198 comments

[ 4.1 ms ] story [ 181 ms ] thread
I already lease a couple of servers with them, and I must say they are #1 in EU when it comes to... well, everything.
That is true, but you have to keep in mind that you have to get the flexipack if you want to run more than 3 virtual machines with their own ip on it. And honestly - if my server had 64gb ram I would want to do that. "back in the days" I got my own subnet for free, now they are charging for it pretty heftily.
Welcome to the last days of ipv4.
Absolutely true. Though it would be very nice of them to let me upgrade my server while keeping my old subnet for free (which they don't). I can understand their rational.
You get an entire /64 for IPv6. Time to make the switch.
I would love too do that, but most of my customers wouldn't be able to access the server afterwards. That's the only thing that's holding me back.
The 100mb connectivity says otherwise.
Great hosters!

     - cheap prices for lots of power

     - everything "just works" (only contacted for questions)

     - quick, friendly & to the point support service

     - great uptime

     - they are eco

     - 14 days money back (for root servers)
Drawbacks

     - bigger latency for US/Asia/...

     - you do your own backups

     - they bill only after the end of month. had problems when card expired
I have been using hetzner for all my servers for about 2-3 years, and have been very happy with them. I can remember only one, brief downtime.
Did you measure the latency difference by any chance? I am really considering buying one host there, would love to get an idea on this.
NY: ~100ms

CA: just under 200ms

Asia: even +300ms

didn't check Southern hemisphere

"Speed of light sucks" (John Carmack)
That's what typical response times look like: http://i45.tinypic.com/qq1xmd.png

(this measures the total time to download a static Hello World HTML page 325 bytes in size hosted on IIS from an EX 4S server in Hetzner's DC15 data centre).

Thanks for providing a screenshot - exactly what I needed to know!
But also you could use Cloudflare to make your site faster in these regions :)
250ms to Fibertel in Buenos Aires.
I'm also a customer for quite some time with various servers.

Pros:

- virtual private servers (VPS) have a tun/tap device so that you can use the VPS as a VPN server. this is not necessarily common with all hosters

- good speed/connection/reliability

- good hardware for a fair price

Cons:

- I usually don't need to talk to customer support often, but I rent a managed server and once in a while, they shut it down for a major update. This is totally fine and they even try to do this in the night, but it happened already twice that they couldn't tell me the exact time (in a range of minutes) in advance when they shut it down and they just said something like "server is offline sometime between 7am and 11am". I have paying customers on my server and I want to put the website in maintenance mode to prevent data loss. "Sometime between 7am and 11am" is NOT an acceptable answer. The downtime itself is a matter of 5 minutes, but I would expect an accurate time to shorten the maintenance period.

- They announced a server downtime for "Tuesday night" once. So what is "Tuesday night"? Is it the night from Monday to Tuesday or Tuesday to Wednesday? Guess what, I put my website in maintenance mode in the wrong night. I hope, next time they'll get that straight and announce the correct date and time.

- They stored passwords for their managed server customers in plaintext until September 2011 and got hacked. I hope they learned from that, but still, extremely stupid.

> So what is "Tuesday night"?

I agree they should be more specific, but most people would reasonably assume Tuesday night to be Tuesday->Wednesday, as Monday->Tuesday is Tuesday morning.

I also don't see why you would assume Tuesday night to be early on Tuesday.
Because most people assume night follows day.
The only issue we've had with Hetzner was related to billing. Our payment failed on a Friday afternoon, and even after updating the details, payment wasn't taken and the server resumed until Monday morning.

Apart from that one hicup, it's been very reliable so far.

> you do your own backups

they do offer 100Gb storage space though.

> they bill only after the end of month. had problems when card expired

you blame them when you don't update your payment information? i've been there long enoough to go through several cards, never had problems.

I didn't blame anyone:

> Great hosters!

And I mean it.

The payment problem appeared after my card expired (the second month of using Hetzner) and the new one didn't arrive. They understood the situation and allowed me to fix the situation in a couple of days.

Can somebody tell me why the EX 4S costs the same as EX 5 ? I feel like the 4S is actually superior, but I'm no expert.
EX 5 has a lower setup fee. Some people want to save once and pay more... (I don't understand those folks)

The EX5 is the last one with the old-gen CPU and was kept because in the early days of the i7-2600 it was too expensive to offer high-ram servers like the 4S (which was introduced months later)

>> EX 5 has a lower setup fee. Some people want to save once and pay more... (I don't understand those folks)

This seems prudent when going with a new vendor. Reduce financial risk until you gain trust.

How is this possible? With the HW and operational costs they have to be in deep minus.. Eg linode.com is considered good and they seem to be more expensive by an order of magnitude. Can somebody tell me what the catch is?
As long as they are charging more than their operational costs, they'll eventually turn a profit on any hardware investment.

