Skip to article
Case study · Hosting provider Hosting.com.tr

How Hosting.com.tr replaced PRTG, Zabbix, and Checkmk: catching compromised customer VPS along the way

How a Turkish hosting provider consolidated three monitoring tools onto one outbound-only agent and surfaced compromised customer VPS along the way.

Published May 2026 · 4 min read · By the Fivenines team

< 5 min
to deploy in production
3 → 1
tools consolidated
1 VPS
caught running crypto-miners

A Turkish hosting provider running multi-location infrastructure

Hosting.com.tr operates a growing, multi-location infrastructure that powers websites, VPS, email, and domain services for its customers. Monitoring across that infrastructure had been built layer by layer over the years, using a stack of established commercial and open-source tools.

Three tools, three sources of friction

Each tool was solving part of the problem and creating its own friction. PRTG had become expensive and hard to justify at scale. Zabbix was powerful but complex to manage day-to-day. Checkmk had strong capabilities, but its interface didn't fit the team's expectations. On top of cost and complexity, monitoring across restricted or closed environments meant constant work around SNMP, firewall rules, NAT, and port forwarding.

We tried PRTG, Zabbix, and Checkmk. PRTG got too expensive at scale, Zabbix was complex to manage, Checkmk's interface didn't fit. Fivenines was easier to deploy, sustainable at our scale, and the product keeps actively improving.

Fatih Gülsuyu Fatih Gülsuyu CTO, Hosting.com.tr / Fastpanda

Outbound-only, deployed in under five minutes

The team tested Fivenines and immediately saw clear results. Two things stood out beyond the obvious cost and ease-of-use win: the agent sends data outbound only, removing the SNMP, firewall, NAT, and port-forwarding overhead in restricted environments. The product is also being actively and continuously developed, with visible improvements landing during their usage period. Getting Fivenines into production took less than five minutes.

The proof

Catching compromised customer VPS

Across customer environments, Fivenines flagged servers with unusually high disk I/O and sustained CPU. In several cases, investigation revealed customer VPS instances had been compromised and were running crypto-mining workloads. The agent runs on the KVM/Proxmox hypervisor node, so the signals surface even when the affected VPS has no agent of its own.

Customer's existing stack

PRTG / Zabbix / Checkmk

All systems normal
No threshold breached
No agent on the VPS

Fivenines

Agent on KVM/Proxmox hypervisor node

Customer VPS · CPU

94% sustained

Customer VPS · Disk I/O

8x baseline

Unusual workload pattern fired

Root cause

Compromised customer VPS running crypto-mining workload

Fivenines helped us catch customer VPS that had been compromised and were running crypto-mining workloads. The signals, unusual disk I/O and sustained CPU, were there immediately. And because the agent only sends data outbound, deploying it across our infrastructure didn't require touching firewall or NAT rules.

Fatih Gülsuyu Fatih Gülsuyu CTO, Hosting.com.tr / Fastpanda

Where they are now

  • Three tools consolidated

    PRTG, Zabbix, and Checkmk consolidated on a single SaaS at sustainable cost

  • Deployed in under five minutes

    Deployment in under 5 minutes, including in restricted environments: no SNMP, no firewall changes, no NAT or port forwarding

  • Compromised customer VPS detected

    Compromised customer VPS detected through unusually high disk I/O and sustained CPU usage, surfaced from the KVM/Proxmox hypervisor layer

  • Hosting.com.tr + Fastpanda on one stack

    Hosting infrastructure and the sister brand Fastpanda now run on the same monitoring stack

Ready to monitor like Hosting.com.tr?

Start a 14-day free trial, using the same outbound-only agent Fatih's team deployed across their hosting infrastructure. Or see how Fivenines fits hosting providers and VPS operators.

Start free trial See hosting provider monitoring →

No credit card · 2-minute setup