Hosting companies kicking me out (hosting advice)

NTPclock · November 7, 2025, 8:17am

I had a few servers but vps hosting companies are kicking me out due to high queries i guess.

Do you have a hosting (dedicated or vps) to host NTP?

Thank you

avij · November 7, 2025, 10:20am

Three of my NTP servers are at UpCloud, one at Hetzner. These have been in operation for years without any particular issues. I think I had to explain that these are NTP servers, but after the explanations everything has been going nicely.

In addition to those, I had a temporary NTP server at Hetzner’s Singapore DC some time ago. That server was fairly busy and I received several “PortscanOutLevel: scansnarf-ng detected Portscan from xxx” messages from Hetzner. I filed several “statements” about the incidents and that cleared up the situation for a while, but I think the key was that I adjusted my firewall so that if my server received an “ICMP host/net/port unreachable” from some address, NTP requests from that address were dropped for 100 seconds. I think they were monitoring the number of ICMP responses and raised an alert if the levels were exceeded. This firewall configuration reduced the number of ICMP unreachable responses significantly and I don’t think I received any more “portscan” messages after the firewall config change. I added this same config change to my other NTP servers as well.

iptables -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -m recent --set --name icmp_udp_unreachable --mask 255.255.255.255 --rsource -j DROP
iptables -A INPUT -p udp -m recent --rcheck --seconds 100 --name icmp_udp_unreachable --mask 255.255.255.255 --rsource -m udp --dport 123 -j DROP
ip6tables -A INPUT -p icmpv6 -m icmpv6 --icmpv6-type destination-unreachable -m recent --set --name icmp6_udp_unreachable --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -j DROP
ip6tables -A INPUT -p udp -m recent --rcheck --seconds 100 --name icmp6_udp_unreachable --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -m udp --dport 123 -j DROP

I also have this in /etc/modprobe.d/xt.conf:
options xt_recent ip_list_tot=10000 ip_pkt_list_tot=1

Bas · November 7, 2025, 1:31pm

I use VPS servers too but never had any problems with them.

Badeand · November 7, 2025, 7:55pm

I use HostHatch. Haven’t had any issues.

Shamelessly including my referral link: https://cloud.hosthatch.com/a/2532

mopani · November 8, 2025, 4:22am

I have a couple of NTP servers at RackNerd. They have specials every November – I have one VPS that I pay $15/yr.

Bas · November 8, 2025, 3:59pm

Just ordered me one in France….22 dollar, not bad!

But you have to click on the top bar, else you pay a lot more.

@ask can you add ALL my France servers to Belgium zone please?

My current pool of NTP servers:

root@server-racknerd:/opt/chrony-stats# nslookup ntp.heppen.be
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	ntp.heppen.be
Address: 51.75.149.45
Name:	ntp.heppen.be
Address: 185.142.225.68
Name:	ntp.heppen.be
Address: 45.95.172.130
Name:	ntp.heppen.be
Address: 212.187.8.48
Name:	ntp.heppen.be
Address: 87.118.104.17
Name:	ntp.heppen.be
Address: 2001:41d0:700:1e9d::ec3d:bd92
Name:	ntp.heppen.be
Address: 2001:1b60:2:1:1126:104:0:1
Name:	ntp.heppen.be
Address: 2a01:7a7:2:3343:216:3cff:fee3:7803

Topic		Replies	Views
Hetzner blocks my server due to "Portscan" Server operators	3	1642	March 2, 2020
Number of concurent connections Server operators	7	2570	February 19, 2018
My NTP server stopped responding to requests Server operators	7	637	July 26, 2021
Getting beyond 10k qps? Server operators	28	5510	October 15, 2018
ICMP type 3, blacklisting clients, and NAT Server operators	8	1391	July 3, 2018

Hosting companies kicking me out (hosting advice)

Related topics