How to destroy someone who hosts stuff at Hetzner dedicated server

142 点作者 turshija超过 11 年前

I'm using Hetzner services for several years so far (luckily only for personal stuff and friends minecraft server), and had this problem few times. Every time I said to myself "I will get away from Hetzner ASAP", but I always stay there. I would NEVER imagine to run a business hosted there at all, and here is why...DDoS is a common problem many companies are facing, but Hetzner's policy on that is really crap. If someone starts DDoS on your dedicated, after several minutes they just shut down your dedicated from network, and send you an email like "We disabled your network because you have DDoS attack on your server. Write us an email to reenable your network". And of course, several hours later I saw that email and tell them "Okay, please enable my network", but boom, I will have to wait Monday, because their support that can ACTIVATE network on a dedicated works only from Mondays to Fridays ... And then the person who attacked me sends me anonymous email like "lol, I bought 5$ packet at [some random booter/network stresser website], and I have put you offline for few days for only 15 minutes of DDoS, HAHAHAHA"So basically yea, start small flood from random VPS/dedicated or whatever that is 100mbit or more, leave it on for several minutes until Hetzners system automatically disable network from person you are attacking, and look at them being offline for few days :) I'm ordering a new dedicated from someone else now, no more Hetzner...

18 条评论

MehdiEG超过 11 年前

It's worth putting this in context. Hetzner provides really beefy dedicated servers for ridiculously low prices [1].You get great support (always had phone calls answered pretty much instantly and emails answered within a few minutes and all the techs I've dealt with knew what they were doing).You can issue automated hardware resets and even get a remotely-controlled KVM attached to tweak the BIOS or regain access to your machine if you messed up the networking config (usually only takes a few minutes to get the KVM attached).Orders for new hardware are also really fast - dealt with within the hour and often in under 15 minutes.But there's no such thing as a free lunch. If you host at Hetnzer, you have to be aware of the reasons why they're so cheap, namely:1) The servers are 100% unmanaged. They'll install new hardware for you if you ask them but everything else is up to you.2) A lot of their hardware is desktop-grade, e.g. Intel Core i7 CPUs and non-ECC RAM. They do have some server-grade hardware in their high-end range however.3) Their servers are in Germany. So you get quite a bit of latency if accessed from Asia or the West Coast of the US (see [2]).4) They don't have any DDoS protection. In case of a DDoS, your server will get null-routed (but they tell you first). Again: 100% unmanaged. Up to you to deal with it. I've been lucky enough to not have to deal with a DDoS but my first port of call would probably be CloudFlare it it happened.Provided that you're happy to do some sys admin, Hetzner is brilliant for a personal server, a CI server or even a prod server for a bootstrapped startup.For literally next to nothing, you get a really powerful machine that will easily handle big traffic spikes without a breaking a sweat. And dedicated machine means that you get excellent and consistent CPU performance and disk I/O. If and when your startup takes off and you get funding, you can then choose between hiring a sys admin or moving to a more expensive host that offers a more managed setup.[1] <a href="http://www.hetzner.de/en/hosting/produktmatrix/rootserver-produktmatrix-ex" rel="nofollow">http://www.hetzner.de/en/hosting/produktmatrix/rootserver-pr...</a>[2] <a href="https://news.ycombinator.com/item?id=3898714" rel="nofollow">https://news.ycombinator.com/item?id=3898714</a>

评论 #6578072 未加载

Duckeh超过 11 年前

A lot of the people commenting don't seem to understand how hard it is to fend off such DDoS attacks. You either need some serious infrastructure (cloudflare style) or you need to buy equipment to mitigate attacks (like radware devices) or route it via a DDoS mitigation service (prolexic style). The one thing all these solutions have in common is that they are insanely expensive. People can buy a 1 gigabit DDoS for only a few bucks, whereas mitigating a 1 gigabit DDoS will cost you either $20K+ dollars for a mitigation device or some stupid amount of money to have a service like prolexic mitigate it for you. Services like cloudflare are a whole load cheaper but only provide basic reverse proxy protection and still leave your server vulnerable for attacks directed at it's IP instead of DNS name.I can't say I've ever heard of Hetzner, but from the comments I'm reading they apparently offer servers for cheap. Bearing in mind how much money DDoS mitigation costs I don't see how they could handle this any other way without having to make some pretty serious investments (which in turn would make their hosting less cheap as the money has to come from somewhere, right?)

评论 #6578543 未加载

metabrew超过 11 年前

IRCCloud had to move off hetzner for this reason. We were continually getting ddos'ed, and hetzner showed no interest in working with us to try and mitigate.At one point they just suggested we "ask the responsible parties to stop", and closed the ticket.Now we are on Black Lotus. Expensive, but the regular 50mb-10gbit ddos attacks are mitigated just fine.

