Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


HostHatch suspended server and ignores ticket
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

HostHatch suspended server and ignores ticket

I decided to give HostHatch a try, hoping for a reliable experience, and ordered the Black Friday 2023 - AMD Compute 4 GB - T1 package. Everything seemed fine until I received a message from their so-called “Abuse Department.” I didn’t even notice it at first because, like any reasonable person, I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.

Two days pass, and suddenly my server is completely suspended, totally unreachable. Of course, this grabs my attention immediately. I log into HostHatch to figure out what’s going on, only to find that apparently, I was expected to respond to their vague message within 48 hours. So I replied honestly, twice, within minutes of realizing the situation. Then I waited, assuming (foolishly) that since my server was suspended, I’d receive a prompt response.

Well, it’s now been over 48 hours since my messages, and guess what? Not a single word from HostHatch. It seems they expect immediate replies from their customers but can’t be bothered to hold themselves to the same standard. Prioritizing their clients’ issues clearly isn’t their forte.

This experience has made one thing clear: I won’t be using HostHatch again.



«13456714

Comments

  • labzelabze Member, Patron Provider

    I wonder if this is one of Hetzner's false positives. I can see port 2375 is the target port which is commonly used by Docker. Some containers have a bad habit of trying to scan the entire /24 subnet on the same port triggering Hetzner's Netscan detection.

    I am seeing this weekly on my Hetzner services and the a response with false positive is often good enough to close it on their side.

    Of course this is just guesswork from my side with the very limited information :-)

  • Regards

    Thanked by 2ehab harris1111
  • So HostHatch uses Hetzner, better buy directly then

  • @WhiteRoseG said:
    So HostHatch uses Hetzner, better buy directly then

    No, Hetzner sent an abuse report to HostHatch. HostHatch forwarded to client.

  • It's only your fault for security your vps. Not hosthatch or provider problem. you have committed abuse.

    Thanked by 1tentor
  • @emgh said:

    @WhiteRoseG said:
    So HostHatch uses Hetzner, better buy directly then

    No, Hetzner sent an abuse report to HostHatch. HostHatch forwarded to client.

    Yes so they use Hetzner

  • @spywork said: you have committed abuse.

    How do you know that?

  • @WhiteRoseG said:

    @emgh said:

    @WhiteRoseG said:
    So HostHatch uses Hetzner, better buy directly then

    No, Hetzner sent an abuse report to HostHatch. HostHatch forwarded to client.

    Yes so they use Hetzner

    No, so they don't.

  • @emgh said:

    @WhiteRoseG said:

    @emgh said:

    @WhiteRoseG said:
    So HostHatch uses Hetzner, better buy directly then

    No, Hetzner sent an abuse report to HostHatch. HostHatch forwarded to client.

    Yes so they use Hetzner

    No, so they don't.

    Yeah you right man :p

    Thanked by 1emgh
  • @emgh said:

    @spywork said: you have committed abuse.

    How do you know that?

    the power of black magic

    Thanked by 2emgh Kebab
  • What were you running on port 2375?

  • @labze said:
    I wonder if this is one of Hetzner's false positives. I can see port 2375 is the target port which is commonly used by Docker. Some containers have a bad habit of trying to scan the entire /24 subnet on the same port triggering Hetzner's Netscan detection.

    I am seeing this weekly on my Hetzner services and the a response with false positive is often good enough to close it on their side.

    Of course this is just guesswork from my side with the very limited information :-)

    This just reminded me to check if that was open (as I run a very default config in Docker) and it's not... Also checked the adjacent TLS port (2376)

    OP... you probably should check your docker daemon (dockerd) config... and if this is open... I would actually shut it.

  • Was it one destination IP or multiple?

    In either case this is a poor response from HostHatch in my opinion. This is not the type of "abuse" that you want to be suspending servers for so quickly if it's a one-time thing.

    Sure, if they're running masscan and you get 100 reports from multiple providers within a couple of minutes, but this screams false-positive.

