access to the Internet server ("Unavailability"). For purposes of this Section 1, Unavailability shall not be deemed to occur hereunder as a result of Customer action or inaction, including, but not limited to, Customer utilization of Customer owned, non-standard, or unsupported hardware and/or software installed by the Customer or Company at the Customer's request. 2. OBLIGATIONS OF THE CUSTOMER. Customer shall comply with all of the terms of this Agreement, including, but not limited to, the Acceptable Use Policy attached hereto as Attachment A (the "Use Policy"), as the Use Policy may be modified from time to time. Upon notice from Company, Customer promptly shall eliminate any hazard, interference or service obstruction that any hardware or software used by the Customer, whether or not provided by Company ("Customer Materials"), is causing, or is likely to cause. If Customer requests Company to assist it in removing any hazards, interference or service obstruction that Customer Materials are causing or are likely to cause, Company may, but is not required to, assist in such removal. The charges for Company's services in connection with such assistance shall be at rates determined by Company at the time such services are requested and payment with respect thereto shall be made in accordance with Section 3, below. In the event that the primary function(s) of Customer's web site is impaired during non-business hours or holidays, and Company has been unable to successfully locate and/or contact an authorized representative of Customer, Company make take reasonable steps to restore the functionality of Customer's web site without prior Customer approval. ANY NECESSARY WORK THAT IS PERFORMED BY COMPANY TO RESTORE FUNCTIONALITY THAT WAS IMPAIRED BY CUSTOMER DESIGN FLAWS OR ERRORS ARE BILLABLE TO CUSTOMER. CUSTOMER UNDERSTANDS THAT CUSTOMER SHALL PAY TO COMPANY A BILLABLE RATE FOR TIME AND MATERIALS, AS INDICATED ON THE ORDER FORM UNDER TIME AND EXPENSE ORDER. THESE CHARGES ARE IN EXCESS OF THE MONTHLY RECURRING CHARGE. 3. PAYMENT. 3.1 Generally. Charges for the Services and Products (including the charges described in the balance of this Section 3.1, the "Charges") are set forth on the Order Form. Charges shall commence to accrue on the date that Company provides access codes to Customer ("Operational Date"). All payments for Charges shall be made in U.S. Dollars. Customer may pre-pay the Charges for the entire term of this Agreement or may pay the Charges on a monthly basis. Charges shall be invoiced to Customer in advance at the beginning of the month. Any additional charges, including, but not limited to, any early cancellation charges, accrued interest, late fees and any usage-based charge, including, but not limited to, charges for network access to the Internet, shall be invoiced in arrears and shall appear on the monthly invoices for Services and Products or separate invoices. In all cases, payments for Charges are due upon receipt by Customer of the invoices for such Charges. In addition to any other remedies that may be available to Company under this Agreement (including, but not limited to, in connection with the termination of this Agreement pursuant to Section 6 below) or applicable law, Charges that are not paid in full thirty (30) days after receipt by Customer of the invoice therefore (a "Payment Default") will be subject to interest charges of the lesser of one and one-half percent (1.5%) per month or portion thereof and the highest amount permitted by law, which interest shall accrue daily. Customer shall be liable for all amounts owed to Company pursuant to this Agreement, irrespective of the termination of this Agreement. Customer also shall pay to Company all expenses incurred by Company in exercising any of its rights under this Agreement or applicable law with respect to the collection of a Payment Default, including, but not limited to, reasonable attorneys' fees and the fees of any collection agency retained by Company. 3.2 Taxes. Customer shall be liable for, and shall reimburse Company and indemnify and hold Company harmless from all local, state, federal and non-United States taxes or similar assessments or charges (including any interest and penalties imposed thereon) other than taxes based on the net income of Company, arising out of, or relating to this Agreement or the sale of the Services and Products hereunder. 3.3 Pass Through Items and Other Expenses. Company will have the right at any time during any term of this Agreement to pass through and invoice to Customer any new or increased fees, assessments, taxes or other charges imposed on or required to be collected by Company by any governmental agency or any new or increased charges by any carrier that affect Company's costs in providing Services and Products to Customer. Customer also will be responsible for paying any sales, license and use taxes, fees, or assessments levied by any local, state or federal government or governmental agency with respect to the provision of Services and Products under this Agreement. Customer will pay and be solely responsible for all taxes, fees and charges levied directly upon it. 4. MAINTENANCE. Company designates time periods ("Scheduled Maintenance Windows") during which it may limit or suspend the availability of the hardware and/or software involved in providing its Services and Products (an "Outage") to perform necessary maintenance or upgrades. Scheduled Maintenance Windows currently are each Tuesday and Friday between the hours of 4 am and 8 am and the third Saturday of each month between the hours of 4 am and 12 noon, Eastern Standard Time and Pacific Standard Time. If planned maintenance has the possibility of making the server or servers, as the case may be, utilized by Customer inaccessible to the Internet during a Scheduled Maintenance Window Company will provide not less than twenty-four (24) hours prior electronic mail or other notice to Customer of the Scheduled Maintenance 1 <PAGE> 2 Window during which the Outage is planned. In addition, Company reserves the right to perform any required maintenance work outside of the Scheduled Maintenance Window with prior WRITTEN notice to Customer. 