New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Which VPS Providers are Ethical Hacking/Pentesting/Scanning Friendly?
Hey guys,
Which VPS providers are friendly to pentesters, cybersecurity professionals, students etc.? Within reason, meaning not looking to scan the whole Internet, but specific clients/customers etc.
I've been looking up articles like this lately. I shot Racknerd an email asking if they allow it. I like their services. @dustinc : https://www.blackhatethicalhacking.com/articles/using-vps-for-bug-bounty-comparing-vps-providers/ but figured I should ask here.
Thank you.
Comments
https://lolekhosted.net/, https://x33.biz/ for Port scanning - they don't care if you are "ethical" or not
Regarding "legitimate scanning" - no "clean" provider will risk it without a signed agreement or shit like that.
@stoned why not just run a Linux distro with the correct tools on your own computer? There's also Kali Linux, ParrotOS, and BlackArch for those needs.
That's not entirely true. Linode is very security research friendly and as long as you have a valid reason to portscan (takes one simple ticket), they'll permit the activity.
One attack on your server with amplification/"abuse" and they will start sperging as "amplified" peers will complain to them, even tho you did not do anything to them.
Or you could try tunneling all such questionable traffic from the server via Wireguard interface
We can tell you from the ISP side that most do not allow this kind of activity. Because it is usually used by hackers who scan and break everything they can.
My POV is that it's only "ethical hacking" if you have permission of the victim's computer, and if you did, then you wouldn't have to worry about any abuse reports, and you wouldn't need to get permission from your provider.
I don't care what your motivations are, if you're randomly port scanning large chunks of the internet, you're still wasting people's bandwidth, CPU, filling up their logs, etc. And they also don't know that you're "ethical".
Even more cynically, you're only ethical while there's a sufficiently large bounty program. If you found something that was genuinely valuable, but there was no bounty, are you 100% sure you'd report it rather than exploiting it?
Pretty good summary.
I think what you'll generally find is a good portion of hosts just have a 0-tolerance policy for it. The others might be okay, but you definitely should open a ticket first and alert them. If we saw this activity, without prior notice/agreement, the instance is likely to be suspended and ticket opened to customer. A host has no way of knowing what is ethical or not, it looks the same. I'd also say that hosts are a lot less likely to put a ton of man-hours in on a super budget VPS that wants to do "questionable" activities and will likely require more active involvement versus a more premium product/dedicated server.
Thank you for your insightful opinions.
Correct, it is for a legitimate business need, and with permissions in writing from the clients.
However, even if you are 100% ethical, if they spot network activity of this nature, they maybe likely to terminate services?
Yessir. This is precisely what I do before engaging in any activity of this sort and also I go over their TOS and AUP.
Though, what might a provider consider over the top activity? Surely nmapping some clients here and there a couple of times a week shouldn't be that big of a deal, I think?
Perhaps what they mean is if someone is running large scale automatic scans on large portions of the web...? But given Shodan exists that makes it sort of moot maybe?
Thanks guys.
I have 6 servers in a cluster, including a node at home. I need something outside my cluster for my needs. I spun up a temporary Vultr VPS and scanned all 6 of my nodes and few other people and friends. Vultr seems alright. I've been with them for years. I emailed them to ask about it and they said it's kind of fine, but maybe I should get a dedicated machine instead for it.
One can tunnel through TOR or SOCKS (residential) proxies, or anonymous free socks proxies online. Last time I used proxy lists was 15 years ago.
I have an Oracle free tier server which is not part of my cluster, but acts as my wireguard server.
For now I'll use Vultr and Oracle for scanning until I find a provider who is okay with this explicitly.
Thanks.
I would look for ones which allow Tor
How do you prevent malicious hackers from becoming your clients?
How do you verify that the IP addresses you are going to scan really belong to the so-called "clients"?
When you get reported, are you willing to share the written permissions with the reporter which is the real IP user so as to prove that your scanning is legitimate?
Take only legitimate clients, registered companies as legal entities? Perhaps that could save one from accepting bad actors as clients.
What would you suggest on this? There are ways to determine to whom an IP has been leased out to or belongs perhaps
It maybe prudent to send an email containing client consent for that IP to the owner of the ASN perhaps to let them know this activity is about to conduct? I could use ideas.
Thanks.
As a legal requirement I think I maybe required to share such information? Please advise. I'm still looking into how pentesting companies operate in this capacity. Currently I'm researching.
read : mode on
Identity verification has always been difficult, especially so in this digital age. How can you be sure they are who they claim to be? Will you take "registered companies" in foreign countries as clients?
If the ASN owner is not your client but the provider of your client, this approach might not work very well. Another approach is to give your client a code. He needs to connect to your system from the IP address to be tested and enter the code before you start doing your hacking/pentesting/scanning.
There might be an NDA signed by you and your client. Would clauses of the agreement prevent you from disclosing relevant information to the real IP user?
I have run full port scans and other security checks between every VPS I have rented, in both directions. The VPSs were always rented from different providers.
I have been doing it for a dozen years, but not often, only once or twice a year at most. I never received a warning or communication from a provider or anybody else. Part of the reason may be how rarely I have done it and the fact that I "own" both ends. I would not file a complaint against myself.
The providers at each end would not have known that the same person was renting both ends. They would have noticed that the scanned target was limited to one host only at one or two IP addresses, and the scanning was relatively brief.
I created advance notification tickets at both ends the first time only, many years ago. I was a newbie VPS user, and did not want to get kicked off. I did the same when I tried whole disk encryption for the first time - I was concerned about CPU abuse. I should not have been concerned. The tickets caused more confusion than helpfulness, and I never bothered to give advance notification again. I just run the scans and do the encryption without asking. If the scans come to anyone's attention, I imagine that they see the general pattern of my use and how limited the scans and heavy CPU usage periods are, so they give me a pass. So far, so good.
Yes exactly. Thanks for the advice.
The only Provider That might accept That is CrazyRDP...
CrazyRDP allows that
Alexhost allows only white pentesting
Securednet.su
Colocrossing (because of their bad IPs?)
I report port scanning events every day because I believe most of the 20K+ IP addresses detected daily are malware-infected computers. Through email communications with abuse contacts, I know the following providers claimed to work with security companies and researchers:
Amazon EC2
BlackHost
Linode
Cari
Steadfast
Singlehop
You're welcome, but keep in mind how limited my testing was.
In case it matters, the latest VPS I scanned was from Racknerd, which I rented last July (2022).
I encrypted it, scanned another provider's VPS from it, and scanned the Racknerd VPS from that other provider's VPS. To the best of my recollection, I did it only twice since last July.
If I were planning to run many scans of many scattered hosts at frequent intervals, I would declare it to the provider in an informational ticket. I would specify the policies that I work under so that they understand it is legal and above board. If the provider rejects the ticket, then it is better to know up front, especially if this is going to be a serious, ongoing activity.