评论 #6577731 未加载

评论 #6578797 未加载

评论 #6579109 未加载

评论 #6578302 未加载

评论 #6578661 未加载

评论 #6578578 未加载

spindritf超过 11 年前

Yup, pretty much. Those attacks have become a real problem because they can be ordered so cheaply and easily that even kids use them in Minecraft feuds. The channel takeovers of the 21st century.OVH's much more tolerant in that regard (ie. they keep your server online if battered) and all their servers now include a mandatory anti-ddos protection[1]. Unfortunately, they're fighting turn-over and don't accept new orders.[1] <a href="http://forum.ovh.co.uk/showthread.php?t=6661" rel="nofollow">http://forum.ovh.co.uk/showthread.php?t=6661</a>

oellegaard超过 11 年前

So I manage quite a few servers at Hetzner and we were DDOS'ed quite a few times. First, they warn you and if you don't get back to them in 12-24 hours, then they will shut down your server.Sounds like you were unfortunate, but this is not generally what they do.

评论 #6577622 未加载

评论 #6578372 未加载

level09超过 11 年前

That sucks. I have moved many websites recently from EC2 to Hetzner. what they offer is really impressive and the difference is clear (probably 5x more resources/power for 25% of the Amazon price).I guess I will still keep the server, but will have to work on a quick migration/failover plan in case I encounter something similar.I have also started using cloudflare as my default DNS host, so that could also be a possible solution.

评论 #6578260 未加载

Qantourisc超过 11 年前

Here is a simple solution and everybody is happy: re-enable it every hour, if DDoS continues, disable again.Everybody is probably "happy" then: Customer-> their unusable DDoSed server is disconnected, but wasn't reachable anyway. But once the DDoS is over, it's back online. Provider -> they have their traffic routed to null. However, they will have to do some more work to get this working too. And not to mention happier customers.

codexon超过 11 年前

Here is a forum that sells DDoS attacks. Attacks are much cheaper than protection.<a href="http://www.hackforums.net/forumdisplay.php?fid=232" rel="nofollow">http://www.hackforums.net/forumdisplay.php?fid=232</a>

评论 #6578252 未加载

andrew_wc_brown超过 11 年前

I had to do deal with DDOS attacks in the past and DDOSArrest worked like a charm to mitigate the problem.

评论 #6578967 未加载

csense超过 11 年前

How can DDoS mitigation devices distinguish between legit and malicious traffic? I'm not a networking expert, but it seems to me that if you're a website hosting a big file like the latest Ubuntu release, a legitimate client will say:<pre><code> GET /ubuntu-13.10-server-amd64.iso </code></pre> and cost you 500 MB of traffic (or however big the ISO file is).A DDoS is nothing more than thousands or millions of machines saying:<pre><code> GET /ubuntu-13.10-server-amd64.iso </code></pre> How do the solutions others are talking about in this thread (DDoS mitigation provider or specialized hardware) tell the difference between DDoS traffic and legitimate requests?

评论 #6579543 未加载

lb0超过 11 年前

Wow, they detect the DDoS, but instead of blocking this they take off the servers?? Sounds ingenious..Or are they unable to properly detect a DDoS and would also take off a server that hosts a web page mentioned on Hacker News?How do other hosters handle this situation?

评论 #6578512 未加载

评论 #6577972 未加载

评论 #6578660 未加载

_s超过 11 年前

Use cloudflare or a similar service provider to mitigate such attacks?

评论 #6580696 未加载

linas超过 11 年前

We had the same problem at Hetzner, the server was attacked on Saturday. We moved out. Hetzner is very cheap and you get what you pay for.

评论 #6578328 未加载

ianhawes超过 11 年前

Great tip. Does anyone know who Hetzner's largest customers are? Or at least major web services that host with Hetzner?

评论 #6577812 未加载

AznHisoka超过 11 年前

Does this apply to servers that do NOT host websites? I host databases in Hetzner that aren't hosted in the same server as the website(they're in another provider)

评论 #6577914 未加载

Demiurge超过 11 年前

well this is good timing, just moved to hetzner last month and server mysteriously went awol yesterday until a reset...

评论 #6578282 未加载

评论 #6578106 未加载

bolder88超过 11 年前

FWIW, This is fairly standard.Linode for example will null-route your linode for 24 hours if it's attacked.It's quite irritating that hosting companies seem to see null-routing as a solution to a DDoS attack.

评论 #6577844 未加载

评论 #6578627 未加载

patrickg_zill超过 11 年前

If they can detect the DDOS, they should be able to mitigate it, right?(EDIT: of course Hetzner could choose to mitigate the DDOS by any number of methods - but they choose not to, because they have made a conscious decision based on cost.)

评论 #6577857 未加载

评论 #6578650 未加载

评论 #6578249 未加载

评论 #6577861 未加载

评论 #6577698 未加载

评论 #6577722 未加载