    Thanked by 1Puse
  • @matey0 said:
    Was it one destination IP or multiple?

    In either case this is a poor response from HostHatch in my opinion. This is not the type of "abuse" that you want to be suspending servers for so quickly if it's a one-time thing.

    Sure, if they're running masscan and you get 100 reports from multiple providers within a couple of minutes, but this screams false-positive.

    Hopefully it is a false positive but I'll remain a skeptic. Shouldn't believe everyone on the internet ;)

    Thanked by 1Chuck
  • loayloay Member
    edited September 11

    @labze said:
    I wonder if this is one of Hetzner's false positives. I can see port 2375 is the target port which is commonly used by Docker. Some containers have a bad habit of trying to scan the entire /24 subnet on the same port triggering Hetzner's Netscan detection.

    I am seeing this weekly on my Hetzner services and the a response with false positive is often good enough to close it on their side.

    Of course this is just guesswork from my side with the very limited information :-)

    Coolify has multi server management which is probably the reason for this.

    Thanked by 1emgh
  • emghemgh Member
    edited September 11

    @loay said:

    @labze said:
    I wonder if this is one of Hetzner's false positives. I can see port 2375 is the target port which is commonly used by Docker. Some containers have a bad habit of trying to scan the entire /24 subnet on the same port triggering Hetzner's Netscan detection.

    I am seeing this weekly on my Hetzner services and the a response with false positive is often good enough to close it on their side.

    Of course this is just guesswork from my side with the very limited information :-)

    Coolify has multi server management which is probably the reason for this.

    The irony, Hetzner is a 'Special sponsor' :D

    https://coolify.io/

  • hosthatchhosthatch Patron Provider, Top Host, Veteran

    The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    @enzyme said: I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.

    No one expects you to, this is why we email when you when we open an abuse ticket. If you decide to also not check your emails for important notifications, then there is not much we can do to change your mind about an unmanaged server.

    @enzyme said: This experience has made one thing clear: I won’t be using HostHatch again.

    Sorry to hear that.

  • @hosthatch said: The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    You didn't though?

    Thanked by 3Mumbly boot iKeyZ
  • hosthatchhosthatch Patron Provider, Top Host, Veteran

    @emgh said:

    @hosthatch said: The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    You didn't though?

    Can you clarify please?

    Time stamps:

    Abuse report sent, along with notification: 6th September at 21:52
    Server suspended, along with notification: 8th September at 18:51
    Client response received: 9th September at 04:10

  • MadMad Member

    @hosthatch said:
    The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    @enzyme said: I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.

    No one expects you to, this is why we email when you when we open an abuse ticket. If you decide to also not check your emails for important notifications, then there is not much we can do to change your mind about an unmanaged server.

    @enzyme said: This experience has made one thing clear: I won’t be using HostHatch again.

    Sorry to hear that.

    Whatever you say makes sense, but even waiting for +48 hrs for a response is not reasonable for someone providing support 24 hours a day, 7 days a week.

    Thanked by 1tentor
  • @hosthatch said:
    The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    @enzyme said: I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.

    No one expects you to, this is why we email when you when we open an abuse ticket. If you decide to also not check your emails for important notifications, then there is not much we can do to change your mind about an unmanaged server.

    @enzyme said: This experience has made one thing clear: I won’t be using HostHatch again.

    Sorry to hear that.

    • How many reports did you receive? Was it just this one from Hetzner?
    • Did it "scan" just one IP, a subnet or a broad range of IPs?
    • Is your abuse policy to suspend if there has been no reply within 36h no matter how minor the abuse report is?

    I assume many of your customers are not large companies but small teams or private people who have just 1 person checking the E-Mail account somewhat regularly. If my server is properly secured and hasn't caused abuse issues in years I would want to feel comfortable going on multi-day hike without having to worry about checking my E-Mails to not miss some random false-positive abuse report that would suspend my vps :D

    Thanked by 3emgh maverick amaeva080
  • @hosthatch said: Can you clarify please?

