New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
EU VPS from recon-friendly provider
So, some of you might already know that I'm a bug bounty hunter. That means I often do recon tasks, like finding subdomains and discovering content.
I need a VPS to run these tasks in the background instead of using my Mac. I want a provider that’s cool with this kind of work. Just to be clear: I won’t use the VPS to test vulnerabilities against the targets. I only need it for basic recon stuff. The actual testing I do locally.
Does anyone know a provider that understands this and won’t have a problem with me doing these tasks? For the specs, I think a VPS with 4 cores and 8 GB of RAM should be enough, and it needs a good internet connection. A location in Europe would be ideal.
Thanks!
Comments
Hello,
If it's completely legal and there are no illegalities, we allow this type of content.
However, always try to confirm this via a ticket, giving full details.
If the rules are broken, we will suspend you. But if not, we'll allow it.
As you pointed out, there's nothing illegal, right? So yes, we allow it. As long as it's legal and there's permission.
We have several VPS locations in Europe:
https://alexhost.com/vps/vps-europe/
If you're going to generate any kind of abuse, it's best to contact us first, even if it's legal or automatic.
Best Regards,
Alexhost
Hi! Thanks for your reply. Yes, what I do is completely legal. For example, some of the tasks involve querying public DNS servers to find subdomains for a bunch of domains that are part of the target program. I also fuzz the hosts to discover endpoints that I can test later. I'm an ethical hacker, and I always make sure to perform all recon tasks with rate limiting, so they don't cause any disruption to the services. In fact, because I do it safely, I never use a VPN for these tasks. I prefer to let the tasks run for a very long time, which is why I want a VPS to run them in the background. This way, I don't have to rely on my Mac for these tasks and can avoid any aggressive methods that might cause problems for the targets.
The main tasks are those two, but I also search for past versions of endpoints and content using the WayBackMachine. Another task is doing passive port scans to identify services running on the hosts. "Passive" means I don't run port scans directly to the target hosts; I just query the Shodan API for this information.
Because of how I perform these tasks—using rate limiting and passive discovery—it's extremely unlikely that you would ever receive an abuse complaint. As I mentioned, all the actual testing for vulnerabilities is done on my Mac, and I have permission to hack the targets through bug bounty programs. I'm not hacking random targets without permission.
Did I explain the context well enough?
You can use any provider for this.
Why not hetzner, netcup or greencloud if you need even cheaper
Most providers do not like / want to host port scanners, or vulnerability seekers.
He uses Shodan API.
I read carefully all the details provided and in my opinion any provider could fit.
A friend of mine reached out to Hetzner and told them the same stuff I mentioned here. They turned him down as a customer, even though he said he had permission and would only use the VPS for recon. They were pretty strict about it. So, I don't want to do anything they won't accept.
Mistake #1: You told them what you're going to do. There is absolutely no way for them to tell what you're doing, besides you snitching on yourself.
People voluntarily cucking themselves is the funniest thing ever. "Muh I MUST ASK FOR PERMISSION!"
The interlocutor probably doesn't have the necessary knowledge to authorize or not.
He'll just get scared and say no by default.
Your usage won't generate abuse from other suppliers and no complaints from the authorities.
So for me it's fine, whatever the supplier.
A supplier doesn't need to know what you're doing, that's part of the fundamentals of the business.
Hello again, please let me know if it sounds OK. I could order the server already.
Greetings,
As long as there is no violation of our service agreement, we are happy to help in Turkey / Istanbul location
Regards
https://tarisu.com
Hello.
I asked you to open a ticket support to confirm that. We may allow but just to be sure.
Provide that details in ticket
https://bill.alexhost.com/tickets/new/
If you have Telegram you can also contact us (but better going through ticket:
Telegram: @alexhost_on
Best Regards,
Alexhost
We have no problem with what you're wanting to do!
https://advinservers.com/cloud
AMD EPYC Milan (4 vCPU)
8GB DDR4 Memory
60GB NVMe SSD Storage
Located in Nuremberg, DE
$8/month
Even if we do get an abuse complaint, we'll just forward it to you and give you time to respond. We aren't really strict about it.