5. ADDITIONAL PRODUCTS OR SERVICES. With Company's concurrence, Customer may orally request service or products ("Additional Item") then offered by Company in addition to the Services and Products (an "Oral Request"). An Oral Request may only be made by the individual(s) listed as the authorized customer upgrade contact on the Order Form. Customer will have five (5) business days after making the Oral Request to cancel the Additional Item in writing. As soon as practicable after receiving the Oral Request, Company will begin the installation process with respect to the Additional Item. Customer will be charged Company's then current list price for the Additional Item. If Customer cancels the Oral Request, Customer shall pay all applicable charges of Company with respect to the installation of the Additional Item. An Additional Item shall be subject to this Agreement. 6. TERM AND TERMINATION. The initial term of this Agreement shall commence on the Operational Date and upon expiration shall automatically renew for successive ninety (90) day terms at the Charges in effect at the commencement of such terms (which Charges shall have been communicated to Customer in writing forty-five (45) days prior to the end of the preceding term) or until written notice of non-renewal by either party is delivered to the other party at least thirty (30) days prior to the end of the then current term. 6.1 Termination by Company. In addition to any other rights it may have under this Agreement or applicable law, Company may, at its option, immediately terminate this Agreement, upon (i) a Payment Default which breach is not cured by Customer within ten (10) business days of Customer's receipt of written notice of such breach, (ii) Customer's failure to comply with any other obligation of Customer under this Agreement which breach is not cured by Customer within ten (10) business days of Customer's receipt of written notice of such breach (iii) Customer's failure to comply with any of the terms of the Use Policy which breach is not cured by Customer within two (2) business days of Customer's receipt of written notice of such breach, (iv) Customer ceasing to do business in the normal course, becoming or being declared insolvent or bankrupt, being the subject of any proceeding relating to liquidation or insolvency which is not dismissed within 90 calendar days or making an assignment for the benefit of its creditors or (v) any attempt by Customer to derive any source code from the Services or Products. 6.2 Termination by Customer. Customer may terminate this Agreement with respect to all, and not less than all of the Services and Products in the event of (a) a material breach by Company of its obligations under this Agreement which breach is not cured within ten (10) business days after written notice thereof is received by Company, or (b) otherwise in the first sixty (60) days of the initial term hereof (collectively, a "Permissible Termination"). In the event of a Permissible Termination, Customer shall pay (i) installation Charges, (ii) a pro-rated Charge based on the number of days Company provided Services and Products prior to the date of termination of this Agreement by Customer under this Section 6.2, and (iii) if the Services and Products include software for which Company does not then provide general customer support, Customer shall pay to Company an amount equal to Company's cost of such software for the entire term. If Customer terminates this Agreement other than in a Permissible Termination, Customer shall pay to Company an amount equal to all unpaid Charges for the remainder of the then current term of this Agreement. 6.3 Rights and Obligations on Termination. Upon termination of this Agreement, Company and Customer shall have no obligations to each other except as provided in this Agreement. Upon termination of this Agreement, Customer shall (i) pay all amounts due and owing to Company, (ii) remove from Company's premises all property owned by Customer and (iii) return to Company all software, access keys and any other property provided to Customer by Company under this Agreement. Customer may retrieve any Customer-provided property or materials upon reasonable prior written notice to Company. Any property of Customer not removed from Company's premises within a short, reasonable time after such termination shall become the property of Company, which may, among other things, dispose of such property without the payment of any compensation to Customer. The rights and obligations of both parties, which by their nature would continue beyond the termination of this Agreement (including, without limitation, those relating to confidentiality, payment of Charges, limitations of liability and indemnification), shall survive such termination. 