Get a discount for buying in bulk, calculate your operational cost and failure rate, and go for volume. They have years to make their money back on this..every month their investment in new hardware gets closer and closer to being profitable.

Hetzner AG is highly profitable. They have to publish a balance sheet at http://www.bundesanzeiger.de/ (German only)

Annual net profits:

    2008:  4.077.791,31 €
    2009:  4.448.824,49 €
    2010:  8.925.128,81 €
Accumulated profits:

    2008:  9.030.980,10 €
    2009: 13.479.804,59 €
    2010: 22.404.933,40 €
key facts:

- cheap energy + human resources by building custom colocation facilities in regions where cheap cooling+power is available

- cheap self-made servers, no 19" form factor for decicated servers (they have 19" racks for colocation customers)

- hardware has to be refinanced in a couple of months. That's why the charge 149€ setup upfront.

- growing out of cash flow

- CEO and founder still CEO. Sometimes still interacts with customers regarding new ideas in their forum (German only).

see http://www.hetzner.de/en/hosting/presse/center for corporate press releases.

Similar to French OVH in a lot of way
Except OVH is a haven for nefarious use (seedboxes, etc.) and Hetzner most certainly is not!
> Except OVH is a haven for nefarious use (seedboxes, etc.)

Particularly through certain resellers, including the own "budget line" (http://www.kimsufi.co.uk/). Not that I'd know anything about nefariousness, 'onest guv.

Their french site has slightly better prices for some reason: http://www.kimsufi.com/fr/
Kimsufi was launched to fight against french Dedibox (now online.net), which at the time had lower price than the lowest OVH server. They stayed at the same level as them since then.
Could that be due to differences in VAT?

If not it might just be that they like to quote nice round figures (£14.99 and €14.99 perhaps) - this happens sometimes when the pound and the euro are (or recently have been) near parity.

What makes you say that Hetzner isn't "a haven for nefarious use" ?
(comment deleted)
Is it hardware or a virtual server?
Correct me if I'm wrong but that picture doesn't really say anything. Each one of those machines could still be running 16 VMs
Question: If I host the domain for my UK business on one of these (and say it is a generic .com - not a .co.uk domain), will it influence my google.co.uk SERP ranking massively ?

How would Google know my .com site is UK based?

Webmaster tools? Related: I host a org.uk site in the States which ranks well for relevant searches. It's a tourist site in the UK so I'm only really interested in UK traffic.
I am not an expert, but my understanding is that it would have some effect (worse than UK hosting, presumably better than outside EU), but I doubt very much. Faster hosting should have a positive effect, too.
Is "hoster" a valid word? I do not see it listed in dictionary.com.

If you hosted a party, would you be a "party host" or a "party hoster"?

It is in Germany (but you are right, it’s incorrect if used in English).
It's incorrect, until enough folks start using it, then the Oxford Dictionary gets an update :)
Anybody having experience with running ESXi on these dedicated machines.

Their online documentation says that it supports ESXi 5 and they put in a CD when you tell them with your order.

I have an ESXi 4 server on one of their servers, the setup was rather tricky - but it ran since ESXi was made free and had absolutely no problems.
Compare with SoftLayer which has decided to charge through the nose for their RAM upgrades: going from 16 to 64GB RAM on their E5 servers is an additional $1200/month.

They're far more expensive than e.g. Rackspace there for some reason.

I haven't looked at SoftLayer's offerings re: RAM but the most important thing to note with Hetzner is that only some of their dedicated machines have error-correcting code (ECC) memory. Hetzner's 16GB machine[1] (89 Euros/month) has ECC memory for example.

Whilst this might not sound like an enormous issue, DRAM errors are surprisingly common in real deployments[2] and can result in scary things happening to your data. If you're using a machine without ECC memory make sure you're prepared to deal with any possible issues that might arise, especially if it will impact your core business.

[1]: http://www.hetzner.de/en/hosting/produkte_rootserver/ex8

[2] DRAM Errors in the Wild: A Large-Scale Field Study: http://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf

How common DRAM errors are is very unclear. The numbers in that paper are astronomically high, but other sources have published numbers that are 30x or 100,000x or literally 10,000,000x lower.

See this Stanford ee380 talk: http://stanford-online.stanford.edu/courses/ee380/100922-ee3...

The part about DRAM errors is about 57 minutes in.

Abstract here: http://www.stanford.edu/class/ee380/Abstracts/100922.html

Also, AFAIK most hosting providers don't even have ECC ram as an option for servers, e.g. Amazon.