I mean, the guy explained everything and still the way you write "I asked you to open a ticket support to confirm that. We may allow but just to be sure.
Provide that details in ticket"
I wouldn order anything from you with this kind of attitude!
Might just be because he wants to know who he is dealing with before he says okay, and he doesn't want bad actors to sign up and use his services in a "similar" way.
And everyone knows that if he later kicks the bad actors, they will make a lot of noise on LET and other forums and claim this thread was an open consent.
Thanks! I like that you answered right away that it's OK and I also like the specs, the location and the price. I'm gonna order the server now. Thanks!
I've already set up most of the stuff with the main tools I need for recon. It's working great. The server was created instantly after I paid, and it seems pretty fast for these kinds of tasks.
@advinservers This isn't critical in the sense that it doesn't affect other users like a web app would, but I still hope the uptime is good. Some of these tasks take a very long time, so it's really annoying when I have to restart them. That's why I no longer want to run them on my Mac.
How has the uptime in Nuremberg been over the past year?
yeah I was surprised that I'd have to open a ticket to basically repeat what I explained in detail here... Anyway got the server now and I am happy.
I explained quite clearly both the type of tasks I need the server for and that I have explicit permission to do these as a bug bounty hunter working on BB programs. What else should I say to ensure it's clear that I am not a bad actor?
@advinservers I mentioned your service in a few BB hunter communities. We were talking about providers for these kinds of tasks recently, so you might see more signups from this
Overall, our uptime has been great over the past year in Germany.
We've had some small very momentary network blips here and there in the past, due to fiber cuts between Nuremberg <-> Frankfurt which can sometimes impact our network, but these rarely happen.
Don't forget your affiliate link.
What a cool job you had.
Hello
We provide VPS Hosting that suits your requirements and is also in your desired location: Frankfurt (Germany), London (UK), or Paris (France). Your activities comply with legal and ethical guidelines, so there should be no issues.
To ensure it follows our rules, please submit a support ticket with details of your use. This will help us identify any issues and find the best solution for you.
You can check our available VPS plans here.
Of course, you would never do anything that could get the IP address registered at abuseipdb.com or other similar sites.
And you never make mistakes and never make typos, so you would never accidentally scan the wrong IP address.
And you only do ethical hacking, so you have permission from everyone involved, right?
So you don't need real permission from the hosting provider, and no hosting providers monitor or filter traffic, so they don't need to know this upfront to whitelist your IP addresses.
Everything is 100% ethical hacking, so the provider doesn't need to know who you and the other 100% ethical hackers are, because everything is 100% ethical hacking, and therefore you don't need explicit permission from the hosting provider.
No, OP won't use your service.
why so rude
https://lowendtalk.com/discussion/comment/4331821/#Comment_4331821
Hi,
you can take a look at our pricing
https://cloudblast.io/pricing
As long as it's legal and doesn't cause abuses we're fine with it.
Port Scans itself arent illegal (also i asked my lawyer before he confirmed)
We allow it to dedicated server customers who bring own IP.
Let me tell you some story from arround 2 weeks ago.
I received a call from our police.
Police officer: "We received a report regarding your company, someone made a online report for port scans"
Me: "Oh, whats the IP so i can contact the customer?"
Police officer: "Gave IP."
Then police officer said that that a port scan isnt a crime so we will just put a egg on it and close the case.
"Dann schließen wir das einfach ab und hauen da ein Ei drauf"
Also he said that he privately has a GTA online server and was once even getting a port scan.
Thanks 👍
Oh I didn't realize that there are affiliate links, thanks
Thanks, but I got the server for now
It's definitely stupid to think that port scanning would be anything illegal because by itself doesn't cause any trouble to the target at all. But anyway I even avoid that and like I mentioned I use Shodan rather than doing active port scanning.
Alot of people think it is illegal.