WingNews logo WingNews
top | item 35540939

(no title)

Galaco | 2 years ago

Never figured out how to use Hertzner. Wanted to try since they get such a good reputation on here, but they banned my account when their system presented no way for me to verify my identity.

The required either PayPal or passport. I have no PayPal account, and their 3rd party verification system only allows passport from your country of residence (signup requires providing a contact address and they pre fill using this address; you can’t change the passport country). I am a British citizen living in Japan, and therefore hold a British passport; there was no way for me to provide a Japanese passport. I asked what I should do to comply, and they banned my account 6 hours later.

I can’t be the only one to experience this, can I?

discuss

order

nr2x|2 years ago

I’m currently setting up infrastructure for a startup and it’s been very interesting how the threat model of data loss and disaster recovery is no longer hardware failure: it’s account lock out.

I’ve got streaming replication of my core data going from one cloud company to other company as that way if one has some antifraud system go rogue on me I still have access.

As somebody who used to spend a lot of time thinking about drives breaking it’s an interesting shift.

rnk|2 years ago

That's a very perceptive comment. It happens again and again and it's much harder to control for that, as compared to say making sure you are running in different amazon availability zones or something. If you wanted to destroy someone's service, probably getting them banned like you describe could even be easier than a DOS now. I worry about the day that google kills my gmail account for some random and never to be explained reason.

Aldipower|2 years ago

Exactly. My main infrastructure is on Hetzner, but I have a live replication via Wireguard at another hoster in Austria. With less resources there, but for accessibility "in the case of".

nixass|2 years ago

> The required either PayPal or passport

I had similar struggles with some non-IT service providers in Germany. They couldn't fathom why I have non-German nationality, German address and driving license from third country. Passport, German address and driving license all have different address on them (all three being EU addresses). It is apparently huge red flag in EU in 21st century. Incredible

2000UltraDeluxe|2 years ago

You have an address on your passport? I can see how that could cause issues if the address isn't valid. If I'd have to determine if your order was fraudulent or not, I'd err on the side of caution rather than risk having you abuse my server infrastructure (in the case of Hetzner).

JacobiX|2 years ago

Their compliance process is quite abysmal.

This is actually exactly what happened with us. After creating a new account with the intention of exploring the ARM64 services, our account was unexpectedly suspended. I contacted them to have information on the specific concerns regarding my customer information and the reason for deactivating my account. Unfortunately, we did not receive any response to our inquiries.

thatwasunusual|2 years ago

> Never figured out how to use Hertzner. Wanted to try since they get such a good reputation on here, but they banned my account when their system presented no way for me to verify my identity.

Is this something new? I (Norwegian) have been using Hetzner for 10+ years, and never had a problem, and never had to attest my identity. CurrentlyI have a four servers running there. The last one was set up approx. a year ago, IIRC.

Havoc|2 years ago

>I (Norwegian)

That may be the difference. Some nationalities get KYC'd easier than others and they seem to take it very seriously

vidarh|2 years ago

Norwegian living in the UK, and have used Hetzner for years, both via a personal account and more recently via a corporate account (UK company, Norwegian citizen), and it's not been an issue. For one of the other corporate accounts I used it for the managing director at the time (UK company, UK citizen) did have to provide ID, though. Not clear exactly which criteria has been in place when and for whom.

jsnell|2 years ago

It's definitely not new, they required an id 20 years ago. (From EU citizens, so it's not about the country either).

e12e|2 years ago

I'm Norwegian and have used hetzner for years - i had to send a copy of my passport to get started.

andix|2 years ago

They probably suffer from a lot of sign ups with fake IDs and with criminal intent. So I get that they are rather strict.

Another thing to consider: cloud providers are not very interested in individuals as customers. They usually want companies as customers, that also buy more than a 3$ vserver. A solution for this problem could be a sign-up fee (50 or 100$), to pay for an extended manual vetting of customers, that is then added to the account balance.

pid-1|2 years ago

> Another thing to consider: cloud providers are not very interested in individuals as customers

A key theme in the "cloud vs data center" story is that most public cloud providers (AWS, etc...) were really easy to sign up, requiring a CC and nothing else.

Meanwhile, hardware vendors wouldn't even talk to you as an individual / small business.

miduil|2 years ago

> Never figured out how to use Hertzner. Wanted to try since they get such a good reputation on here, but they banned my account when their system presented no way for me to verify my identity.

I ran into the same thing as well, maybe my real name sounds a bit funny to their system? It was very discouraging to move forward after being instantly banned. I reached out to them how I could verify and the only way was sending them an unencrypted mail with my Passport copy. Upon request they suggested I could simply send them a fax.

