February 5, 2014
Weve been using Hetzner for quite a while now. Weve started using Hetzner for a startup, the main reason for going with Hetzner in the first place was their datacenter location. We thought that being close to our target market will decrease the latency. Everything went fine for the first few months than our startup started seeing traction, as we grew Hetzner proved reliable so we didnt have any reasons to move away from them(+ I have a weird theory about being loyal to everything that helped you succeed). As we grew, we started getting more and more attention, people were linking to us virally from all over the place, we were soon #1-#3 for almost all keywords we were competing in via google without doing absolutely any SEO, people loved us, we were fast and reliable, all good. Thats until it hit us, a DDOS attack, we were absolutely shocked that someone would attack us, why would someone want to DDOS us? Hetzner nightmare is about to start.
Hetzners policy is very strict, all servers that have an attack get their public ip null routed, that means the server gets isolated, no external access. Okay this first attack took our service down for 48 hours, we were pretty desperate but we did try to find solutions in the meantime, we thought using cloudflare, blocking all ports, moving email to google apps and all that would help. We also changed the ip of the server and tried to block people from scanning the naked ip. After the attack was over (48 hours later), we applied the above and thought were safe. Even though we didnt really like the way Hetzner handled our requests, we thought we should continue with them as its most likely not their fault, boy we were wrong. Not more than 2 weeks later, another attack. This time, Hetzner didnt even warn us or anything, they took down the ip instantly. I almost failed off chair, I could not believe that someone was able to find the ip.
Anyway, this time things were even worse, since we experienced a previous DDOS attack Hetzner was not even answering our emails anymore, every time we were calling they were saying we should open a ticket(Im not even sure why they have a phone number really, all they say its open a ticket). I kept on trying to at least gain access to the server or something so I can get the data, but nothing, complete denial, I tried to order another ip for the server so I can get some data out of it, nothing, for the last 24 hours were complete hostages, we cannot access anything from OUR server, Hetzner basically doesnt give a damn. We were a good customer for Hetzner, but they dont see it as that, probably they see us a liability now.
Im sorry Hetzner, I didnt command a 300mb/s attack on my own from some shady network stresser online. I would expect you to be able to mitigate such an attack(300mb/s!!!!) or at least mime you do, not treat me like a piece of sh!t and ignore all my attempts of working somehow this. But okay, lesson learned, Ive been warned that this was about to happen, being loyal didnt help, I will be taking my custom somewhere else and for the rest of time we have paid for the server I will use it as a torrent dump or something, I trust you with that.
Thanks Hetzner! for all the revenue lost and for denting our reliability.
Update: Seems were not the only ones https://news.ycombinator.com/item?id=6577465