Do you have a source on Amazon not using ECC?
I was not able to find Amazon declaring that they don't, but neither do they say anywhere that they do. For example they describe the hardware specs here: http://aws.amazon.com/ec2/instance-types/ If they did have ECC RAM it is unlikely that they would keep it secret, especially given that ECC RAM can be twice as expensive.
I don't think there's a confirmed source, but there's certainly indications, for example, an AWS post that they use ECC memory for the GPUs in their cluster GPU instance

http://aws.typepad.com/aws/2010/11/new-ec2-instance-type-the...

Given that they list both the standard memory and GPU memory next to each other, but only put ECC next to the GPU memory, it seems relatively likely to me that the standard server memory is not ECC.

But Nvidia only sell Tesla's with ECC. I don't really read that implication into this.

On the other hand, the fact that https://forums.aws.amazon.com/message.jspa?messageID=203167 has never been answered suggests they do not, as they would answer affirmatively if it was true surely. Of course they may use a mixture.

EDIT: Interesting that James Hamilton is on their team and thinks they should use it http://perspectives.mvdirona.com/2009/10/07/YouReallyDONeedE...

I can well imagine that newer machines have it, and older ones don't, and slowly over time they'll end up with everyone using ECC.

The costs involved were a lot higher 3-5 years ago than they are today.

Amazon uses Xeons and Opterons where ECC is pretty much mandatory. They don't have an option for ECC because all their servers have it.
I think it is a good idea to architect your system under the assumption that once a year, some theif is going to sneak into the data center and make off with an entire server. Just one, but the whole server will then die horribly in a fire after a shoot-out with the police.

Lots of things can happen, you should have a higher level of replication such that you can handle a whole server going poof, not just a single bit going poof.

The cost of ECC at Hetzner-- the cheapest provider out there- is about half an additional server. So, buy three servers without ECC for the price of two servers with ECC, and replicate your data three times (and triple your bandwidth, horsepower, etc.)

This is not hard with platforms like Riak which are distributed homogenous clusters of nodes.

And if your service isn't built like that, then really it should be. (IMNSHO, of course.)

Replication isn't going to help if your data is being silently corrupted, you'll just replicate the corruption.
ECC Does nothing to prevent your server from dying in a fire after that police chase, either. However, replication is an effective solution to the problem you describe:

Whenever data is read, you read from more than one replica, and then compare them. If one of them has been corrupted, its hash won't match and you'll know it. You can then write out the correct data to the node with the error. This is very easy in systems like Riak.

SoftLayer charges an insane amount for memory
Hello,

we have several servers at hetzner since 2009. The performance has been stunning. Biggest upside is probably the ability to buy 1 TB of bandwith for 6.90 €. What amazes me is the fact that they can provide such great service and still be highly profitable. Turnover in the fiscal year 2010 was 29.68 Million € with post tax profit being 8.925 Million €.

The company rocks :)

I have two dedicated servers (EX 6 with ECC) they are awesome. Until now I had no issue with them.

I hope they continue this way.

Once I had a performance issue with my 100Mbit/s VDSL and asked on the forum. CEO himself checked the peering capacity and wrote me an email. While I still have to pay for my dedicated servers, I really love the way they're doing business. :-)
Their VPS service looks fantastic also: http://www.hetzner.de/en/hosting/produktmatrix_vserver/vserv...

Their 2GB plan is 3x cheaper than Linode…and you get over 4x the data transfer! Does anyone know how the performance compares?

I did a light benchmark of their 512MB VPS[1] which is insanely cheap. The only things that change when moving to the 2GB VPS is RAM, hard drive space and total data transfer. The CPU remains a single core and the same speed according to [2]. It's possible there's less contention but you'd need to find a benchmark for the 2GB VPS to know for sure.

If you're after any specific benchmarks give me a yell and I'll see if I can provide one for you.

[1]: http://smerity.com/articles/2012/hetzner.html

[2]: http://wiki.hetzner.de/index.php/VServer/en#Which_clock_spee...

Edit: Came across a review of VQ19 (2GB VPS) vs EQ4 @ http://code.google.com/p/catz/wiki/DedicatedOrVPS

I and several of my clients use quite a few of those and I'm very happy with the performance. IO performance is very good (especially for a virtualized system) for example apt-get update / upgrade takes less time on one of those than it does on a dedicated root server of mine (Core i7 Quad, 8 GB Ram, 7.2 kRPM SATA).

Any other specific questions?

You could also just get a dedicated server with a good chunk of ram. Say, 32gb or the new 64gb one. Then install XEN or KVM on it and run your own VPS farm instead. It'll save you $800-1600 USD/month in the long-run once you fill up the whole box with VPSs.

Another thing to note is that the new 64gb instance trucks a hexacore (6) core CPU and includes hyper-threading. Now, correct me if I'm wrong, but I believe this means you can run 12 virtual cores in your XEN/KVM instances with this, instead of only 1 which is provided by the Hetzner VPS's. That's quite a difference.