7. PROPERTY RIGHTS. Company hereby grants Customer a non-exclusive, non-transferable license to use the Services and Products provided hereunder during the term of this Agreement. All rights with respect to the Services and Products, including, but not limited to, intellectual property or similar rights with respect therefore belong exclusively to Company, whether or not they are embedded in any Service or Product. Notwithstanding the foregoing, Customer shall not be obligated to make any royalty or other payments with respect to the Services and Products other than as provided in this Agreement. 8. PROPRIETARY RIGHTS INDEMNIFICATION. 8.1 By Customer. Customer agrees to indemnify and hold harmless Company, all individuals or entities controlling, controlled by or under common control with Company (each, a "Company Affiliate"), and the officers, directors, attorneys and employees of Company and each Company Affiliate (a "Section 8 Indemnified Party") against any losses, claims, damages, liabilities, penalties, actions, proceedings or judgments (collectively, "Losses") to which a Section 8 Indemnified Party may become subject related to or arising out of any infringement or misappropriation or alleged infringement or misappropriation of any United States copyright, trade secret or other proprietary right related to any hardware or software utilized by Customer in connection with any of the Services or Products and will reimburse a Section 8 Indemnified Party for all legal and other expenses, including reasonable attorneys' fees incurred by such Section 8 Indemnified Party in connection with investigating, defending or settling any Loss whether or not in connection with pending or threatened litigation in which such Indemnified Party is a party. 8.2 By Company. Company agrees to indemnify and hold harmless the Customer against any Losses to which the Customer may become subject related to or arising out of infringement or misappropriation of any United States copyright, trade secret or other proprietary right related to the equipment and software provided by the Company to the Customer, and will reimburse the Customer for all legal and other expenses, including reasonable attorney's fees incurred in connection with investigating, defending, or settling any such loss, claim, 2 <PAGE> 3 damage, liability, action or proceeding whether or not in connection with pending or threatened litigation in which the Customer is a party. This indemnification does not relate to the Customer's content or matters that arise from Customer's content or conduct. The provisions of this Agreement relating to indemnification shall survive termination of Customer's account. If any such Products and Services, or any part thereof, is an infringement or a misappropriation, then Company will, at no additional charge to the Customer, use commercially reasonable efforts to either: (i) procure for Customer the right to continue using such Products and Services or part thereof; or (ii) replace such Products and Services with non-infringing Products and Services; or (iii) modify the same so as to make it non-infringing; or (iv) the Agreement as to the infringing Products and Services will terminate, and Company shall refund to Customer any and all of the unused portion of the fees paid for such Products and Services. 9. INDEMNIFICATION. In addition to other indemnification provided herein, Customer agrees to indemnify and hold harmless Company, each Company Affiliate and the officers, directors, employees and agents of Company and each Company Affiliate (each an "Indemnified Party") against any losses, claims, damages, liabilities, penalties, actions, proceedings or judgments (collectively, "Losses") to which an Indemnified Party may become subject and which Losses arise out of, or relate to this Agreement or Customer's use of the Services and Products, and will reimburse an Indemnified Party for all legal and other expenses, including reasonable attorneys' fees incurred by such Indemnified Party in connection with investigating, defending or settling any Loss whether or not in connection with pending or threatened litigation in which such Indemnified Party is a party. 10. LIMITATION ON COMPANY LIABILITY. The parties acknowledge that the limitations set forth in this Section 10 are integral to the amount of fees levied in connection with this Agreement, and that, were Company to assume any further liability other than as set forth herein, such fees would of necessity be set substantially higher. Company does not monitor or exercise control over the content of the information transmitted through its facilities. Use of the Services and Products or any information that may be obtained therefrom is at Customer's own risk. Company shall have no responsibility or liability for the accuracy or quality of information obtained through its Services and Products. Company shall not be deemed to be in default of any provision of this Agreement or be liable for any delay, failure of performance or interruption of the provision of Services and Products to Customer resulting, directly or indirectly, from any (i) weather conditions, natural disasters or other acts of God, (ii) action of any governmental or military authority, (iii) failure caused by telecommunication or other Internet provider, or (iv) other force or occurrence beyond its control. The exclusive remedy against Company for any damages whatsoever to Customer arising out of or related to this Agreement shall be the refund of the fees paid by Customer to Company with respect to the then current term of this Agreement. NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF PROFITS OR LOSS OF REVENUE RESULTING FROM THE USE OF THE COMPANY'S SERVICES AND PRODUCTS