Documentation

Everything you need to get started with NovaFrame.Cloud.

Quick Start

Create an Account

Add Credits

Navigate to Billing and purchase credits to fund your workspace. Credits are consumed hourly based on your active instances.

Deploy a VPS

Go to your Dashboard and click "Create Instance". Choose a tier, select an operating system, set a hostname, and your VPS will be ready in seconds.

Connect

Use the built-in web console directly from your browser, or connect via SSH using the provided credentials and hostname.

Service Tiers

Nano

1 vCPU · 1 GB RAM · 25 GB NVMe SSD

1 Gbit/s · Unlimited Traffic*

$5/month

Small

2 vCPU · 2 GB RAM · 50 GB NVMe SSD

1 Gbit/s · Unlimited Traffic*

$10/month

Medium

4 vCPU · 4 GB RAM · 100 GB NVMe SSD

1 Gbit/s · Unlimited Traffic*

$20/month

Large

8 vCPU · 8 GB RAM · 200 GB NVMe SSD

1 Gbit/s · Unlimited Traffic*

$40/month

Platform Features

Web Console

Access your VPS directly from your browser with our built-in terminal. No SSH client needed.

Auto-Assigned Hostnames

Each VPS instance gets a unique hostname automatically, making it easy to connect.

Team Workspaces

Create workspaces and invite team members with role-based access. Share resources and manage billing together.

Hourly Billing

Pay only for what you use. Credits are consumed hourly based on active instances — stop an instance and stop being charged.

Multiple OS Options

Choose from a variety of Linux distributions including Ubuntu, Debian, CentOS, and more.

Support Tickets

Need help? Open a support ticket directly from the dashboard and our team will respond promptly.

VPS Password Security & Abuse Policy

Why this matters and what happens when it goes wrong.

!Why Weak Passwords Get Containers Hacked — Fast

Every VPS on NovaFrame is directly reachable from the internet on all ports, including SSH (port 22). This is by design — it gives you a fully dedicated server experience. However, it also means your server is immediately visible to automated bots that scan the entire internet 24/7 looking for weak credentials.

These bots attempt to log in using common passwords (like password, 123456, admin) at a rate of thousands of attempts per minute. A weak password is typically cracked within minutes to hours of a VPS being created.

Real-world example of what happens next:

Attacker logs in as root via SSH using a brute-forced password.
A malicious script is deployed silently in the background.
Your container starts scanning other servers on the internet — looking for Docker APIs, open SSH ports, Telnet services, and HTTP servers.
Your container is now part of a botnet, launching attacks on other organisations and individuals.
The target organisations report the attacks to your ISP.
Your server gets suspended and you face a reactivation fee.

This entire chain — from creation to full compromise — can happen in under 30 minutes with a weak password. We have seen this happen in production.

✓NovaFrame Password Requirements

To protect you (and our infrastructure), we enforce the following rules on all VPS root passwords:

At least 16 characters long
At least one uppercase letter (A–Z)
At least one lowercase letter (a–z)
At least one number (0–9)
At least one special character (!@#$%^&*...)
Must not be a commonly known password

We strongly recommend using the "Generate" button on the VPS creation page, which creates a cryptographically random 20-character password and lets you copy it instantly. Store it in a password manager (e.g. Bitwarden, 1Password, or your browser's built-in keychain).

⚠What Happens When Abuse is Detected

If a NovaFrame VPS is found to be engaged in any of the following activities — whether due to a compromised password or intentional misuse — we take immediate action:

Port scanning or probing other servers on the internet
SSH, Telnet, or RDP brute-force attacks against external hosts
Participating in DDoS (Distributed Denial of Service) attacks
Sending spam or phishing emails
Hosting or distributing malware, ransomware, or exploit kits
Cryptocurrency mining without disclosure
Any activity that violates our Terms of Service or our upstream provider's ToS

Our Response Policy:

Immediate suspension of the offending VPS instance upon abuse detection or report.
Investigation to determine if the cause was a compromise (weak password) or intentional misuse.
If compromised: the VPS is isolated, you are notified, and you may rebuild it with a strong password.
If intentional: the account is permanently terminated with no refund.
All abuse reports received from external organisations (e.g. CERT.br, Spamhaus, ISPs) are taken seriously and acted upon within 24 hours.

✦Best Practices for Securing Your VPS

Use the password generator

Always use the built-in Generate button when creating a VPS. The generated passwords are cryptographically random and meet all requirements.

Store passwords in a password manager

Never save your VPS password in a plain text file. Use a dedicated password manager such as Bitwarden, 1Password, or KeePass.

Set up SSH key authentication

After your VPS is running, add your public SSH key and disable password authentication in sshd_config for the strongest possible protection.

Install fail2ban

Install fail2ban immediately after login. It automatically blocks IP addresses that make repeated failed SSH login attempts.

Keep software updated

Run apt upgrade (or dnf upgrade) regularly to patch known vulnerabilities in the OS and installed packages.

Monitor your server

Periodically check running processes (ps aux), active connections (ss -tnp), and auth logs (/var/log/auth.log) for anything unexpected.

🔧

API Documentation

Our REST API documentation is coming soon. You'll be able to manage instances, check billing, and automate deployments programmatically.

In the meantime, if you need programmatic access, reach out to support@novaframe.cloud.