New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Looking for a VPS with Security friendly host
Hello,
As the title says, I'm a security analyst in search a good deal on a VPS with a host that's tolerant of security work (e.g. if having "hacking tools" is against your AUP please don't reply). That said, when I use these tools, they are benign and only used against machines I am authorized to test. If you permit port scanning in this context please mention that (otherwise I am prepared to perform port scans from a different machine).
CPU x2 (or more)
KVM
2 to 4 GB RAM
50GB SSD
IPv4 x 2 (no ports filtered)
500 GB Bandwidth
500 Mbps
Location: North American (with good connection to S.America and Europe)
Budget: $80/yr (or less) billed quarterly or yearly
Thanks for your attention
Comments
The end is nigh. We must repent
The end has arrived.
"Security friendly" my arse. More like hacking friendly.
You're going to do transcontinental pen testing? Yeah I'm suspicious too.
Dang it @willie, you caught me! I'm really a criminal blackhat hacker looking to legally purchase time on a server, and kindly warning the owners of my intentions... because us hackers are considerate like that 🙄
Thanks BTW to everyone sending me offers via PM. I meant to add to my request, if hosts prefer to contact me privately, that's fine by me.
have you tried vps
?
Have you not tried vps?
At least, this guy is honest![:\](https://lowendtalk.com/resources/emoji/confused.png ":\")
Not sure which VPS provider you are referring to... vps.net ?
Thanks for recognizing that @feezioxiii . After I select a hosting provider I'm tempted to post another Request, with what an actual criminal hacker would be looking for (non-extradition country, accepts stolen CCs, price is "no problem" because they "only need it for a week or two", TOR access, etc.). I'd be curious if it'd get any different reaction at all.
of course you would, so reading the security friendly code of conduct would tell you that.
Thanks @cubedata, good to know my threads mere existence shows the moderators have successfully determined it differs from a shady-hacker request. Good job! I'm glad there are some here that can "tell a hawk from a handsaw".
(pardon me now while I change my sig to say "port scanning is not a crime")
Note for Security Professionals: If you're looking for hosting similar to my request, by far the most friendly, reasonable, professional and positive responses to my requests thus far (both from this post and direct correspondence) has come from:
You can see from this list that apparently in North America you need to deal with pretty large hosting providers before you find operators that know the difference between a Security Tester and a "1337 H4x0r". The outstanding exception to that is @Francisco at Frantech, who has my total respect for having the same level of maturity as competitors many times larger than him.
Several European hosting providers also responded to my requests, so it appears to me that in Europe it's easier to find providers open to hosting Security Professionals. I have no idea whether that's from a maturity standpoint or just devil-may-care nonchalance, but the fact remains.
Hope this note is of help to my contemporaries.
It might be helpful to tell us more about those and about why you can't simply do your "Security Professional" tests from your office. Poor DSL?
(Sidenote: being pro-Tor probably indicates interest and good will but real IT security professionals would hardly have that in their book under "professional security", at least not anymore).
Good question @jsg! I would also like to know what "hacking tools" refers to. It's the phrase used in several hosting providers' AUP/ToS. But I'm pretty sure Burp Collaborator, Metasploit, Responder etc. could qualify. That stipulation means at any time a host could terminate the service I've paid for, wasting my money and, more importantly, time spent configuring the box. Using a phrase such as "no unauthorized use of hacking tools" would seem more reasonable, but that's not the wording they're requiring me to agree to, so I'm not willing to risk it.
I work from home, as do all the Security Analysts at my company. Our company provides us with AWS instances for our testing, however for side-work it would be inappropriate to use those resources. Hence my search for a LEB to use for doing side-work. Many test scenarios benefit from an unfiltered interface directly connected to the internet (which is why I'm searching for a host with 2 IP addresses). Since such a box would also be unprotected, having it isolated from any network containing sensitive information is of value.
(Note on your Sidenote: Agreed. Thus why I noted being TOR friendly as a "sign of cluefulness", meaning he appears to not be afraid of things simply because they can be used for illegal purposes, but recognizes there are legitimate uses for them too (much like "hacking tools"). But I agree, running a TOR node has never been a requirement in any test case I've encountered.
AWS allows legitimate pentesting as long as you have written permission from all parties involved and added to their portal (they have a dedicated page for this).
@Moseph
Thanks for your elaborate answer! I think it might help to understand your request better.
Wrt quite many providers disliking anything even remotely associated with hacking (no matter the colour of the hat) I think it's mainly due to 2 reasons: (a) legal issues and (b) fear of revenge by hacked victims (and possibly "burnt IPs").
Another problem I guess is the fact that black hats rarely don't announce their plans but rather talk about "security testing" and such. Accordingly your chances would probably increase if you were able to clearly show that you do white hat stuff and with permission. The way you introduced your request is a quite good start IMO.
Btw, based on the feedback you reported I'd advise you to have a good look at @Francisco who is a well respected provider with a good reputation around here. Plus he is not a super heavyweight like the others you listed; based on my personal experience it's easier to establish a good understanding and working relationship with mid-size providers. Francisco fits that quite well from what I know.
Yep, have filled out many AWS forms for my work. AWS is probably the most expensive solution to my request.
At this point I'm leaning towards Linode. They responded pleasantly to my requests and have low latency in the Americas. I was hoping to find a LEB that would work out, but doesn't look like it's going to happen.
Any final offers feel free to PM me.
Totally agree, I'd really like to support a smaller progressive operation like @Francisco has going, if he wants to send me an offer I'm all ears.