tailscale runs a continuous netcheck to an unroutable IP (203.0.113.1:12345:UDP) [1] for whatever reason. This triggered Hetzner's ghetto-ass DDOS protection, thinking my server was compromised or I was netscanning the world. They sent me an email saying my server was compromised and I had 24hrs to remedy it.

I responded to the email and filled out this attestation form declaring that my server was not under attack, it was a false positive, and explained what they were seeing (not to mention it's an unroutable IP). They still null routed my server and refused to turn it back on, and their arrogant support told me there was no way I was in control of this server etc. They took my box offline during a peak user day, so I migrated to AWS and never looked back.

Don't do anything of importance on Hetzner. No wonder they only get people running pirated plex boxes.

[1] https://github.com/tailscale/tailscale/blob/94304819263b0553...

Contrary to this i run lots of stuff on Hetzner no problem. Even with Tailscale. Running solid VPSes in this day and age is not rocket science as AWS wants everyone to think.

got a lot of boxes running tailscale at Hetzner never had this issue

Maybe they've added a fix to their detection system since? I quite literally have a netscan abuse report from them filled with the above UDP IP and port.

My first action would be to use up tables to block these requests.

Then get more understanding why this happening and then send the details to the support.

I mean it’s an old adage but I guess you get what you pay for.

For a simple, low-stakes personal website, Hetzner is probably hard to beat on price.

Why migrate to AWS and not something more like-for-like, perhaps OVH or similar?

I'm most familiar with AWS so I went back to a trusted (and far more expensive) platform where I didn't have to deal with amateurs literally turning off a paid service.

I may explore OVH in the future, nothing against them at all.

ok.