With my 32gb box (which is a quad core with hyper-threading) my XEN instances can spin up to 8 virtual cores, according to the (h)top utility.

What happens when the host box dies? If you build in redundancy, the costs start spiralling quite quickly...
Wouldn't the risk of that be exactly the same as the risk of a host box dying at for any VPS product anywhere? Specifically I'm sure Hetzner is running their VPS product on the same boxes, since one of their methods is to have a very standardized, custom designed box (like google does).
The good VPS providers have fail over hosts so that they can move your guest if the primary host is experiencing issues (e.g. RAID degradation). Linode have this for example (I know because one of my 512MB guests got moved recently).

Edit: Leaseweb (who are on a VMWare stack) also offer something similar via Vmotion

The chances of that happening are low anyway. I believe someone reported their server was running smooth for 3 years with only a single _minor_ downtime. Also, I doubt that an app that runs on a VPS is as important as one that requires a whole dedicated server. But yes, if a box happens to fail, how slim the chance may be, then your site is offline, just like Amazon EC2 that was offline for 3 days iirc even though they have multiple availability zones per region.

Also, running 3 dedicated servers for redundancy still isn't expensive when you compare it to traditional VPS/EC2. However, you do have to do everything yourself of course. Tbh I feel that people always tend to worry too much about "downtime" or "failing boxes" while the reality is that most people don't ever experience huge downtimes. If the app is really _that_ important then you're likely making some good money to justify paying for more expensive solutions and there wouldn't be a reason not to do that.

I'm no expert, but how many VPSs could you run nicely with just a typical CPU in there?
As many as you like, if you don't mind overcommitting the cores. CPUs overcommit quite well - it's when you start overcommitting RAM that you get into trouble.
But surely you'll have a hell of a lot less CPU power than, say, 128 of Linode's 512mb virtual servers, meaning they would have much worse performance if fully used?
That would depend on the type of CPU Linode is using. What the CPU's frequency is, the amount of cores, whether it has or does not have hyper-threading technology.

The hyper-threading technology is a pretty cheap way to add more virtual cores to your VPS's which is great. One thing is for sure and that is that Linode provides you 4 virtual cores and not 12 per VPS. But, that of course doesn't mean their CPU is better or worse. But, if you can run 6 cores at 3.8ghz, or 12 cores at 1.9ghz then I wouldn't worry too much about not having enough CPU power for your virtual private servers.

If any CPU-overcommitted VM system has guests which all want 100% of the CPU, they'll all suffer. No two ways about that. I don't know what hardware Linode put their 512MB instances on, and I don't know their overcommit ratio. 128 is more guests than I'd put on a 64GB host, though.

If your typical load is actually at 100% CPU for the majority of the time, I'll go out on a limb and suggest that VPS might not be the best bet anyway.

How hard is Xen to configure and maintain? I like VPSs because they're mostly hassle free, and all my projects are separate and isolated. It seems like running all my projects on one box would be a massive headache!
i have their 10 euro plan for running tamahatta.com, dont have any traffic but the site has'nt gone down for the last 2 and a half mth. ( which is when i took it)
Does any one know if their VPS servers are XEN or OpenVZ?
Alvotech (also German) offers roughly the same specs for about half the price, after a 10€ setup fee [1]. Although I haven't yet pushed these virtual servers to the limit in any sense, I can say I'm a happy customer.

[1] http://www.alvotech.de/vserver/?lang=en

That does look like a very nice service, but it seems to be much lower-end, not "roughly the same". The CPU is an in-order 1.8GHz Atom, which is not roughly the same as a superscalar out-of-order Athlon 64 or Core i7, and their RAM tops out at 4GiB, which is not roughly the same as 64GiB.
any ideas why it has a 32GB limit for windows?
Windows Standard edition is capped at 32Gb... if you want to use more, you need to use Enterprise...
MS might be doing RAM-based license pricing.
If it is possible to run a hosting service as cheap as this, why is there none like it in the US? I thought the labour, tax and VAT costs in Germany should make it less competitive but this is just way cheaper than anything you can find in the US. Does anyone know of any similar offerings in the States?
There are some other companies in Germany and France that operate for over a decade at very affordable prices. OVH, Strato, 1&1 to name some.

If you're from outside the EU you'll probably even get the servers without having to pay the 19% VAT.

Online.net as well.

Companies never pay VAT anyway, usually professional services display mainly prices without it.

All of the price listings on Hetzner says that VAT is included in the price.
From what I know the cost of cooling and power in Germany are much lower than in the US, Hetzner is also very long-term oriented, the equipment they buy only becomes profitable after running for a couple of years.
RAM allocation is the baseline for determining monthly pricing and their product page specifically mentions DDR3 RAM, which generally costs 50% the price of DDR2 RAM.
Yes, 1and1 - they offer pretty much everything Hetzner has and more (250 GB free backup, unlimited 100 Mbps traffic, which is about 30 TB per month if I'm not mistaken, and fully automated OS recovery and reinstallation, as well as serial console, which is basically KVM-over-IP.