BY CUSTOMER OR ANY THIRD PARTIES EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY THEREOF. COMPANY SHALL NOT BE LIABLE FOR ANY LOSS OF DATA RESULTING FROM DELAYS, NONDELIVERIES, MISDELIVERIES OR SERVICE INTERRUPTIONS. COMPANY PROVIDES THE SERVICES AND PRODUCTS AS IS, WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED. COMPANY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER SHALL BE SOLELY RESPONSIBLE FOR THE SELECTION, USE AND SUITABILITY OF THE SERVICES AND PRODUCTS AND COMPANY SHALL HAVE NO LIABILITY THEREFORE. The limitations of liability provided in Section 10 of this Agreement shall inure to the benefit of Company and all Company Affiliates and to all of the respective officers, directors, attorneys, employees and agents of Company and such other entities ("Limited Liability Parties"). The limitations of liability afforded Company in this Agreement shall apply whether (i) the action in which recovery is sought is based in contract, tort (including, but not limited to, negligence or strict liability), statute or otherwise or (ii) a Limited Liability Party is alleged to be liable jointly with one or more parties or otherwise. 11. OTHER CUSTOMER ASSURANCES. During any time period when Customer is provided access to any facilities, hardware or other property owned or leased by, or otherwise under the control of Company (collectively "Company Property") pursuant to this Agreement, Customer shall (i) maintain insurance, with Company as a named payee, covering any damage or destruction to Company Property (collectively "Damage") and (ii) reimburse Company for all expenses incurred by Company in replacing or repairing, as the case may be, any Damage caused by Customer. 11.1 Limited Company Liability. Neither Company nor any of its officers, directors, employees, and agents shall be liable for any damage or destruction of equipment or other materials belonging to, leased by, or otherwise under the control of Customer, whether or not any such equipment or materials are at any time located in facilities owned or operated by Company, except where such damage or destruction is a direct result of the gross negligence, recklessness or willful misconduct of Company or any of its officers, directors, employees, and agents. 12. CONFIDENTIALITY. 12.1 CONFIDENTIALITY. The parties recognize that they will have access to confidential proprietary information and/or trade secrets of the other party. Customer specifically acknowledges that the Services and Products constitute valuable trade secrets of Company. Accordingly, the parties agree that (i) the provisions of this Agreement, (ii) any information whatsoever with respect to the Services and Products, (iii) the course of dealing between Company and Customer hereunder and (iv) all other non-public information relating to the foregoing, including but not limited to user information submitted through Customer's web forms, and the number of such web forms submitted (collectively, the "Confidential Information") shall be treated by parties on a confidential basis and shall not be reproduced, reduced to writing, or disclosed to any employees of the parties (except on a need to know basis and then only if the employee is subject to an obligation of confidentiality) or any other person or entity without the prior written consent of the disclosing party. Upon termination of this Agreement, any documentation or data reflecting any Confidential Information shall be promptly returned to the disclosing party. Disclosure of information pursuant to applicable statutes or regulations (collectively, "Laws") shall be excepted from this provision; provided, however, that prior to any disclosure pursuant to any Laws, the recipient will assert the confidential nature of the Confidential Information and will cooperate fully with the disclosing party, at disclosing party's expense, in protecting against such disclosure. 3 <PAGE> 4 including, but not limited to, obtaining a protective order or similar order narrowing the scope of such disclosure of the Confidential Information. In the event such protection is not obtained, the recipient shall disclose the Confidential Information only to the extent necessary to comply with the Laws. 12.2 Tampering. The parties agree that they will not attempt to copy or in any way, alter, re-engineer or otherwise tamper with any of the Confidential Information. 12.3 Injunctive Relief. The parties acknowledge that violation of the provisions of Sections 12.1 or 12.2, above, could cause irreparable harm to the disclosing party not adequately compensable by monetary damages. In addition to other relief, it is agreed that injunctive relief shall be available to the disclosing party in the event of such violations without necessity of posting bond to prevent any actual or threatened violations of such sections. 13. TRANSFER AND ASSIGNMENT. Neither party may sell, assign or transfer any of its rights or obligations under this Agreement without the prior written consent of the other party. 14. USE OF CUSTOMER'S OR COMPANY'S NAME. Company shall be permitted to use Customer's name in connection with proposals to prospective customers and otherwise in print or electronic form for marketing or other purposes, including, but not limited to, use in connection with (i) compliance with applicable laws or regulations; and (ii) the protection of any rights relating to Company or its business. Customer may use the name "DIGEX" in connection with the Services and Products or otherwise only with Company's prior written consent. 