All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HostHatch suspended server and ignores ticket
I decided to give HostHatch a try, hoping for a reliable experience, and ordered the Black Friday 2023 - AMD Compute 4 GB - T1 package. Everything seemed fine until I received a message from their so-called “Abuse Department.” I didn’t even notice it at first because, like any reasonable person, I manage my server remotely and don’t make a habit of constantly checking the provider’s dashboard.
Two days pass, and suddenly my server is completely suspended, totally unreachable. Of course, this grabs my attention immediately. I log into HostHatch to figure out what’s going on, only to find that apparently, I was expected to respond to their vague message within 48 hours. So I replied honestly, twice, within minutes of realizing the situation. Then I waited, assuming (foolishly) that since my server was suspended, I’d receive a prompt response.
Well, it’s now been over 48 hours since my messages, and guess what? Not a single word from HostHatch. It seems they expect immediate replies from their customers but can’t be bothered to hold themselves to the same standard. Prioritizing their clients’ issues clearly isn’t their forte.
This experience has made one thing clear: I won’t be using HostHatch again.
Comments
@hosthatch
I wonder if this is one of Hetzner's false positives. I can see port 2375 is the target port which is commonly used by Docker. Some containers have a bad habit of trying to scan the entire /24 subnet on the same port triggering Hetzner's Netscan detection.
I am seeing this weekly on my Hetzner services and the a response with false positive is often good enough to close it on their side.
Of course this is just guesswork from my side with the very limited information :-)
Regards
So HostHatch uses Hetzner, better buy directly then
No, Hetzner sent an abuse report to HostHatch. HostHatch forwarded to client.
It's only your fault for security your vps. Not hosthatch or provider problem. you have committed abuse.
Yes so they use Hetzner
How do you know that?
No, so they don't.
Yeah you right man
the power of black magic
What were you running on port 2375?
This just reminded me to check if that was open (as I run a very default config in Docker) and it's not... Also checked the adjacent TLS port (2376)
OP... you probably should check your docker daemon (dockerd) config... and if this is open... I would actually shut it.
Was it one destination IP or multiple?
In either case this is a poor response from HostHatch in my opinion. This is not the type of "abuse" that you want to be suspending servers for so quickly if it's a one-time thing.
Sure, if they're running masscan and you get 100 reports from multiple providers within a couple of minutes, but this screams false-positive.
Hopefully it is a false positive but I'll remain a skeptic. Shouldn't believe everyone on the internet
Coolify has multi server management which is probably the reason for this.
The irony, Hetzner is a 'Special sponsor'
https://coolify.io/
The very easy solution is to provide a response (any response whatsoever is fine) within the very generous 36 hours provided in the first place.
No one expects you to, this is why we email when you when we open an abuse ticket. If you decide to also not check your emails for important notifications, then there is not much we can do to change your mind about an unmanaged server.
Sorry to hear that.
You didn't though?
Can you clarify please?
Time stamps:
Abuse report sent, along with notification: 6th September at 21:52
Server suspended, along with notification: 8th September at 18:51
Client response received: 9th September at 04:10
Whatever you say makes sense, but even waiting for +48 hrs for a response is not reasonable for someone providing support 24 hours a day, 7 days a week.
I assume many of your customers are not large companies but small teams or private people who have just 1 person checking the E-Mail account somewhat regularly. If my server is properly secured and hasn't caused abuse issues in years I would want to feel comfortable going on multi-day hike without having to worry about checking my E-Mails to not miss some random false-positive abuse report that would suspend my vps
I meant that you didn't respond to the client asking for further evidence or to unsuspend the server within more than those 36 hours, yet, you called the timeframe "very generous".
I get that quick handeling of potential abuse is important, but shouldn't it go both ways then?
Ah yes, the very generous 36 hours. Thank you so much for that extraordinary courtesy! How could anyone overlook such boundless generosity?
As for the email notification, it’s interesting that you assume the responsibility shifts completely to the customer if they don’t respond to your emails promptly, despite the fact that it's been than 48 hours and you still haven't responded to any of my messages. It’s reassuring to see that HostHatch holds itself to such different standards of urgency.
But hey, if silence in the face of urgent service issues is how you operate, then I suppose you’ve made my decision about not using HostHatch again even easier. Thanks for that clarity, and for the helpful reminder of how unmanaged this experience has truly been.
Best of luck managing your responses going forward.
What do you mean "so quickly" though? How long is a good amount of time to wait for abuse reports on unmanaged servers?
The standard industry standard is 24 hours. We provide 36 hours.
We require only a response, not a resolution, in this time, depending on the type of the abuse.
(the very clear assumption is that the unmanaged server is not really being managed/used for anything useful if no response is received after those 36 hours)
You are a big hosting provider and I assume you deal with real abuse reports on the regular. Did this abuse report look indistinguishable from real ones regarding mass network scanning, DoS attacks, phishing sites, or whatever?
I think 24h is more than enough if you suspect your customer's server was intentionally abused or hacked and continues to abuse your network and resources.
However if you suspect the abuse report might be false-positive I think you should be more lenient if the customer doesn't reply for a few days.
I assume your issues are with the generally acceptable industry standards for abuse reports in that case, and not particularly us.
We had a 6 page of "port 25 blocked" thread, where everyone shared their opinions about us particularly, ignoring that we are just following just another industry standard.
I'm honestly quite shocked if that's the case for all providers. I've never received an abuse report and I don't check my E-Mail daily, yet I wouldn't want downtime due to suspension. And looking at that abuse report you received from Hetzner and the theories in this thread regarding Docker configuration this looks like it could happen to anyone.
This is not a justification neither it's up to you to make assumptions, you should just care to provide answers in a reasonable time and +36 hours is not a reasonable response time.
Where did you take this standard from?
Do not confuse even response time vs resolution time, the 1st one is where you're failing especially for a service interruption/degradation which has priority over anything (this is part if ITIL foundation)
This "rule" applies both sides.
Glad we got that cleared up then, and I am glad this thread will help you in your future handling of abuse reports with whichever unmanaged providers you are using. The same logic applies when it comes to unmanaged servers and taking backups. You are the responsible party, not the provider. We do not make any profit from shutting down servers.
Indeed, most tickets are responded to much faster than this, and this should have been responded to faster. However, here is a quote, from every recent promo thread we have ever posted on LET.
"Are there any other differences between our normal and discounted plans?
Yes, primarily our support. It can take several days to resolve issues, especially issues that require complex investigation. Please choose one of the services from hosthatch.com directly for production usage, with access to our normal support queue. Our promotional services are provided at near-cost pricing to fill up excess capacity and should be used accordingly."
If your complaint is, that you are receiving slow support on a promotional plan, then please see the very clearly written terms of what you have bought.
Faster support on these plans is us "under-promising and overdelivering", and slower support is what has been advertised and promised.