There was once a provider that sold root servers in Germany. And the services were good. And the support was good. And oh wonder: you got competent contacts. And hey, you got quick responses. And another thing: when you described problem situations, the contact person on the other side actually understood what it was about. And everything was good.

And then the provider grew. And grew. And somehow the brain didn't grow with it.

Fast-forward to yesterday: I received an email. According to this email, one of my servers had attacked another server in the network. As evidence, a log/dump was attached, which showed this attack traffic. My IP and that of another computer were visible, as well as the protocol: FTP data. So far, so good. If my machine has any guests, I find it good when I am told about it.

First act: contact via ticket and request console - because the network connections are disconnected, there is only a console connection via the web. Oh great: the provider has selected software that doesn't work with proxies - direct access to ports only works when the firewall does NAT (which is less common with corporate firewalls). And with that, it's already 6 hours of forced downtime because there is no other, alternative way - to access a machine with a pure text console setup, I have to use a web console based on Java. Ok, even intelligent companies make dumb decisions from time to time, I thought...

Second act: then at home, the console was started directly. And in between, I pondered the addresses - I know this address, don't I? Hmm, let's see. And correctly: it is in one of my scripts. And it is called once a day, and then shovels some gigabytes of data to this target machine. Why? Well, the target server is the backup server accessible via FTP for data backups ... I should have been suspicious that the original email didn't mention this. Intelligent providers know their own machines. But ok, such a faux pas can happen, take it with humor, what can you do. It's just the internet.

Third act: support message sent - quickly before 18:00, although support is listed until 22:45, but well. No reaction after an hour. Hmm. Called - "oh, yes, I saw the ticket, I'll pass it on again". Two more hours. Then the statement "the traffic was not a backup, it was an attack". What?

Third act drags on for some time, because the support employee simply refuses to accept this clarification. What is unusual about the traffic, he does not want or cannot say. I wouldn't have logged in at all. Strange only that in my research on my machine and the backup server the files have exactly the times specified and thus clearly a login and transfer took place. I can finally only get the data to the FTP server, not conjure it up. Ok, the data is large - but I have 50 GB of backup space, I should be able to fill that. And the volume is around 14-15 GB. Yes, that's a lot.

But no, the support employee insists that I make a written statement. I have to comment on what nonsense they have made at the provider. Doesn't go well. Bad mood.

Fourth act: the next morning first a meeting, then immediately the fax was made and faxed. Waited, worked, occasionally checked the mailbox. Nothing. After 6 hours no reaction. Support ticket expanded with comment, also no reaction. Downtime of the server meanwhile far over 24 hours - because of a misinterpretation on the part of the provider. But he doesn't need to bother about it. Harassment as standard treatment for customers who dare to object?

Too bad that I can no longer recommend Hetzner as a server provider. A pity, after so many years, such a blatant mistake, I really didn't expect that.

(Possible cause: simply the data volume and a misguided intrusion detection system, or maybe the one file that is larger than 2 GB? Who knows - the provider has no interest in clarification, and on my side I can't analyze it, especially not with a machine disconnected from the network).

Update: the fax did not arrive (well, happens sometimes, fax is primitive Stone Age). Kindly, I was allowed to send a photo of the fax, because the next time I am near Stone Age technology is Friday again. And oh wonder - a few minutes after sending the photo comes "the server is back online" - but what surprises me now: in my fax was exactly what I already said in the ticket. And of course there is no explanation, no explanation and also no "Sorry, our mistake". Nothing else. Scratching my head and annoyance over 30 hours of downtime.