I know a that a few providers will let their customers perform a penetration test against their hosted server after informing support and providing a time frame. However, I want to know if it is within the TOS to set up a droplet specifically designed to be tested. It wouldn’t be a normal window of time, but an always penetration testable droplet.

Is it possible to have the monitoring or whatever is being used to detect “attacks” against a droplet permanently turned off? I’d like to setup a small semi-vulnerable distribution for myself and a few of my classmates that is available to be tested any hour, any day (24/7).

Would this be something that DigitalOcean could/would provide?