15. NO THIRD PARTY BENEFICIARIES. Except as otherwise specifically provided herein, this Agreement inures to the benefit of Company and Customer only and no third party shall enjoy the benefits of this Agreement or shall have any rights hereunder. 16. NOTICES. Unless otherwise specified herein, any notices or other communications required or permitted hereunder shall be sufficiently given if in writing and delivered personally or sent by facsimile transmission, internationally, recognized overnight courier, registered or certified mail (postage prepaid with return receipt requested), to the address or facsimile number of Customer as set forth in the Order Form or Company as set forth below. Such notices or other communications shall be deemed received (i) on the date delivered, if delivered personally, (ii) on the date that return confirmation is received, if sent by facsimile, (iii) on the business day (or, if international, on the second business day) after being sent by an internationally recognized overnight air courier or (iv) five days after being sent, if sent by first class registered mail, return receipt requested. DIGEX, Inc., One DIGEX Plaza, Beltsville, Maryland, 20705, Attention: Vice President, Client Services, Facsimile Number: (301) 847-5056 17. SURVIVAL OF CLAIMS Any claims arising out of or related to this Agreement must be brought no later than one year after it has accrued. 18. INDEPENDENT CONTRACTOR STATUS. Nothing in this Agreement or in the course of dealing between Company and Customer pursuant hereto shall be deemed to create between Company and Customer (including their respective directors, officers, employees and agents) a partnership, joint venture, association, employment relationship or any other relationship other than that of independent contractors with respect to each other. 19. GOVERNING LAW. This Agreement shall be governed by and construed in accordance with the laws of the State of California, without regard to choice of law provisions that would cause the application of the law of another jurisdiction. 20. DISPUTE RESOLUTION. 20.1 [INTENTIONALLY LEFT BLANK -- DELETION] 20.2 Arbitration. If a dispute or difference of any kind whatsoever (a "Dispute") shall arise between Company and Customer in connection with, relating to or arising out of this Agreement, including the interpretation, performance, non-performance, or termination hereof, the parties shall attempt to settle such Dispute by an arbitral tribunal (the "Tribunal") under the Arbitration Rules of the American Arbitration Association (the "Arbitration Rules"). Each party shall appoint an arbitrator within thirty (30) days after the expiration of the aforementioned thirty-day period, which arbitrators shall then jointly appoint a third arbitrator within thirty (30) days after the appointment of the second arbitrator, to act as president of the Tribunal. Arbitrators not so appointed shall be appointed pursuant to the Arbitration Rules. The costs of the arbitration shall be borne by the parties as determined by the Tribunal The award rendered in any arbitration commenced hereunder shall be final and conclusive and judgment thereon may be entered in any court having jurisdiction for its enforcement. Neither party shall (i) appeal to any court from the decision of the Tribunal or (ii) have any right to commence or maintain any suit or legal proceeding concerning a Dispute until such Dispute has been determined in accordance with the arbitration procedure provided for herein, and then only for enforcement of the award rendered in such arbitration. All mediation and arbitration proceedings pursuant to this Agreement shall take place in Prince George's County, Maryland. 21. HEADINGS. The section and subsection headings have been used in this Agreement as a matter of convenience only and shall not be used in the interpretation of any provisions of this Agreement. 22. NON-WAIVER, WAIVER AND AMENDMENT. Failure by either Company or Customer to enforce any of the provisions of this Agreement or any rights with respect hereto or the failure to exercise any option provided hereunder shall in no way be considered to be waiver of such provisions, rights or options, or to in any way affect the validity of this Agreement. No waiver of any rights under this Agreement, nor any modification or amendment of this Agreement shall be effective or enforceable unless in writing and signed by both parties, except by Section 5, above. 23. SEVERABILITY. If one or more of the provisions contained in this Agreement are found to be invalid, illegal or unenforceable in any respect, the 4 <PAGE> 5 validity, legality and enforceability of the remaining provisions shall not be affected. 24. ENTIRE AGREEMENT. This Agreement constitutes the entire agreement of the parties and supersedes all oral negotiations and prior writings with respect thereto. When used in this Agreement, the terms "hereof," "herein" and "hereunder" refer to this Agreement in its entirety, including any attachments to this Agreement and not to any particular provisions of this Agreement, unless otherwise indicated. 25. COUNTERPARTS. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. USE OF COMPANY SERVICES AND PRODUCTS CONSTITUTES ACCEPTANCE OF THESE TERMS AND CONDITIONS AGREED BY CUSTOMER: ARTIST DIRECT AGREED BY COMPANY: DIGEX, INC. BY: BY: ------------------------------------ ------------------------------------ NAME: NAME: ---------------------------------- ---------------------------------- TITLE: TITLE: --------------------------------- --------------------------------- DATE: DATE: ---------------------------------- ---------------------------------- 5 <PAGE> 6 ATTACHMENT A - ACCEPTABLE USE POLICY Sections 3.6, 3.7 and 3.8 apply only to Web Site Management Group. 