Their tech support is pathetic though, and the worst thing is that it takes them quite a while if any hardware fails - you could be out for days, with no possibility to even pay a premium fee for emergency repair... But of 5 servers I've had with them, only 1 (the cheapest) had issues (hanged on reboot)...

So far as I know, 1and1 is also German (they might have data centres in the US though) and their prices (as of now) are not competitive with Hetzner. Look at http://www.1and1.com/ServerPremiumXL?__lf=Static&__sendi...
Yes, they're owned by a German company, which is interesting. They are the cheapest in the US/Canada, though, and the hardware is pretty high quality...
(comment deleted)
10 years satisfied customer.
If you're outside the EU, you probably don't have to pay 19% VAT. So it's even less than 109€...
The same if you have a company outside Germany and based in Europe
But only if you are VAT registered, at least in the UK.
Purchased an EX 4S (32gb ram non-ecc) the other day from Hetzner, been running extremely smooth. They got it rigged up in about 2-4 hours. Installed Xen to run my own little VPS farm and it's dirt cheap compared to all the VPS providers out there, and more performant as well since you actually own the underlying hardware.

Just noticed they also added "1 Gigabit-Port" under "Additional Options" at only 39 EUR, along with an additional 15TB bandwidth increase (You get 100Mbit by default), and only 6.90 EUR for additional TB's of traffic. Pretty sweet if you're doing some kind of video/stream hosting. Of course it has it's downsides compared to S3 but when you compare pricing in "TB" to S3, you'll see how redonk the S3 pricing is. Now, if only Hetzner was also located in the US and Asia that would complete me.

> Of course it has it's downsides compared to S3 but when you compare pricing in "TB" to S3, you'll see how redonk the S3 pricing is.

Remember, comparing "x TB of storage" to S3 is silly. S3 is designed to replicate your file to multiple datacenters (their site promises ELEVEN nines of durability!), provides things like a BitTorrent tracker for your files, etc.

Unless I'm mistaken he is not comparing TB of storage, but TB of bandwith used.
Does anyone know how they can provide bandwidth for so cheap? 7 EUR for a TB of traffic is insanely cheap.
nearly-free peering at http://de-cix.net/ and http://www.n-ix.net/ to offload a big load of traffic + bandwidth and fibres are not that expensive here in Germany (unless you go with Deutsche Telekom).
That's great information. Why hasn't this happened in the US as well?
Are there legal issues to think about when storing data on German servers?
They have strict laws for copyright infringement from what I hear... on the other hand, the FBI can't just pull out your servers :-)...
Yes. For us Europeans, it's much safer since there's no export of data outside the EU :)
You can't distribute Nazi materials or ideology. Free speech is also limited, you can't just defame people. Also as a german business owner you are required to have an imprint with some specific info, no idea how this is for foreigners.
Interesting... the only hosting company with comparable prices and features in the US is 1and1 (which is actually owned by a German company), but their tech support has been pretty bad (takes them freaking days to replace hardware - on the other hand, EVERYTHING can be done remotely)...

I wonder if hosting in Germany would affect a site's response time and ranking on Google in the US?

I have a question. Do they always ask for passport scan and credit card photograph, or I fall under some special category which makes me suspicious?

Going by the rave reviews, I ordered the 512 MB vps to evaluate, and was greeted by an email asking for my passport and credit card photograph. I don't feel like doing business with them anymore.

I am a bit uncomfortable about sharing my credit card info. But since I already have shared my card number, I figure I can attach the card photo.

And even if I comply with the ridiculous request of providing a photograph of my credit card, most of the times I use a virtual credit card. My bank lets me creates virtual credit cards and link with my card/account. The card doesn't exist physically and it lets me reset the transaction limit. I reset the transaction limit before making a transaction ensuring I can't be overcharged. They would turn me down because I am concerned about my financial transactions?

It's normal. Myself and another person I know had to do it too.
> The would turn me down because I am concerned about my financial transactions?

No, they would turn you down because you cannot present to them their risk guarantee criteria that enable their low prices.

> No, they would turn you down because you cannot present to them their risk guarantee criteria that enable their low prices.

What kind of risks are they putting up with without a photograph of my credit card?

Stolen cards? People deactivate their cards when the cards are lost. And if people don't, then the thief has an active credit card and can very well send the copy.

I won't make my payments? How does the photo of my credit card help? It makes sure I have a credit card - it doesn't make sure you can make transactions on my card(limit reached, card blocked, payment disputed) etc.

