On 8 October 2024 I received an email from Hetzner. This was a forwarded abuse report. As is standard practice in the web hosting business Hetzner forwarded this to me so I could take action on it.
This was no ordinary abuse report. This was targeted harassment from a threat actor that has been harassing me and my friends for a long time. Now they have started targeting Ten Forward itself in an attempt to cause disruption in the day to day operations of Ten Forward.
Table of Contents
The Abuse Report Itself
Abuse data
===============================================
Source: tenforward.social
Category: other
Description:
------------------------------------
Dear Hetzner team,
I wanted to bring to your attention abuse of your terms and conditions on the website tenforward.social. The admin goes by “guinan” and “[REDACTED FOR PRIVACY REASONS]” and may also be known by the name [REDACTED FOR PRIVACY REASONS].
According to https://wiki.tenforward.social/doku.php?id=tenforward:technical:serverinfo they state they are hosted on your Auburn, VA Hetzner Cloud server, specifically on the CPX41 plan which includes 8 VCPUs and 16GB of RAM
Reviewing Hetzner’s terms, condition 8.2 states that pornographic material is prohibited. This is also in violation of the Limitation of Liability. As noted at the bottom the admin also posts extremist content including death threats.
This website is being used primarily for online sex work.
One example is the following profile:
[REDACTED FOR PRIVACY REASONS]
In their profile, “#sexwork” is used to describe them, and they have a link to their other sex work profiles specifically labeled as such, including an email address to proposition them.
In these posts they post their pornography:
[REDACTED FOR PRIVACY REASONS]/113193241218707289
[REDACTED FOR PRIVACY REASONS]/113193216977798389
[REDACTED FOR PRIVACY REASONS]/113165166866924518
[REDACTED FOR PRIVACY REASONS]/112992213339625988
[REDACTED FOR PRIVACY REASONS]/113165238592813286
[REDACTED FOR PRIVACY REASONS]/113165240376711698
[REDACTED FOR PRIVACY REASONS]/113165265733091274
All of their media is listed here:
[REDACTED FOR PRIVACY REASONS]/media
And they do so in order to ask for money in exchange:
[REDACTED FOR PRIVACY REASONS]/113188779515867336
And their pornography accounts are listed here along with solicitation for money:
[REDACTED FOR PRIVACY REASONS]/111903946369553399
Another example:
[REDACTED FOR PRIVACY REASONS]
[REDACTED FOR PRIVACY REASONS]/media
[REDACTED FOR PRIVACY REASONS]/113164376000494613
[REDACTED FOR PRIVACY REASONS]/113150012108791085
[REDACTED FOR PRIVACY REASONS]/113126316124911466
The user “[REDACTED FOR PRIVACY REASONS]” reposts porn constantly on this account:
[REDACTED FOR PRIVACY REASONS]
Which he confirms to be the [REDACTED FOR PRIVACY REASONS] the admin here:
[REDACTED FOR PRIVACY REASONS]/113135661213276678 (note the “[REDACTED FOR PRIVACY REASONS]@[REDACTED FOR PRIVACY REASONS]” email address listed)
This external porn is served on tenforward.social through his Amazon AWS S3 storage bucket, with these as just a small number of examples:
[REDACTED FOR PRIVACY REASONS]
This admin also links to his own porn account here:
[REDACTED FOR PRIVACY REASONS]/113118996703612081
[REDACTED FOR PRIVACY REASONS]/113118188979223279
[REDACTED FOR PRIVACY REASONS]/113099102123496110
Describes himself as a sex worker here:
[REDACTED FOR PRIVACY REASONS]/113118181289585791
[REDACTED FOR PRIVACY REASONS]/113098627357785519
This admin also issues death threats and then deletes them as archived here:
[REDACTED FOR PRIVACY REASONS]
Which he still alludes to here:
[REDACTED FOR PRIVACY REASONS]/113109960688029496
-----
The entire text of the abuse report minus the redaction needed for private information of Ten Forward members is above. Suffice to say, this level of detail is a very targeted attack by this threat actor not only on myself but on people I consider my friends and also of course on Ten Forward and all of its members.
Hetzner’s Response
Hetzner as per their policy required a response from me to this abuse report within 24 hours. I happened to be at my desk when I got this email so I responded within 5 minutes with a statement that simply stated that I contest everything in this false report.
I did not hear back from Hetzner until 18 October, 2024 which was the following:
Dear [REDACTED],
Thank you for your statement.
The links display pornographic content, which is not allowed on our network.
Please remove them within the next 24 hours.
Important: Please leave [REDACTED] unchanged in the subject line when replying directly to this report.
This response from Hetzner immediately proved to me that not only were they hostile they were clueless as well. A cursory investigation would have proved that none of the so-called pornographic content was hosted on Hetzner’s network or services.
All media content on Ten Forward is stored on a Amazon Web Services S3 bucket and served by their Cloudfront CDN (Content Distribution Network) service. None of it is stored on Hetzner servers at all. This is trivial to confirm, just a simple DNS query on cdn.tenforward.social would have confirmed this.
Here, I’ll just put the DNS query results for cdn.tenforward.social for reference:
% dig +short cdn.tenforward.social
dtffs8t7jdpnn.cloudfront.net.
18.245.96.18
18.245.96.110
18.245.96.116
18.245.96.120
This has been the state of affairs since 2017. Therefore the so-called pornographic content never was on Hetzner services.
My Response
The first thing I did as soon as I got Hetzner’s response to my statement was to appeal the negative decision as per their own policies.
Then I started preparing to move all Ten Forward services away from Hetzner. I started setting up a server on Linode for our primary application server.
Within a matter of hours, the new app server was ready for the migration. So I decided to move Ten Forward immediately. I announced emergency maintenance via the local announcement system and ran the migration process.
We were migrated and online on Linode within a couple hours. Full text search was offline but the primary Ten Forward Mastodon service was online on Linode and as such unable to be affected by any action Hetzner could take.
Over the next few days, I moved the rest of the Ten Forward services – full text search, wiki.tenforward.social and donate.tenforward.social. As of the time of me writing this, all Ten Forward services are safely away from the clueless clutches of Hetzner.
Fuck Hetzner: The PSA
At this juncture I am addressing the fediverse at large regarding the matter of hosting fediverse services on Hetzner.
Hetzner is hostile to you. Hetzner’s puritanical attitudes is a weakness that any threat actor will take advantage of to cause disruption and downtime for your fediverse service.
I am well aware that Hetzner and specifically their Hetzner Cloud service is popular among fediverse admins because of its low pricing. I posit that no amount of cheap hosting subsidizes the fact that you are hosting your community on a hosting provider that is hostile to you and your community.
So my advice to all of y’all is: Stop using Hetzner. Tell your friends to stop using Hetzner. Hetzner is an enemy to the very concept of the decentralized network we are building on the fediverse.
Fuck Hetzner.
To My Harassers
lol. lmao. You cannot win. Ever. ghIqtal.
Future Forward
Moving to Linode has increased our hosting costs by a significant amount. The exact details will be present in the next income and expense report. The quick summary is that just our server hosting costs is now CAD$5000/year.
As such I have started a GoFundMe to offset the increased costs and maintain our resilient posture. You can find that here.
Along those lines I am also asking for recurring contributions from the wider fediverse community, you can contribute here.
As always thank you all for your support.
May you all live long and prosper.