1. INTRODUCTION. This document sets forth the principles, guidelines and requirements of the Acceptable Use Policy of Intermedia Communications Inc. and its direct and indirect wholly-owned subsidiaries, including, but to limited to, Digex, Incorporated and Shared Technologies Fairchild Telecom, Inc. (collectively and individually, the "Company") governing the use by the customer ("Customer") of the Company's services and products ("Services and Products"). The Acceptable Use Policy has been created to promote the integrity, security, reliability and privacy of Company's Web Site Management Facility, network, and Customer data contained within. Company retains the right to modify the Acceptable Use Policy at any time and any such modification shall be automatically effective as to all customers when adopted by the Company. Questions or comments regarding the Acceptable Use Policy should be forwarded to the Company via: E-mail: firstname.lastname@example.org Telephone: 301-847-6200, 1-800-=581-8711 2. COMPLIANCE WITH LAW. Customer shall not post, transmit, re-transmit or store material on or through any of Services or Products which, in the sole judgment of the Company (i) is in violation of any local, state, federal, or non-United States law or regulation, (ii) threatening, obscene, indecent, defamatory or that otherwise could adversely affect any individual, group or entity (collectively, "Persons") or (iii) violates the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Customer. Customer shall be responsible for determining what laws or regulations are applicable to its use of the Services and Products. 3. PROHIBITED USES OF SERVICES AND PRODUCTS. In addition to the other requirements of this Acceptable Use Policy, the Customer may only use the Services and Products in a manner that, in the Company's sole judgment, is consistent with the purposes of such Services and Products. If the Customer is unsure of whether any contemplated use or action is permitted, please contact the Company as provided above. By way of example, and not limitation, uses described below of the Services and Products are expressly prohibited. 3.1 General. 3.1.1. Resale of Services and Products, without the prior written consent of the Company. 3.1.2. Deceptive on-line marketing practices. 3.1.3. Violations of the rights of any Person protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Customer. 3.1.4. Actions that restrict or inhibit any Person, whether a customer of the Company or otherwise, in its use or enjoyment of any of the Company's Services or Products. 3.2. System and Network. 3.2.1. Introduction of malicious programs into the network or server (e.g., viruses and worms). 3.2.2. Effecting security breaches or disruptions of Internet communication. Security breaches include, but are not limited to, accessing data of which the Customer is not an intended recipient or logging into a server or account that the Customer is not expressly authorized to access. For purposes of this Section 3.2.2., "disruption" includes, but is not limited to, port scans, flood pings, packet spoofing and forged routing information. 3.2.3. Executing any form of network monitoring which will intercept data not intended for the Customer's server. 3.2.4. Circumventing user authentication or security of any host, network or account. 3.2.5. Interfering with or denying service to any user other than the Customer's host (for example, denial of service attack). 3.2.6. Using any program/script/command, or sending messages of any kind, designed to interfere with <PAGE> 7 or to disable, a user's terminal session, via any means, locally or via the Internet. 3.2.7. Creating an "active" full time connection on a Company-provided dial-up account for Internet access by using artificial means involving software, programming or any other method. 3.2.8. Utilizing a Company-provided dial-up account for purposes for Internet access other than facilitating connectivity to the Services and Products provided by the Company. This includes copying or creating files utilizing more than 5MB of disk space on the dial-up account servers. 3.2.9. Failing to comply with the Company's procedure relating to the activities of customers on the Company's premises. 3.3. Billing. 3.3.1. Furnishing false or incorrect data on the order from, contract or online application, including fraudulent use of credit card numbers. 3.3.2. Attempting to circumvent or alter the processes or procedures to measure time, bandwidth utilization, or other methods to document "use" of the Company's Services and Products. 3.4. Mail. 3.4.1. Sending unsolicited mail messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material, who were not previous customers of the Customer or with whom the Customer does not have an existing business relationship ("E-mail spam"). 3.4.2. Harassment, whether through language, frequency or size of messages. 3.4.3. Unauthorized use, or forging, of mail header information. 3.4.4. Solicitations of mail for any other E-mail address other than that of the poster's account or service with the intent to harass or to collect replies. 3.4.5. Creating or forwarding "chain letters" or other "pyramid schemes" of any type. 3.4.6. Use of unsolicited E-mail originating from within the Company's network or networks of other Internet Service Providers on behalf of, or to advertise, any service hosted by the Company, or connected via the Company's network. 