Hetzner

Hetzner Online GmbH is a company and data center operator based in Gunzenhausen, Bavaria, in Germany.

History
Hetzner Online GmbH began operations in Germany in 1997 under the name Hetzner Online Services. Between 2000 and 2015, Hetzner Online in Germany operated under the legal status AG ("Aktiengesellschaft"). In 2015, it changed its legal status to GmbH. In addition, Hetzner Online expanded its chief executive team with Stephan Konvickova and Günther Müller at the beginning of the year 2019.

The company is named after its founder Martin Hetzner. Hetzner Online owns and operates four data center parks in Nuremberg and Falkenstein (Germany), Tuusula (Finland), , Ashburn, Virginia (United States), and Hillsboro, Oregon (United States). In addition, Hetzner Online is a co-investor in the Cinia C-Lion1 project, which connected Helsinki and Rostock, Germany together with a 1,100 km long submarine fiberglass cable. The cable provides a high-speed connection between Hetzner's German and Finnish data centers.

Services
Hetzner Online provides dedicated hosting, shared web hosting, virtual private servers, managed servers, domain names, SSL certificates, storage boxes, and cloud. At the data center parks located in Nuremberg, Falkenstein and Tuusula/Finland, customers can also connect their hardware to Hetzner Online's infrastructure and network with the company's colocation services. The company operates a server auction site online where the chance to rent older dedicated servers (not purchase or colocate) are auctioned off in the form of a Dutch auction.

Hetzner Online has a domain name registrar arrangement with ICANN (for registering domains under .com, .net and .org and others), DENIC (for .de), and nic.at (for .at).

Infrastructure
Hetzner Online's datacenter projects are coordinated and implemented in-house with as little outsourcing as possible. Data center units served by multiple redundant uplinks, including 1300 Gbit/s to DE-CIX and fiber optic links to Nuremberg and Frankfurt. Colocation facilities are sited at all data center parks in Nuremberg, Falkenstein (Vogtland) in Germany and Helsinki in Finland. In 2021, a datacenter in Ashburn, Virginia, was opened, marking Hetzner's first American server.

Network
The backbone is set up in the form of a ring network between the datacenter locations Nuremberg and Falkenstein as well as the most important Internet location, Frankfurt. All locations are connected to central exchange nodes such as DE-CIX, AMS-IX, DATA-IX and V-IX via the company's own fiber optic network. All Hetzner's dedicated servers had a minimum 20 TB monthly cap for full speed on their servers with the option for an extra fee for full speed past that point, however, have lifted the bandwidth cap on 1 Gbit/s connection speeds as of October 1, 2018.

Hacking
In June 2013, Hetzner Online suffered from a security breach where customer information was exposed to attackers who had compromised Hetzner Online's monitoring systems.

Russian complaints about Glavcom.ua
In early August 2014, the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) sent a demand to many news agencies, including BBC, prohibiting any mention of the demonstration that was being arranged in the Siberian city of Novosibirsk in support of the federalization of Siberia. A number of such messages were sent to Ukraine, which was in the midst of undeclared war with Russian paramilitary in Donetsk region. Since the Ukrainian online newspapers did not remove the article, Roskomnadzor sent letters to their Internet providers demanding removal of the news item. Hetzner Online complied with the demands and sent a notice to glavcom.ua, saying "Please solve the problem and reply within the next 24 hours to avoid suspension. This is the final deadline."

This story was widely reprinted in news sources. Ukrainian Ministry of Foreign Affairs issued a statement expressing solidarity with glavcom.ua owners and journalists. Vassily Zvarych, vice-head of Communications Department of Foreign Ministry, gave a press conference saying that he was surprised by Hetzner Online's compliance with the Russian complaint. Also, a German chapter of Reporters Without Borders issued a statement condemning Roskomnadzor.

The notices to suspend Glavcom.ua were issued by Hetzner Online August 6, 2014; on August 10 Hetzner Online issued apologies, denying that any censorship was planned and that their technical support made a wrong decision, which they regret. However, by that time the story was widely published in German mass-media, and Glavcom.ua already migrated from Hetzner Online to another hosting provider.

no.spam.ee lawsuit
In 2013, an Estonian anti-spam activist Tõnu Samuel posted a blog entry about an alleged spammer Silver Teede on his website no.spam.ee. In retaliation, Teede wrote a complaint to the blog's service provider, Hetzner Online, who decided to terminate services for the blog. In an ensuing court case, Estonian courts found the complaints to be baseless and awarded Samuel damages from Silver Teede for the loss of Samuel's servers.

Duplicate Ed25519 SSH keys
From April 2015 to December 2015, many of the OS images used by Hetzner's installation program installimage had used duplicate Ed25519 SSH keys. This could potentially mean that an attacker could use a man-in-the-middle attack to compromise an SSH connection that was using Ed25519 keys. Hetzner sent an email to all affected customers with any potentially affected servers on information about the issue, and how to fix it.

Blocking "Novaya Gazeta"
On January 11, 2016, Hetzner blocked the St. Petersburg site of Novaya Gazeta, the leading oppositional, non-governmental newspaper in Russia. The newspaper marked the act as political censorship without any legal procedure.

Blocking Ukraine War information
On March 7, 2022, during the 2022 Russian invasion of Ukraine, Hetzner allegedly blocked servers belonging to a Ukrainian state-affiliated war information website (war.ukraine.ua), which was posted by the official Ukraine Twitter account. Hetzner initially denied blocking the website in question, stating that Cloudflare informed them that the IP does not belong to their network. Two days later, Hetzner confirmed via a press release that they had erroneously suspended the servers due to "anomalies" found in the account by an employee, which came from a not yet fully developed "plausibility check" and stated that their actions were not politically-motivated. The press release has since been deleted from the Hetzner website.