Working on implementing snort to capture hacking attempts and taking away their access, its very unfair with other users because the IPs would become technically unusable, captcha on every request.

Thanks, i'll do that. I can't really control weather they'll send letters to me or not but what i can do is be honest about it. I do have a warrant canary on the website indicating weather that claim can be made or not without breaking any legal boundaries. No provider is ready for that usecase but it's something you must accept. If i want to fight it, the no log policy can no longer be made. for me to handle abuse, internal logging is required else how would i tell which connection, which internal IP is sending that given traffic. Even for the provider, all IPs in memory inside wg interface is indistinguishable. the more users we have the more anonymous it becomes. More people = more plausible deniability. The only threat model is if the server provider is required to compell with authorites granting them root access and monitoring connection real time getting them a step closer to fiding the possible endpoint to do more monitoring. Takes a lot of effort.

Vps so far was looking for dedicated options. Service is very cheap, 0.01 xmr for a 3 months sub but im reinvesting every revenue into the service

i was definitely planning to put up a section on the website about certain server-side configurations, however the backend is not meant to be open source. It runs with wireguard so theres not much configuration anyways, wireguard is by default not logging any data + as i mentioned i have a script that runs every 5 minutes checking for inactive handhakes, flushing the endpoint after 10 minutes of inactivity removing the endpoint from memory aswell, never gets on the disk anyways, never lives inside the .conf either its all done by a script.