All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hetzner server hard disks "confiscated by district court"???
Hi,
I am running several servers at Hetzner. Today, my server is unreachable. After a few trying to restart the server via Hetzner's robot panel, I still cannot connect to the server. Then, I tried open a ticket and after a few minutes, I got a reply from the support that "the servers drives were confiscated by district court (German: Amtsgericht) Bamberg" and even Hetzner "can't give you any more information about this case by law".
I am not familiar with EU law and I am sure that many people who don't live in the EU would not. I would like to ask what is the problem here and what should I do?
FYI, My server is running proxmox with a few VM to provide working environment for my team. Each VM may run some remote software or Bluestack. I am pretty sure that my team will not store any CP, even legit porn on the server. I have running/managing VMs for several years but have never faced this issue.
One more thing, I sometime received emails from Hetzner saying that I have to configure the the Portmapper service (portmap, rpcbind) to avoid DDoS reflection attacks but I often ignore it (Actually I don't know how to configure). Is this action related with the case?
Thank you in advance.
Comments
Get a lawyer. The fact that you immediately went to the idea of CP creeps me out.
best guess one of your VM's was hacked and someone was using it for some unsavory things.
The DC's hands are tied if they got a court order, all you can do is wait.
As I said, I am not familiar with EU law and CP is the only thing that I know it's prohibited to host. Moreover, I am living in Asia and I am not tied to EU law so I don't think I will have the problem with them. The only thing I care is when my server be online back.
@AnthonySmith: Thank you for your comment. Hetzner provide me a file number and they said I should contact them. I will write them an email and let's see.
If you want your disk/data back, you're probably going to have to lawyer up in the EU.
Erm, especially in Germany the list of things illegal to host is as long as both of your arms.
Hetzners typical policy (from memory, 2012~) for this is to take one half of the mirror, so he should be able to boot up and sync up new drives.
Worrying part of course with that is if he didn't get told what the problematic material is, he can't disable it.
I don't know why you would think child pornography being the only thing illegal in Germany. Hetzner should give you the contact info of the public prosecutor's office in charge of the investigation related to your server. Fingers crossed about their english skills. I wouldnt count on getting those HDD back anytime soon.
Do you think I should a new disk from Hetzner and get back to work or keep waiting for a few days?
Yes. Drive(s) that were taken are evidence now. Police will keep them as long as they need them.
Oh and by the way you're involved in a criminal investigation now. Maybe getting your system back on line is not actually the most important thing in your life now?
uptime > criminal investigation (at least, as long as there are no criminal charges)
Don't expect them any time soon, it may be months rather than days/weeks.
Also don't be surprised if you are expected to pay for the replacements, it is not like the DC caused this.
Did hetzner not provide you any contact details of the police or judge?
Assuming Hetzner have your real contact details, address and the like, and the police find something worthy it won't take long for your local law enforcement to come knocking. International law can be a right pita.
If you don't know how to configure that.. +1 for being hacked
The German law is probably the most strict in Europe, Hetzner will tell you if you ask them that when it comes to porn, any type of it, it all breaks down to the discretion of the police. The laws say you are not allowed to store anything that's not decent, but nobody defines the word decent so if there was anything they found violating then it's bad. Still if it wasn't something really serious it would have been all treated as a breach of ToS and you would have gotten a notice from Hetzner with a suspension warning. The fact that you never got that and that there was an actual warrant to seize drives issued by an actual judge confirms that this is serious business. It's not some breach of ToS, it's actual crime. What type of crime only you may know, but not tell or may as well be victim to.
But as @WSS said, you should have gotten a lawyer already for you and everyone with access to your server because you're going to need it. Prosecutors don't walk around town seizing hard drives for nothing.
It can take years to get the drives back, get a lawyer and make pressure.
I hope you got backups.
Police wouldn't waste time driving down there to seize your drive for nothing. There has to be a pretty strong reason for their actions. I think LET is the last place you should be posting at the moment. And the fact that you mentioned CP even if you had nothing to do with it worry me a little.
To be fair, all he said was:
I think he was just trying to think of what might be illegal in Germany and resulted in his drives being seized. The only thing he could think of was CP.
Fair to say he should know more about hosting laws in Germany (or wherever he chooses to host) but I don't think we should jump to accusing him of CP, particularly as
You have encrypted all data or no?
Hetzner has no obligation whatsoever to be a messenger for the OP.
OP will be contacted by the law enforcement as naturally his or hers details have surely been passed on the orders of the court.
If you do business in the EU you should be.
You sure as hell are 'tied' to German/EU law when you run a service based in Germany.
Take some responsibility for your actions.
Made my day. Good luck with that.
Yeah, he was merely mentioning CP but here is the thing. If he gets into a legal mambo jumbo, the mere fact of him mentioning CP can only damage him which is why I said this is the last place he should be posting.
Lawyers love to twist things after all.
I don't know why you all talk about CP.
CP is well known for being the badest data that you can have. So, I think that is why he mentored it.
The German court already has confiscated 5 complete dedicated from me. On these servers was only a tor exit node running.
Later they told me, that someone has tried to get data from the "BKA" (Similar to the US FBI) via an SQLi.
Afer arround 1 and a half year, I've got my hardware back...
Also, I don't ignore any email by provider. You could've just blocked the mentioned ports or googled for complete info.
You'd be surprised.
I suggest that we get our feet back on the ground.
For a start, as OP seems to not live in germany and from what little he told us I do not even think that there is trouble with the german law. I rather presume that there is trouble brewing in OP's country and that the german simply acted upon an inter-agency agreement.
As for what to do, no you must not lawyer up right away. In most european countries you can simply contact the relevant authorities (those who took your servers away) and they MUST (and usually will without much trouble) tell you the legal basis for their actions which in cases like this translates pretty much to telling you why, on whose request, and what exactly (a single disk of an array, the whole machine, etc) was taken away and why you are accused of (if you are accused of anything) and by whom.
The only real problem often is that the authorities don't give that information to just anyone saying he's you. An email will probably not be sufficient. On the other hand they MUST (they are bound by law) inform you even without being asked by themselves, which, however, might take aeons through the diverse bureaucracy stages plus translation, etc.
The bad news is twofold. a) (Particularly) german authorities are known to be very backwater (in IT) and very slow (and utterly "orderly", read bureaucratic). Chances are you'll see your disk(s) no sooner than grandma has more RAM in her PC than the size of those disks is. b) Unless you are a very big and well connected player you have zero chances to fight back, even if they do outright illegal things (which quite often happened in diverse european countries). In other words: Just forget that disk and consider it dead scrap metal (which it will be anyway once they return it should they ever do that). Also forget any funny ideas about compensation for burden and/or loss suffered.
Finally, think about what has happened and particularly what lead to this situation. You might also want to consider whether hosting in germany was a smart thing to do in the first place. Keep in mind that germany (the politicians) paints itself as very liberal and open (so much so that most germans believe it themselves), is however in fact a strange breed. Indeed very liberal in some areas but arch-anal in others (unfortunately many IT related things being in the latter category).
@bsdguy You should start writing a tl;dr snippet for us poor mobile users. It’s hard sometimes to make out what you write when the text is so tiny
I read it all on a 3yo phone...and I have middle aged eyes!
Keyboard warrior rule #1: Make your message short because not many reads tl;dr.