Limiting accounts and subdomains per user

ItsMarkMCBGYT · January 8, 2026, 10:52am

Hello InfinityFree Community

I would like to propose improvements to enhance free hosting reliability reduce false flags by security software and support legitimate users

Proposed Changes

1 Limit each free account to 3 subdomains

2 Allow each subdomain to have up to 3 nested subdomains

3 Enable full PHP functionality removing current restrictions

4 Enable PHP mail for each account with automatic TLS and the option for users to configure TLS with their own email such as Gmail SMTP

5 Optional SSH support for advanced users

Rationale and Benefits

Reduces spam phishing and AV flagging caused by abuse of shared subdomains

Protects InfinityFrees parent domain reputation keeping hosting safe for everyone

Supports legitimate developers needing multiple subdomains secure email and full PHP capabilities

Encourages responsible usage while limiting abuse through subdomain and nested subdomain caps

Optional Enhancements

Staged limits for new accounts

Manual review for additional subdomains if needed

Thank you for considering this proposal Feedback from the community and staff is welcome to refine it further

Admin · January 8, 2026, 11:25am

I don’t think that any of these proposals are a good idea.

This will do nothing to stop abuse. Mass abusers will just create additional accounts to work around the limit.

The only people restricted by this are legitimate users who are trying to setup multiple websites and are trying to respect the rules and stay within the limits. And we’re fine with people hosting multiple websites with us.

The problem is that we cannot protect sub-subdomains with SSL. We currently use big wildcard SSL certificates for the free subdomains, but due to how wildcard certs work, they can only protect direct subdomains, not sub-subdomains. Actively supporting sub-subdomains would require having domain specific certs again, which is not what we want.

We try to balance supporting legitimate projects as best as we can while blocking nefarious use. This includes blocking PHP functionality that’s primarily (or only) used for harmful uses. “Just remove all the limits, it’s going to make everything better” is the complete opposite of that.

If you say that our current limits are blocking legitimate projects, can you be more specific about what exact restrictions are blocking which specific projects? Then we can maybe look for a more balanced solution than “just get rid of the limits, it’s better for everyone”.

You can already use Gmail SMTP with TLS, and fully configure it to the extent that PHP allows you to. Using port 587 with STARTTLS is the configuration I recommend to people.

Enabling PHP mail is contradictory to that. PHP mail() means we enable sending email through our servers, and using that is mutually exclusive with using Gmail SMTP and associated TLS settings.

Using SMTP from PHP requires the use of a library to handle it. It’s not part of PHP itself. That’s not a hosting restriction, that’s just how PHP works.

Also, if your goal is to reduce spam and phishing, and improve reputation then enabling PHP mail is the opposite of what we should do. Unless we get the spam filtering perfect from day one, it’s only going to make our system a source of spam, (further) hurting our reputation and painting us a company actively supporting abuse.

Anything manual is not sustainable. Remember that we provide a completely free service so our revenue per user is extremely small. Having someone manually review accounts and adjust limits would be a huge cost center and destroy the viability of a free service.

So that’s why we provide one service that’s the same for everyone.

ItsMarkMCBGYT · January 8, 2026, 11:46am

Hello InfinityFree Team,

I understand that free hosting needs to remain open and sustainable, and that strict limits or manual enforcement aren’t feasible.

I just want to point out that unchecked spam accounts and abuse could eventually harm the reputation of InfinityFree domains. Even if the platform rebrands in the future, security vendors track patterns and IP ranges, so AV flags could persist, affecting legitimate users and the reliability of hosted sites.

I hope the team can consider proactive measures—like monitoring high-risk activity patterns or rate-limiting new accounts—to protect the platform and its users over time.

Thank you for your time and for providing a free service for developers and hobbyists.

Best regards,

Mark

Admin · January 8, 2026, 12:13pm

Please realize that we’ve been providing free hosting for decades for many millions of websites.

What you’re suggesting is not new. Dealing with abuse is our daily reality and we have a wide range of measures to protect against it. But perfect solutions do not exist in this field, and so we are continuously working to improve what we do.

There are probably things we could do more. But in most cases, if you think the solution is simple, then it means you just don’t understand the problem.

Thirdy · January 8, 2026, 12:43pm

Please just add multiphp in free hosting

dan3008 · January 8, 2026, 12:52pm

Isn’t multiphp a cPanel addon? Given that free hosting uses VistaPanel (or vPanel) not cPanel, I don’t think that would be possible.

twineee.rf.gd · January 8, 2026, 1:27pm

What would happen to accounts with over three subdomains?

This is pretty much exactly what Admin just said.

Admin · January 8, 2026, 1:53pm

We can’t “just add” cPanel’s MultiPHP module to our hosting because we don’t use cPanel. Also, while premium hosting does have PHP version selection, they use the PHP Selector from CloudLinux instead of cPanel’s MultiPHP.

Also, please be aware that free hosting uses a highly customized web server stack that’s optimized for account density. It uses neither cPanel’s EasyApache nor CloudLinux’ alt-php, so using either options is not possible.

system · January 23, 2026, 1:54pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.