Banks might be less likely to reverse a charge if you have a photo of the credit card and an ID of its holder. [citation needed]

My company provides a free online form service and I've banged my head regarding the abuse that hits the fans: Nigerian spammers using our service to do identity theft, disguised password collection forms, harvester accounts being automatically created on a daily basis and what not. I'd hate to imagine what Hetzner has to put up with.

Ultimately it's their choice to set their abuse verification threshold and their prices, and your choice to accept it or go elsewhere.

I don't see how your speculations about how they are using the documents relates with your initial claim of risk mitigation and especially, low cost.

> Banks might be less likely to reverse a charge if you have a photo of the credit card and an ID of its holder. [citation needed?]

Yes, citation needed.

Another situation would be you have the photo of my credit card and my ID and you charge me 100x in place of x. What is the bank to do when I dispute the payment? Let it slide because you have the photocopies?

Also, there mail says:

> We are going to save the document submitted for a period of 3 weeks.

So either they are lying(I haven't read the t&c though; quoting from the mail) or having the copies doesn't do anything.

> Ultimately it's their choice to set their abuse verification threshold and their prices, and your choice to accept it or go elsewhere.

Oh they are free to be as ridiculous as they want to be. That doesn't change the fact that I can call the practice ridiculous, irrespective of whether I am doing business with them or not.

when i ordered, i shared my apprehension with the credit card phone, but they wanted only the last 4 numbers to be visible, i blacked out the other numbers with mspaint and sent it across.
I am from India, have a server with them and was not asked for any documentation. May be it is a recent change.

Given that you pay for the server in advance, a VPS is essentially zero risk for them. I am also surprised by this requirement.

> Given that you pay for the server in advance, a VPS is essentially zero risk for them. I am also surprised by this requirement.

I am still not fully convinced, but this post makes some good points.

http://news.ycombinator.com/item?id=3899929

It's definitely not a recent change, they required a copy of a photo ID as early as 2005 when I got my first server there. Don't remember being asked for a credit card scan ever though.
I didn't have to give them anything (I'm in the UK) but a client in Australia did. So maybe there's an EU thing at play (or just a risk assessment based on countries' fraud levels).
I got my server just over two years ago and they requested a copy of photo ID, but not of credit card.
>Given that you pay for the server in advance, a VPS is essentially zero risk for them.

It is not zero risk, the risk is quite high. A credit card company may reverse a transaction reported as fraudulent unless they perceived the fraud report was incorrect / steps had not been taken to prevent fraudulent card use. Web servers are good resources for uses which are often funded by fraud.

TLDR: You do almost the same thing in the USA, only it is automated. We have the patriot act which requires collecting a lot of info-- the US has centralized databases (namely credit reports) that allow easy authentication of people. Outside the USA, they don't have the patriot act, but they have a lot of similar laws, and thus collecting a copy of your passport lets them know you're not an identity thief and lets them satisfy "know your customer" laws in their country. In the US the same thing can be authenticated by running a check thru a database, though in the US the law doesn't care whether you're an identity theif (which is why you don't need photographic proof) but whether you're on a terrorist list... the latter can be done just from the info you give.

They are the target of people who want to run torrent servers, criminal irc chat rooms, and stuff like that. These are not the customers they want. They also don't' want to incur the cost of setting up a dedicated server for someone whose just giving them stolen credit card info.

Since often stolen credit card info is distributed in text form, the theifs don't have access to the physical card. Showing you have access to the physical card and the physical passport does not prove that you didn't steal both from the rightful owner, but eliminates those people who just bought a list of credit card numbers.

While stolen cards are often cancelled relatively quickly, this can take anywhere from days to weeks to process thru, by which time they will have incurred the real labor costs (that they charge the 150 euro setup fee to cover) only to have those charges reversed because the card was stolen.

One thing that was illuminating for me as an american is the discovery that our banking system is set up very differently from many other countries. Thus things that are easy for us, are not as easy for them. (Taking a credit card is harder for a merchant outside the USA because the credit card system originated in the USA under the US legal structure. This is why shopping online is less common in, say, south america, than it is in north america.) Other things that are hard for us are easy for them-- if you want to give your friend $20, you just log into your bank and send him the money. The entire purpose of paypal was replaced outside the US as a simple feature on bank websites.

Asking for a photo of your passport and credit card is not really out of line. I understand why you would be hesitant to give these things up as an american-- when I first started doing business internationally, I was very hesitant as well. After awhile, though, you realize that trustworthy businesses are trustworthy. The data I'll be putting on hetzner servers is much more valuable than the image of my passport (Which every low paid border agent at a third world country I visit gets a copy of.)

If I can't trust them with my passport image, can I trust them with my data?

I mostly agree with what you say.

I was a bit angry because they didn't mention this at the time of signing up. It might be somewhere in the t&c but I think this kind of information should be explicitly told viz. we require your passport and credit card photo to sign you up with our service.