3.5. Usenet Newsgroups. 3.5.1. Posting the same or similar messages to large numbers of Usenet newsgroup ("Newsgroup spams"). 3.5.2. Posting chain letters of any type. 3.5.3. Posting encoded binary files to newsgroups not specifically named for that purpose. 3.5.4. Cancellation or superseding of posts other than your own. 3.5.5. Forging of header information. 3.5.6. Solicitations of mail for any other E-mail address other than that of the poster's account or service, with intent to harass or to collect replies. 3.5.7. Use of unsolicited E-mail originating from within the Company's network or networks of other Internet Service Providers on behalf of, or to advertise, any service hosted by the Company, or connected via the Company's network. Please note that the following only apply if the Customer uses the relevant platform and has purchased web site hosting services and/or products. 3.6. Roles Regarding UNIX Managed Server. 3.6.1. Customer may not create/update/delete accounts created and maintained by the Company. Specifically, the Company account may not be altered in any manner nor may any account with a UID of less than 1000 be altered. 3.6.2. Customer may not change the participating or mount points of any drive. 3.6.3. Customer may not create/update/delete any file in the/usr directory tree. 3.6.4. Customer may not install Microsoft(C) FrontPage Extensions unless updated on the/usr directory tree. 3.6.5. Customer may not create .rhosts or/etc/.host.equiv files. 3.6.6. Customer may not implement any procedure or process that would allow one to login as root -2- <PAGE> 8 without using the root password. Customer may not create suid scripts or programs. 3.6.7. Customer may not alter the system kernel. 3.6.8. Customer may not alter the /sys or /etc/system directory trees or any files contained therein. 3.6.9. Customer may not apply operating system and application patches to software not installed and solely maintained by the Customer, unless notification is given to the Company. 3.6.10. Customer may not change the root shell. 3.6.11. Customer may not alter the contents of /.k5login. 3.6.12. Customer may not alter /etc/fstab or /etc/vfstab. 3.6.13. Customer may not share or export file systems. This includes modifying /etc/exportfs, /etc/dfs/sharetab, and /etc/netgroup. 3.6.14. Customer may not modify the decode or root alias in the /etc/aliases file. 3.6.15. Customer may not change the "identify" of the system. This includes modifying /etc/hosts, /etc/hostname.*, /etc/defaultrouter, /etc/networks and /etc/ethers. 3.6.16. Customer may not modify the system in any manner that restricts or alters access to the system by the Company's employees. 3.6.17. Customer may acquire root privileges after successful login of a valid non-root userid and using su to gain access as root. 3.6.18. Customer may create/update/delete all aspects of Customer created user accounts. This may include modifying home directory permissions, user passwords, etc. 3.6.19. Customer may use FTP to create/update/delete files and directories. 3.6.20. Customer may add to, but may not modify, existing data in the following configuration files: /etc/aliases, /etc/group, /etc/rc.local, /etc/sendmail.cf file and root crontab. 3.6.21. Customer may install software on the server provided the installation meets all of the criteria detailed above, and the Company is notified of such installation. 3.7. Roles Regarding Windows NT Managed Server. 3.7.1. Customer may not create/update/delete accounts created and maintained by the Company. Specifically, Company account may not be altered in any manner. 3.7.2. Customer may not install software that does not execute as a service. 3.7.3. Customer may not install software that does not have a remote administration capability. 3.7.4. Customer may not install applications that do not run within a logon account different from that of the installing user. 3.7.5. Customer may not install applications which must be restarted when one user logs off and another user logs on. 3.7.6. Customer may not install applications that do not execute when an individual is not logged on to the server. 3.7.7. Customer may not modify the network and system settings of the server. 3.7.8. Customer may not apply operating system and application patches to software not installed and solely maintained by the Customer, unless notification is given to the Company. 3.7.9. Customer may use FTP to create/update/delete files and directories. 3.7.10. Customer may create/update/delete all aspects of Customer created user accounts. This includes modifying home directory permissions, user passwords, etc. 3.7.11. Customer may start and stop all Windows NT 4.0 Services, including the WWW and FTP services. 3.7.12. Customer may install software on the server provided the installation meets all of the criteria detailed above, and the Company is notified of such installation. 3.8. Abuse of bandwidth during a Web Site Management Beta Period will result in termination of applicable network discounts and commencement of billing based upon normal network recurring charges. 