Note, this has been some years ago and I've never gave Hetzner a new try. As long as I can see from professional experience, you will have a lot of back and forth with Hetzner support, which becomes quite bad the moment your team is international because they'll always manage to sneak in some sort of German text. It really feels antiquated having to go through support for basic server hardware debugging. Eventually they'll often resort to replacing your instance.

jonatron|2 years ago

This has come up a few times on HN, if you search comments for "Hetzner fraud". The solution is to use a different provider if you can't use Hetzner.

derefr|2 years ago

I've seen the other side of this. Our SaaS (a data API) has a number of "customers" who attempt to use us (or our competitors; we're not special here) to power some data displays on their phishing-scam websites, to make them seem more legitimate.

We ban these people — they're violating our ToU by engaging in illegal activities. But they come back. With different names, different IPs, different browsers, different credit cards. They have complete identities to burn. (We spot the correlations anyway, along other dimensions I won't disclose here, and so can keep them out pretty effectively.)

And guess what? Very often, their requests are coming from Hetzner IP blocks.

I don't think the scammers have a direct business relationship with Hetzner, mind you. I think Hetzner tries just as hard as we do to stop these people from making use of their services. But I believe that these Hetzner boxes are either set up as exit nodes of one or more common VPN providers; or they're being registered for other purposes by other parties, and then resold on the secondary market on dark-web forums.

If I were a VPS provider, and I didn't want to support illegal activity, I'd probably just give up on providing service to individuals altogether, only taking corporate customers; and even then, requiring a DUNS number or something as an additional proof-of-work for that corporation, so that people can't just keep spinning up corporations in places where that's essentially free.

Hetzner hasn't gone that far; but it makes sense to me that if a user account is flagged as needing extended verification, and the ops person responsible for verifying the account takes a look at the user-lifecycle activity logs for the user, and sees that this user has: their IP coming from multiple places during registration vs login, their browser locale and timezone bouncing around between requests and set for settings uncommon to the country their IP is originating from, etc. — that the answer would be "ban" rather than "ask the user why the heck that's happening."

One time out of ten, the user is a real person doing something weird. The other nine times out of ten, the user is a scammer and is going to make up some story about being a real person doing something weird. Every scammer has their very own pool of man-hours, and if you're in the critical path for their scam, they can burn a number of those man-hours being really insistent that they're authentic. Until you let them in, and see that they immediately start up the same dumb phishing-scam bot script that all the other scammers purchased.

aent|2 years ago

I provided them with my passport and all the other documents they requested and they still banned me with no recourse, so yeah, their signup process is the worst I have ever experienced.

lordnacho|2 years ago

They seem pretty good at writing back to people. Have you contacted them? It's normal for new accounts to get suspended pending KYC checks. But they also do the checks pretty fast.

danesparza|2 years ago

The OP indicated this in their original comment: "I asked what I should do to comply, and they banned my account 6 hours later."

bravetraveler|2 years ago

Sadly not, and I'm one of the happy Hetzner customers

They are remarkably well known for having draconian anti-fraud

EVa5I7bHFq9mnYK|2 years ago

I think they really care about two things: VAT and cryptocurrency. Passports are required to prove you should or should not pay the 19% VAT, and crypto (namely, SIA) destroy their servers.

yrro|2 years ago

Whoa whoa whoa I can opt out of paying VAT? How do I do this!

qwertox|2 years ago

> I have no PayPal account, and their 3rd party verification system only allows passport from your country of residence (signup requires providing a contact address and they pre fill using this address; you can’t change the passport country)

Sounds like a good thing to do?

My current hoster in Germany made a surprise call and asked me what the name of the hotel near the address I provided was. This after I submitted the order and before they accepted.

delusional|2 years ago

I sent them a photo of my passport encrypted with their pgp key. This was a long time ago, so the process might have changed, but it seemed entirely manual.

kornhole|2 years ago

You get a good range of options at a low cost with Hetzner but need to identify yourself. Many hosting companies have different levels and types of verification these days. If you want to avoid any KYC, checkout https://kycnot.me/services#VPS.

lmarcos|2 years ago

That's why I don't use Hetzner. I don't really want to handover my passport to any company. How come digital ocean doesn't require that?

kyriakos|2 years ago

I use credit card and was never asked for a passport. That's odd. Been using them for more than 5 years.

unixhero|2 years ago

Use a VPN connection to the UK when you verify... BOOM solved

2000UltraDeluxe|2 years ago

Using a VPN is one of the easiest way to get rejected. Most automated systems flag stuff coming from them as highly suspicious due to the sheer amount of crap coming through them.

jacooper|2 years ago

Just send them a photo of your British passport

MrMan|2 years ago

[deleted]