First the ciu-online.net people sent DMCA notices to myself and Cloudflare, since I used Cloudflare as a caching proxy. Eventually Cloudflare gave them the IP address of my server and the ciu-online.net people were able to determine that IP address was owned by Hetzner.
Now they send DMCA notices to myself, Cloudflare, and Hetzner. I think the goal is to annoy as many people as possible. Even after I shut off my IPFS gateway they continued sending notices.
Anyway, if you're hosting anything that might generate a DMCA notice, don't use Hetzner. They will kick you off even if you're complying with the DMCA process. Also, they make you submit a statement on abuse.hetzner.com for every single DMCA notice that gets sent to them. If you don't submit the statement in 24 hours they threaten to block your IP address. It is extremely tedious and annoying.
>Eventually Cloudflare gave them the IP address of my server and the ciu-online.net people were able to determine that IP address was owned by Hetzner.
Wait... isn't the point of paying cloudflare to prevent DoS attacks?
I guess if you want to do a DoS attack, send a few bogus DMCA notices to Cloudflare first to get the real IP of the server they're supposed to be protecting. Then you can hammer the server directly without Cloudflare getting in the way.
No trail leading to the DDoS attack, which would be executed by a botnet from compromised home computers, and paid for in bitcoin passed via a mixer, or something.
>Wait... isn't the point of paying cloudflare to prevent DoS attacks?
Hahahahahaha..
Cloudflare exists to get in the way of your users from accessing your site and you who are trying to run a site. They claim to be an anti-DoS service but I've never seen any evidence they actually do that. I still get Cloudflare messages a plenty that the website is down. And of course that moronic time waster where it wants me to perform a captcha constantly without actually serving the captcha.
They do provide a pretty decent anti-ddos service. They regularly sink gigabytes of traffic before it hits our origin servers. There's lots to complain about them, but this is something they actually do well.
Don't know why it didn't work for you, but there are a few things that can trip up ops.
That has not at all been my experience with Cloudflare. At a previous job, it took us just a few hours to set up and configure all the options and WAF details, etc., then they took our drive-by probes and bot spam from thousands per day to near zero. Over the course of the next year, we had less than 3 reports of blocked access from real humans; one was traveling and another was behind a shared IP organization. Is it possible some customers were blocked and left frustrated without ever telling us? Yes, but that business kept growing, and it was in an industry where most of our customers were repeat dealers that would let us know very quickly if they couldn't access the website. So if there were false positives, there weren't many.
Cloudflare saved us immeasurable time vs manually configuring firewalls and blackholes and honeypots and open-source lists -- all for $20/mo. It was an amazing service. And they blew their competitors at the time out of the water (Imperva, etc.)... much higher quality blocking at like 1/10 the cost.
If you see a Cloudflare message that the website is down, well, chances are the website is down. If they set it up a certain way, Cloudflare may have been able to cache some pages beforehand, or not... but either way, it's probably not Cloudflare's fault. The site probably would've been down even more often without Cloudflare, just without the CF error page. (That said, DNSSec is a pain and can often cause issues with Cloudflare and other proxies)
As for hCaptcha, I don't think I've ever had an issue with it (besides being unable to tell what something was, I mean)... did you have JS turned off or strict third-party blocking, perhaps?
Weirdly most of my pirated IPFS content is hosted by and served directly by Cloudflare’s own IPFS cache. I can choose which IPFS gateway to download the content from and I always click “Cloudflare” because it’s ridiculously faster than the rest (thanks to Cloudflare caching/serving it).
Didn't they voluntarily ban The Daily Stormer? And while horrible, I don't recall there being anything illegal about that, whereas IPFS likely requires them to take manual action repeatedly to avoid legal penalty.
It wasn't exactly "voluntarily" -- more like "banned it after sustained public pressure", I think. They were reluctant at first but eventually caved after pressure continued to mount. The CEO wasn't happy about it.
They defended them for a long time, and then banned them shortly after one of the Stormer admins started bragging that they had Cloudflare in their pocket.
CloudFlare will sometimes go to the court to actively protect their abusive customer from being exposed to legal liability. But apparently they don't do that unless you're really nasty and exposing you would mean they are actually able to provide information about their customers - that's a line they won't cross even for attempted murders.
Would it be unethical to send additional nonsensical take down requests to Hetzner? I mean, if you are going to be like a child and pretend every email is both true and in good faith the thing you really need is more outlandish nonsense so that one might mature? (make it less fun to host and more like hard work) Then again, Germany is just about the worse place to host "infringing" content.
Perhaps one should send regular take down requests to ones own host complaining about ones own website and point at example.com/<php echo $website[0]; ?> as the proof. Then change hosts if they chose to act weird on it.
I read "good" things about Hosted Network Pty. Ltd who in 2018 had a complaint response time near 20 days. "Worse" in the industry.
Thank you for the advice. I will shop around. The trouble is that Hetzner are almost an order of magnitude cheaper than the next best. You get what you pay for.
I would take a look around for eastern european hosters that dont really care for western bs and pick up a vps from there to use as a reverse proxy. You can continue enjoying hetzner and still be insulated by putting it behind a different server that will get (and toss) any abusive takedown requests.
The lowendtalk forums are a good place to find any number of hosters that will fill your need.
Now they send DMCA notices to myself, Cloudflare, and Hetzner. I think the goal is to annoy as many people as possible. Even after I shut off my IPFS gateway they continued sending notices.
Anyway, if you're hosting anything that might generate a DMCA notice, don't use Hetzner. They will kick you off even if you're complying with the DMCA process. Also, they make you submit a statement on abuse.hetzner.com for every single DMCA notice that gets sent to them. If you don't submit the statement in 24 hours they threaten to block your IP address. It is extremely tedious and annoying.