Comment by zephyreon

Something I've thought about is how does a VPS provider prevent this kind of thing?

Most of this kind of traffic goes by completely unknown and therefore unreported, so 'VPS host X' has no case to answer, to some degree.

If malicious traffic gets reported and 'VPS Host X' takes action and either contacts the operator of the VPS or shuts down the VPS following a traffic investigation, then the operator of the VPS creates another one on 'VPS Host X' or 'VPS Host Y'.

(all questions are rhetorical, not directed at parent) Should VPS Hosts, by policy, block outgoing connections to port 22? Where is the line drawn for default blocking policies? Block everything and force the operator to configure a firewall to specify which ports the VPS can connect outwards to (or all ports)? At some point there will be friction that discourages customers and affects sales / profits, and therefore a disincentive to try to clean things up.

Secondary effects, more aggressive blocking of malicious traffic could potentially allow for some/more/better reputational differentiation between VPS hosts to offset loss of customers due to better security friction.

I doubt there's any legislation coming anytime soon to enforce a certain level of internet hygiene.

You're assuming the owner rented the VPS to run the but but it's more likely intended for something else and is infected with malware / some intern being cute. After all there are cheaper plans than DO.