Is a system designed for penetration testing allowed?

I know a that a few providers will let their customers perform a penetration test against their hosted server after informing support and providing a time frame. However, I want to know if it is within the TOS to set up a droplet specifically designed to be tested. It wouldn’t be a normal window of time, but an always penetration testable droplet.

Is it possible to have the monitoring or whatever is being used to detect “attacks” against a droplet permanently turned off? I’d like to setup a small semi-vulnerable distribution for myself and a few of my classmates that is available to be tested any hour, any day (24/7).

Would this be something that DigitalOcean could/would provide?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi @JSparks,

I’ll recommend you to inform DigitalOcean just because the penetration tests might cause some strange traffic in their eyes thus resulting in the IPs doing so being blocked.

It’s always best to contact them in such cases, just in case!


That’d probably be a question better suited for the platform support team to be honest. I’d submit a ticket through the dashboard and see what they say.