4. ENFORCEMENT. Company may immediately suspend and/or terminate the Customer's service for violation of any provision of the Acceptable Use Policy upon verbal or written notice, which notice may be provided by voicemail or E-mail. However, the Company attempts to work with the Customer to cure violations of the Acceptable Use Policy and to ensure that there is no re-occurrence of violations prior to suspension and/or termination. -3- <PAGE> 9 GLOSSARY - ACCEPTABLE USE POLICY: Guidelines for services and products for Web Hosting and Internet Connectivity. - ADDRESS/IP SPOOFING: Inserting forged routing information into network packet(s) such that the origin of the packet is misreported, which causes return packets to be misrouted. - BINARY FILES: A file containing bits or bytes that do not necessarily represent printable text. The term binary file usually denotes any file that is not a text file, such as executable machine language code. Special software is required to print a binary file or view it on the screen. - BULK E-MAIL: Any group of messages sent via E-mail, with substantially identical content, to a large number of addresses at once. Many ISPs specify a threshold for bulk E-mail (e.g., 25 or more recipients within a 24-hour period). Taken by itself, bulk E-mail is not necessarily abuse of the electronic mail system. For example, there are legitimate mailing lists, some with hundreds or thousands of willing recipients. - COMMERCIAL E-MAIL: Any E-mail message sent for the purposes of distributing information about a for-profit institution, soliciting purchase of products or services, or soliciting any transfer of funds. It also includes commercial activities by not-for-profit institutions. - CRACKS: Distribution of registration codes for software in violation of the software license, or distribution of any software intended to defeat copy protection. - DECEPTIVE ON-LINE MARKETING PRACTICES: Marketing practices that present a false image of the advertised product (or of the advertiser). One example of a deceptive on-line marketing practice would be an E-mail that purports to originate from the recipient's ISP or from a well-known company. Other examples include fraud, multi-level marketing, or any commercial or non-commercial activity that is conducted for the purpose of confusing, misleading or misinforming the E-mail and/or Internet users. - ELECTRONIC MAIL (E-MAIL) SPAM: Unsolicited E-mail from which a recipient cannot unsubscribe, or unsolicited E-mail to a recipient who does not have a previous business or other relationship with the sender. - FORGED ROUTING INFORMATION: Routing information which is misleading or incorrect or which would tend to disguise the origin of the routed material. Usually refers to information that is not generated by any routing device (such as a mail server), but is inserted by a party using software which is designed to produce false routing information (headers in the case of E-mail). - FTP: File Transfer Protocol. A standard way of transferring files from one computer to another on the Internet and on other TCP/IP networks. FTP is also the name of any of various computer programs that implement the file transfer protocol. Customers can also retrieve files by FTP using a web browser. - MMF: Make Money Fast Schemes: Messages that "guarantee immediate, incredible profits!," including such schemes as chain letters. - MAILBOMB: Delivery of enough E-mail to an electronic mailbox to overload the mailbox or potentially overload the system that the mailbox is hosted on. - NEWSGROUP SPAMS: A public forum or discussion area on a computer network. All users of the network can post messages, and every user can read all messages distributed worldwide by the Usenet system, covering thousands of topics. - PACKET SPOOFING: Emitting a network packet with a source address you do not have permission from the owner -4- <PAGE> 10 to use. o PING FLOOD: Intentionally flooding a system's pipeline with ICMP EchoRequests. This can reduce the bandwidth available for legitimate use and, if severe enough, can bring a pipe down. o PIRATED: Any copywritten material, commercial or noncommercial, that is used, transmitted and/or stored without authorization. o PYRAMID SCHEMES. A get-rich scheme in which you receive a message containing a list of names. Recipients are expected to send money to the first person on the list, cross the first name off, add their name at the bottom and distribute copies of the message. o SMURF/FRAGGLE: http://users.quadrunner.com/chuegen/smurf.txt The "smurf" attack, named after its exploit program, is one of the most recent types of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of which have a spoofed source address of a victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer-2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet. The "smurf" attack's cousin is called "fraggle," which uses UDP echo packets in the same fashion as the ICMP echo packets. A "fraggle" is a simple re-write of "smurf." o SYSTEM KERNEL: The central part of an operating system. In most operating systems, only the kernel can access hardware directly. (Also spelled "kernal.") o UNSOLICITED E-MAIL: Unsolicited E-mail is any E-mail message received where the recipient did not specifically ask to receive it. Taken by itself, unsolicited E-mail does not constitute abuse, and not all unsolicited E-mail is undesired E-mail. For example, receiving "unsolicited" E-mail from a long-lost friend or relative is certainly not abuse. o Unsolicited Bulk E-Mail (UBE): E-mail with substantially identical content sent to many recipients who did not ask to receive it. o Unsolicited Commercial E-mail (UCE): E-mail containing commercial information that has been sent to a recipient who did not ask to receive it. o WORMS: An automated computer program that probes, breaks into, interferes with or disrupts service for one or more computers, networks or services. Similar to a virus, Trojan horse or other disabled device. -5-
Source: OneCLE Business Contracts.