[smt88]

Not a big deal if you're self-hosting. Put it in a Docker container (on your own machine or one of your servers), run it when you need it, and then shut it down.

For a permanent solution, get a very small Digital Ocean server, install this with the requested unsafe settings, and let the machine be dedicated to this. Even if someone compromised the machine, they wouldn't get anything of interest.

[jjoe]

It's not about finding anything of interest in the server. It's the negative impact this server and many others like it have on others when they're leveraged in an attack.

[smt88]

I definitely do not support having unmonitored servers. If your server is used in an attack, you should see a traffic spike and shut it down.

I also meant to say that any server used for this purpose should be firewalled so that only your IP can access it.

[jjoe]

An outward attack from this server against another doesn't necessarily register in bandwidth graphs. It all depends on the type of attack.