Anyone with Pylot (or any other load testing tool) could do this at any point they wanted to your server from the comfort of their own home. Shall we boycott those next? And this site even seems to have denial-of-service protection of different types that you don't get with those DIY tools.
I love being able to test this out right away, so I'm in favor of keeping it pretty much how it is. I was looking for this exact service two weeks ago and was surprised I couldn't easily find someone who did this with transparent pricing/plans.
Keep the transparency and ease of trying it out-- there are too many companies in this space saying "Call us for a free quote" with "account execs" when this doesn't need to be that complicated of a service.
That is exactly our opinion also. We understand that some think it is a bit scary letting people test any site they want, but the fact is that anyone with a DSL connection at home can choose any site they want out there and put a lot more load on it using their home PC, than we allow anonymous users to do with our service.
We want the service to be really user-friendly and easy to get started with, and think we have reached a fairly good level of compromise where security is "good enough" without sacrificing usability.
What we could, and should do, however, is be more informative about all the security measures we have taken to prevent abuse. Because we have put a lot of man-hours into that lately, and we will continue to build more, hopefully non-intrusive, security measures all the time to try and make the service unattractive to would-be abusers.
Still, there should be a dead simple way to completely opt out of your services. E.g. check for a presence of specific file in / directory and if it's there, abort all testing.
Just keep in mind that for an average hosting provider it is far easier to null route your subnet than to sit there and assume that you will not screw up.
Also, as a side note, even if you are tracking per-IP statistics of your tests, I suspect you are not doing any detection of multihomed machines. For example, my company has a dozen of websites served from a single box, each on its own IP address. Do you seriously expect us to let your service anywhere near our boxes ?
I love being able to test this out right away, so I'm in favor of keeping it pretty much how it is. I was looking for this exact service two weeks ago and was surprised I couldn't easily find someone who did this with transparent pricing/plans.
Keep the transparency and ease of trying it out-- there are too many companies in this space saying "Call us for a free quote" with "account execs" when this doesn't need to be that complicated of a service.