    I meant that you didn't respond to the client asking for further evidence or to unsuspend the server within more than those 36 hours, yet, you called the timeframe "very generous".

    I get that quick handeling of potential abuse is important, but shouldn't it go both ways then?

  • enzymeenzyme Member
    edited September 11

    @hosthatch said:
    The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    @enzyme said: I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.

    No one expects you to, this is why we email when you when we open an abuse ticket. If you decide to also not check your emails for important notifications, then there is not much we can do to change your mind about an unmanaged server.

    @enzyme said: This experience has made one thing clear: I won’t be using HostHatch again.

    Sorry to hear that.

    Ah yes, the very generous 36 hours. Thank you so much for that extraordinary courtesy! How could anyone overlook such boundless generosity?

    As for the email notification, it’s interesting that you assume the responsibility shifts completely to the customer if they don’t respond to your emails promptly, despite the fact that it's been than 48 hours and you still haven't responded to any of my messages. It’s reassuring to see that HostHatch holds itself to such different standards of urgency.

    But hey, if silence in the face of urgent service issues is how you operate, then I suppose you’ve made my decision about not using HostHatch again even easier. Thanks for that clarity, and for the helpful reminder of how unmanaged this experience has truly been.

    Best of luck managing your responses going forward.

    Thanked by 1sillycat
  • hosthatchhosthatch Patron Provider, Top Host, Veteran

    @matey0 said: In either case this is a poor response from HostHatch in my opinion. This is not the type of "abuse" that you want to be suspending servers for so quickly if it's a one-time thing.

    What do you mean "so quickly" though? How long is a good amount of time to wait for abuse reports on unmanaged servers?

    The standard industry standard is 24 hours. We provide 36 hours.

    We require only a response, not a resolution, in this time, depending on the type of the abuse.

    (the very clear assumption is that the unmanaged server is not really being managed/used for anything useful if no response is received after those 36 hours)

  • @hosthatch said:

    @matey0 said: In either case this is a poor response from HostHatch in my opinion. This is not the type of "abuse" that you want to be suspending servers for so quickly if it's a one-time thing.

    What do you mean "so quickly" though? How long is a good amount of time to wait for abuse reports on unmanaged servers?

    The standard industry standard is 24 hours. We provide 36 hours.

    We require only a response, not a resolution, in this time, depending on the type of the abuse.

    (the very clear assumption is that the unmanaged server is not really being managed/used for anything useful if no response is received after those 36 hours)

    You are a big hosting provider and I assume you deal with real abuse reports on the regular. Did this abuse report look indistinguishable from real ones regarding mass network scanning, DoS attacks, phishing sites, or whatever?

    I think 24h is more than enough if you suspect your customer's server was intentionally abused or hacked and continues to abuse your network and resources.
    However if you suspect the abuse report might be false-positive I think you should be more lenient if the customer doesn't reply for a few days.

  • hosthatchhosthatch Patron Provider, Top Host, Veteran

    @matey0 said:

    @hosthatch said:
    The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    @enzyme said: I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.

    No one expects you to, this is why we email when you when we open an abuse ticket. If you decide to also not check your emails for important notifications, then there is not much we can do to change your mind about an unmanaged server.

    @enzyme said: This experience has made one thing clear: I won’t be using HostHatch again.

    Sorry to hear that.

    • How many reports did you receive? Was it just this one from Hetzner?
    • Did it "scan" just one IP, a subnet or a broad range of IPs?
    • Is your abuse policy to suspend if there has been no reply within 36h no matter how minor the abuse report is?

    I assume many of your customers are not large companies but small teams or private people who have just 1 person checking the E-Mail account somewhat regularly. If my server is properly secured and hasn't caused abuse issues in years I would want to feel comfortable going on multi-day hike without having to worry about checking my E-Mails to not miss some random false-positive abuse report that would suspend my vps :D

    I assume your issues are with the generally acceptable industry standards for abuse reports in that case, and not particularly us.

