pretentious wrote:Am i correct in my assumptions that it would be a bad idea to let you lose with the IP?
How else are you going to have people pentest the site? It must be hosted on the internet somewhere. Once it's on the internet, it obtains an IP address. A DNS lookup is simple. In theory, if people are going to DDoS it, you can't do much. However, only accepting certain people to test your site via pm is a good idea, to mitigate the newbies.