I didn't like the callousness with which they request the information. Another commenter mentioned he talked to them and they said only last 4 digits of the card would do for the photo. Now isn't this the kind of information they should be providing along with the request?

I understand I am giving them my card data for payments and the photo of my card contains less data than what is already there with them. But there are legal requirements for storing credit card info on which I can count. There are no such requirements for a photo of credit card exchanged over mail.

> The data I'll be putting on hetzner servers is much more valuable than the image of my passport

I was more concerned about credit card. I did find the passport request a bit weird, but then I had the same line of thought as you - a copy of my passport is with my employer, my landlord, custom offices and a bazillion other places. Identity theft is a possibility but an established business comes very low on the list of threats.

> I understand why you would be hesitant to give these things up as an american-- when I first started doing business internationally, I was very hesitant as well.

I am an Indian living in India. India as a nation is a late entry in online playgrounds, and as a result, most of us are skeptic when dealing online. As I detailed in my parent post, I mostly use my virtual credit card to make the payments with the limit set to the amount I am going to be charged to avoid being scammed(page says x, you charge me 100x). That is not a concern with established businesses though.

> a copy of my passport is with my employer, my landlord, custom offices and a bazillion other places

It is? Where do you live that this is a normal thing?

> I am an Indian living in India.

Unless you were looking for something more specific.

Just curious; it seems very odd to me - definitely something that would be strange to most people in the US.

Is that common practice in India, are are your circumstances unusual?

As a brazilian, I find it somewhat strange, but not that much.

Not only we have a national ID system (not one, but two systems, both with unique numeric IDs), we are required to photocopy them, along with proof of residence and several other things (for instance, something to prove that you do have an income and how much), in order to perform simple actions such as cellphone purchases (with a plan). You'd have to provide "only" your ID (CPF) with a pre-paid plan.

To be employed at most places, that same info has to be provided, more or less (you don't need to prove income, but you'll probably be required to provide a criminal record).

This is probably because of how trustworthy we are perceived to be. Nothing gets done without at least a proof of identity (sometimes, even using check or credit card purchases at regular stores). Not to mention the fact that we are..."advised" to carry ID papers everywhere, and the police will be somewhat displeased if they decide to take an interest on you and you have nothing with you to prove who you are, even though I am not aware of anything resembling a "Stop and Identify" law. I was never asked to provide ID, though. Were I black and poor, my guess is that it would have happened several times already, along with random street searches.

All that said, I've never had to provide my passport to anyone, anywhere, except US embassies. Most brazilians are not required or even expected to have one (and is not required when travelling inside Mercosul).

> It is? Where do you live that this is a normal thing?

When I joined my first job, my employer asked for my passport(id proof), college mark sheets(unless you score x, you aren't eligible for the job), high school mark sheet(10th and 12th grade - some employers require a min of x grades to be eligible) etc. It's quite common for the employer to ask for the id proofs and grade sheets for the first job. I held only one job, that too fresh out of college; so I can't tell what documents are required when you change jobs.

As far as landlord goes, there is a legal requirement that landlords know the identity of the tenants. For their own safety and to fulfill legal requirements, landlords ask for some sort of id proof. It need not be passport though.

You are renting a server in Germany. If you were a german citizen, they would ask you a copy of your id. Since you are a foreigner they ask you for a foreigner identification, which is the passport.

Aside from the passport, when I first rented a server there I had to send a ¡PHOTOCOPY¡ of my credit card and send via FAX. That was the truly weird thing :)

I tried everything to not send things via fax, but then I understood that they must receive hundreds of request from fake people with fake id and fake credit card. If they don't have at least the photocopy of those it means that you're probably a fake trying to get a server with someone else data.

In the end I decided to send the data anyway, since it's a huge corporation and they're based in Germany. If it was based in some shady place, I would never send the data.

Same procedure in South Africa, though generally the local identification document is used not the passport. For example to get a cellphone contract: Proof of residence (utility bill), the ID mentioned above, a bank statement and a payslip.
> This is why shopping online is less common in, say, south america, than it is in north america

not completely true: I'm a south american (Chilean) currently living in the US. Shopping online in south america is not as common because: a) access to credit cards is not as common as in the US b) there's only few companies doing the inter-bank connection and credit card processing, which btw charge some excessive fees, c) because of the previous two things, there's no culture for online payments, although that's changing. Oh, yes... also d) interest rates are stupidly high.

> if you want to give your friend $20, you just log into your bank and send him the money

Totally true: internet banking is so, so much easier in Chile than here in the US, that I really miss it! Back in Chile I could easily transfer money from my personal account to a friend's account instantly and from the bank's web site, with no fee. No wire transfer but seamless inter-bank money transfer. The security while it could improve is very good...

