Tuesday, June 30, 2026

Cloudflare names OVH and Hetzner as origins of DDOS attacks


Cloudflare released a report on massive DDOS attacks, naming several prominent cloud-hosted data centers as the origins of the attacks. The attack appears to follow a trend of increasingly launching attacks from data centers rather than traditional residential botnets.

The attack has been described as one of the largest ever:

“Earlier this month, Cloudflare’s systems automatically detected and mitigated a DDoS attack at 15.3 million requests per second (rps) — one of the largest HTTPS DDoS attacks ever.”

DDOS

A Distributed Denial of Service (DDoS) attack is a rapid request for pages from thousands of Internet-connected devices, which can cause a web site server to fail to process requests for web pages from it, a condition known as a denial of service.

DDOS attacks often come from so-called botnets.

botnet

A botnet is a network of connected devices such as routers, IoT devices, computers, websites, and web hosting servers that are infected and under the control of hackers.

Residential ISP botnet to cloud-based data center

The Cloudflare report states that DDOS attacks are increasingly coming from cloud-based data centers rather than residential ISP botnets. This represents a change in tactics.

According to the Cloudflare DDOS attack report:

“Interestingly, the attacks mostly came from data centers. We saw a significant shift from residential network Internet service providers (ISPs) to cloud computing ISPs.”

Major Cloud Data Centers

Cloudflare named several cloud-based data centers as the source of the attack, two of which are already well known in the publishing world as a common source of spam and unwanted bot visitors.

According to Cloudflare, the two largest sources of this DDOS attack were OVH and Hetzner.

Cloudflare provides the following details:

“…the attack originated from more than 1,300 different networks. Top-tier networks include German provider Hetzner Online GmbH (AS number 24940), Azteca Comunicaciones Colombia (ASN 262186), French OVH (ASN 16276), and other cloud providers.”

OVH and Hetzner as a source of spam

In addition to being a source of DDOS attacks, OVH and Hetzner are also sources of spam-related attacks.

According to SaaS Spam Protection Service CleanTalk dataspam bots from OVH accounted for 10.97% of detected activity on OVH-related IP addresses.

Spam activity originates from Hetzner detected by CleanTalkof the 213,621 IP addresses detected as the source of traffic, 14,997 (7.02%) were associated with spam attacks.

While DDOS and spam attacks are two different things, these statistics are cited to show how these two cloud data centers are being used for a variety of malicious activities, not just DDOS attacks.

A poster on the WebmasterWorld forum recently observed that they encountered more bot traffic from OVH than legitimate human traffic from known ISPs.

Webmaster World Member wrote in a forum post:

“Over the past 24 months, a significant portion of the web server logs for the dozen or so websites I manage have come from the OVH data center.

This traffic enters through multiple IP addresses assigned to OVH. Since the traffic is much larger than that from legitimate ISPs (ATT, Verizon, Charter, Comcast, Shaw, etc.), I think the traffic from OVH is caused by bots/crawlers hosted in OVH’s data center on cloud servers. “

Unwanted bot traffic from OVH is such a common problem that when an OVH data center in France burned a WebmasterWorld members almost applaud Through the launch event:

“On the bright side, our site will now have less bot traffic.”

Perhaps the question to ask is, Why is there so much rogue bot traffic from OVH and Hetzner?

This is nothing new. Complaints from webmasters and publishers about bot traffic from OVH go back a long way.

The following are examples of discussions on WebmasterWorld involving OVH:

Above is a forum discussion dating back to 2013 where publishers and webmasters complained about rogue bot traffic from OVH.

In a 2015 WebmasterWorld forum discussion titled Botnet sources, Posted by a forum member:

“RE: Botnets, I care more about people who are falsely clicking on my advertisers (hosting, 3rd party and AdSense.)

However, I’m sure there is a significant intersection of both categories, so those linked Spamhaus articles are a good read, thanks. A little surprise for the OVH leader! “

Given the long history of harmful bot traffic from OVH and Hetzner, it’s no surprise that Cloudflare now cites them as the origin of DDOS attacks.

OVH and Hetzner are the origin of bots and DDOS attacks

The Saas spam blocking service is a solid proof that OVH and Hetzner are sources of spam. Now we have documentation from Cloudflare proving that OVH and Hetzner cloud hosting services are the source of DDOS attacks.

Cloudflare identified these attacks as coming from botnets on these cloud hosts. So this could mean that various servers have been compromised.

Citation

Read the Cloudflare DDOS attack report

Cloudflare blocks 15M rps HTTPS DDoS attack





Source link

Related articles

Most Popular Baby Names 2024: Top Picks

Join us as we explore the captivating world of the most popular baby names for 2024! Which name will you choose...

Most Popular Baby Names 2024: Top Picks

Join us as we explore the captivating world of the most popular baby names for 2024! Which name will you choose...

How to Settle a Colic Baby: Proven Tips

Eager to discover effective ways to calm your colicky baby? From soothing techniques to critical consultation cues, let's explore what...

What Is Colic in Babies: Key Facts Revealed

Understanding what colic in babies truly entails can be a challenge for many parents. As the evening wears on, and the baby's cries reach a crescendo, an urgent question looms in the air: what now?

The 7 Best Ways to Gain Popularity

Online searches are often not the starting point...
spot_imgspot_img