In my experience hetzner DDoS protection doesn't work

mananaysiempre · 2025-11-18T17:07:48 1763485668

As long as the hoster doesn’t actively make things worse by disconnecting you, any further help is just a happy accident. The bar is very low.

internetter · 2025-11-18T17:43:36 1763487816

Yeah I suppose by "doesn't work" I should clarify that maybe it is doing something and preventing some attacks, and that it doesn't take down my server. With that being said, it has certainly failed to mitigate attacks on numerous occasions that cf would've.

immibis · 2025-11-19T11:47:07 1763552827

That's not making things worse - that's just what the DDoS achieved anyway, but without harming anyone else.

In either case you just wait for the attacker to reach daddy's credit card limit and then your site is back up.

mananaysiempre · 2025-11-19T12:25:28 1763555128

No, in the cases 'throwaway150 and I are talking about, your site is not back up. You (hopefully) got an email in your inbox saying your hosting provider has decided to take your website offline because of anomalous traffic or whatever, and after the attack ends you’ve got at least a couple of days of back and forth with support ahead of you before your downtime is actually over.

immibis · 2025-11-19T15:32:17 1763566337

So until daddy's credit card runs out, plus two days. A shame, but it still doesn't cause meaningful harm.

Or get a different provider. Some are faster to respond. I had a false positive DDoS detection from netcup once (I was scraping an FTP site in active mode) and they automatically routed my IP through a DDoS scrubbing service, and automatically stopped that when an attack was no longer detected. I don't know what they have set up to be able to reroute a single IP globally like that - they agreed with some of their upstreams, to allow the occasional /32 for DDoS protection purposes.

amy_petrik · 2025-11-19T00:52:40 1763513560

I'm less scared of the hoster pulling down your site - not the end of the world - then decided to charge you bandwidth fees for all the MS-DOS attacks. The former presumably has no financial impact, the latter, potentially brutal

eurleif · 2025-11-19T03:31:11 1763523071

Off-topic, but there are six different people using the word "hoster" in this thread. I've never heard that word used instead of "host" or "hosting service" before, and yet here it's somehow prevalent. I feel like I'm having a stroke, or I just stepped into an alternate universe. Where did you all pick up that word?

debugnik · 2025-11-19T12:20:19 1763554819

This happens often in comment threads, one comment uses an uncommon word and the entire thread goes along with it.

jack1243star · 2025-11-19T07:17:53 1763536673

That's just English being irregular. One that hosts websites should be called a hoster in principle :)

jbs789 · 2025-11-19T08:37:06 1763541426

Host is both a noun and a verb. (The host can host a party.)

Hoster is new to me too.

But I get it as a pattern. (If you dine at the party then you are a diner.)

pabs3 · 2025-11-19T04:35:02 1763526902

Considering there are probably near-zero MS-DOS machines online these days, I expect their attacks wouldn't cost very much.

yellowapple · 2025-11-19T06:19:58 1763533198

On the other hand, based on supply v. demand I'd expect an MS-DOS attack to be pretty expensive these days :)

axelthegerman · 2025-11-19T02:12:49 1763518369

This!! Everyone seems to "really need" that unlimited scalability of AWS & Co - but they'll happily scale your compute and the bill for you.

Sure maybe you'll get lucky and they waive it.

But sometimes going down is a feature if you're not a multi m/billion dollar business

aitchnyu · 2025-11-19T05:12:10 1763529130

Has anybody made a benchmark of different cloud providers and how they respond to DDOS?