Anyway, just a side comment on comparing online and internet banking in south america and the rest of the world :)

You can most likely do that if your friend is using the same bank. Also, paypal is always an option.
Yes but there are so many banks this is unlikely. In the rest of the world it just works.
"You do almost the same thing in the USA, only it is automated. We have the patriot act which requires collecting a lot of info-- the US has centralized databases (namely credit reports) that allow easy authentication of people. Outside the USA, they don't have the patriot act, but they have a lot of similar laws, and thus collecting a copy of your passport lets them know you're not an identity thief and lets them satisfy "know your customer" laws in their country."

This is quite possibly one of the oddest things I have read all day, and what, the 5th time the patriot act has come up in this thread? What in the world does the Patriot Act have to do with credit card transaction authorizations? You also seem to imply that credit reports are used to authorize individual card transactions, please provide a citation as I have never heard of this.

Your post very nearly hit on exactly the issue, but was clouded by this first paragraph.

So, let's make it clearer: the reason for asking for a scanned copy of the credit card is to prove the person who made the transaction had a physical copy of the card with an impressed number on it. This is used as a means of reducing the chance of loss in the case of a chargeback as online transactions do not require swiping a card through a POS terminal which normally proves the presence of the card by reading the magnetic stripe[1]. An impression or image of a card is one of the most important means of reducing your liability as a merchant during a chargeback[2]. The scanned copy of the passport is just further validation. We do the exact same for any transaction initiating from a country where we have received a heightened rate of chargebacks from customers based in that country.

Your confusion about the Patriot Act seems to not differentiate the idea of an individual transaction from setting up a transaction account. Perhaps you should read up on that more. The Patriot Act anti-money laundering aspects are not about validating every single transaction through a government database, but about validating the identity of a person requesting to open a new account. [3]

[1] http://www.aic.gov.au/documents/B/6/4/%7BB64DD6E5-3B79-4920-... [2] http://www.heartlandpaymentsystems.com/article/Manually-Impr... [3] http://www.fincen.gov/news_room/rp/rulings/html/312factsheet...

The first reason has been explained already: They are afraid of (online) credit card and identify theft.

The second reason, why a lot of people (especially from Germany) will not be asked to provide a scan, is that they have a credit history in Germany. It is really common to check your credit history first. The german credit agency they are using probably has no information about you, that is why Hetzner wants to make sure that you are not trying to defraud them.

It can be really tough to buy stuff online in Germany if the local credit agencies don't have information about your credit history.

>My bank lets me creates virtual credit cards and link with my card/account.

What bank are you using?

After over a year of hosting in the cloud (amazon aws) and spending alot of money in the process we also made the switch to hetzner recently... The cloud and its benefits is nice and good, but the computing power you get for 100 bucks from companies like hetzner is just incredible.. Of course there are higher costs of setting everything up, but on AWS we had todo most of the complicated stuff on our own anyway..
I've never seen anyone running a reverse auction to rent their old hardware out before:

https://robot.your-server.de/order/market

I guess if they're not short of space for hardware & cooling then this is a profitable way to put old hardware to use until the demand falls below the running costs. I wonder what the reliability is like?

Thinking about scraping this data and calculating performance-to-€ ratio to identify good deals/unclaimed bargains etc. Perhaps even calculate the mean average price a given server spec sells for etc.

If they have an affiliate scheme that would make s nice side project

Totally random off the cuff... I've been fighting with an EX 4S server for the last week, trying to set up Xen under Debian Squeeze... anyone got some rock-solid instructions which they know work? I've tried both my own recipes and various tutorials on the web, but so far no luck. I managed to get Xen sort of working at one point, but then the networking wasn't working. I'm about ready to start throwing things out the window...
depends if you bought extra IPs (up to 4) or a whole subnet? There are some tutorials by customers on how to setup routing at http://wiki.hetzner.de/
Do you need debian? If not, 1 - Ask for a LARA install of Xen Server (20€ IIRC). 2 - Request an additional IP with MAC address 3 - Change the MAC address of your VM on XenCenter
Last I checked Squeeze had a fairly straightforward Xen 4.0 package. I did have trouble with dropped packets, but I was doing some pretty complex stuff and it was already fixed upstream.

How exactly are you trying to setup networking? Bridged, routed, NAT on dom0 vs domU?

These two pages might help you, though both are slightly out of date:

http://www.pc-freak.net/blog/how-to-configure-and-enable-xen...

http://wiki.kartbuilding.net/index.php/Xen_Networking#Two-wa... (more out of date, but ideas are correct)

EDIT: ZFSonlinux is worth looking into as it's becoming fairly mature and provides the perfect storage for xen instances.

(comment deleted)
Does it have to be Xen? I've had a lot of good luck using KVM and so far it seems to be more stable... and it can run OS's unmodified.