    We had a 6 page of "port 25 blocked" thread, where everyone shared their opinions about us particularly, ignoring that we are just following just another industry standard.

  • @hosthatch said:

    @matey0 said:

    @hosthatch said:
    The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.

    @enzyme said: I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.

    No one expects you to, this is why we email when you when we open an abuse ticket. If you decide to also not check your emails for important notifications, then there is not much we can do to change your mind about an unmanaged server.

    @enzyme said: This experience has made one thing clear: I won’t be using HostHatch again.

    Sorry to hear that.

    • How many reports did you receive? Was it just this one from Hetzner?
    • Did it "scan" just one IP, a subnet or a broad range of IPs?
    • Is your abuse policy to suspend if there has been no reply within 36h no matter how minor the abuse report is?

    I assume many of your customers are not large companies but small teams or private people who have just 1 person checking the E-Mail account somewhat regularly. If my server is properly secured and hasn't caused abuse issues in years I would want to feel comfortable going on multi-day hike without having to worry about checking my E-Mails to not miss some random false-positive abuse report that would suspend my vps :D

    I assume your issues are with the generally acceptable industry standards for abuse reports in that case, and not particularly us.

    I'm honestly quite shocked if that's the case for all providers. I've never received an abuse report and I don't check my E-Mail daily, yet I wouldn't want downtime due to suspension. And looking at that abuse report you received from Hetzner and the theories in this thread regarding Docker configuration this looks like it could happen to anyone.

    Thanked by 2emgh MrWonder
  • MadMad Member
    edited September 11

    @hosthatch said:
    (the very clear assumption is that the unmanaged server is not really being managed/used for anything useful if no response is received after those 36 hours)

    This is not a justification neither it's up to you to make assumptions, you should just care to provide answers in a reasonable time and +36 hours is not a reasonable response time.

    @hosthatch said:
    The standard industry standard is 24 hours. We provide 36 hours.

    Where did you take this standard from?
    Do not confuse even response time vs resolution time, the 1st one is where you're failing especially for a service interruption/degradation which has priority over anything (this is part if ITIL foundation)

    @hosthatch said:
    We require only a response, not a resolution, in this time, depending on the type of the abuse.

    This "rule" applies both sides.

  • hosthatchhosthatch Patron Provider, Top Host, Veteran

    @matey0 said:

    I'm honestly quite shocked if that's the case for all providers. I've never received an abuse report and I don't check my E-Mail daily, yet I wouldn't want downtime due to suspension. And looking at that abuse report you received from Hetzner and the theories in this thread regarding Docker configuration this looks like it could happen to anyone.

    Glad we got that cleared up then, and I am glad this thread will help you in your future handling of abuse reports with whichever unmanaged providers you are using. The same logic applies when it comes to unmanaged servers and taking backups. You are the responsible party, not the provider. We do not make any profit from shutting down servers.

    @Mad said: This is not a justification neither it's up to you to make assumptions, you should just care to provide answers in a reasonable time and +36 hours is not a reasonable response time.

    Indeed, most tickets are responded to much faster than this, and this should have been responded to faster. However, here is a quote, from every recent promo thread we have ever posted on LET.

    "Are there any other differences between our normal and discounted plans?

    Yes, primarily our support. It can take several days to resolve issues, especially issues that require complex investigation. Please choose one of the services from hosthatch.com directly for production usage, with access to our normal support queue. Our promotional services are provided at near-cost pricing to fill up excess capacity and should be used accordingly."

    If your complaint is, that you are receiving slow support on a promotional plan, then please see the very clearly written terms of what you have bought.

    Faster support on these plans is us "under-promising and overdelivering", and slower support is what has been advertised and promised.

    Thanked by 1Ouji
This discussion has been closed.