The problem everyone ignores
Employees build apps, deploy them to servers, connect them to Bitrix24. Sounds great — until you wonder who controls access to those servers.
Open ports
Every open port is a potential entry point. Bots scan the internet 24/7 looking for vulnerable servers
Forgotten servers
The project ended, the server keeps running. You're paying for resources nobody uses
Shadow infrastructure
Every employee deploys their own way. No unified security standards, no control
How Black Hole works
Picture a server in a room with no doors. The only way in is an encrypted tunnel that opens only for those you've authorized.
All incoming connections are blocked at the iptables level. The server itself opens an outbound WebSocket connection to the Gateway, through which all authorized traffic flows.
Why Black Hole?
A black hole in space is invisible from the outside. Nothing escapes it, and entry is governed by strict laws of physics. Our servers work the same way — invisible to scanners, no port responds, and access is only through an encrypted tunnel for those you've authorized.
Invisible
iptables DROP ALL — the server doesn't respond to ping, is invisible to port scanners, and doesn't exist for the outside world
Isolated
No public IP, no open ports, no attack surface
Accessible only to you
Encrypted WebSocket tunnel through Gateway. Authentication via Bitrix24
No need to configure firewalls, VPNs, or SSL. Security is not an option — it's the architecture.
Deploy that AI does for you
Traditional deploy
15–30 minutes
- ✕ Configure SSH keys
- ✕ Set up CI/CD pipeline
- ✕ Open firewall ports
- ✕ Launch manually
Black Hole deploy
1–2 minutes
- ✓ One command via Deploy API
- ✓ Files, dependencies, launch — automatically
Claude Code, Cursor and other AI models deploy via Deploy API directly. Tell your AI "deploy to server" — it will. Without your keys, without SSH access, without risks.
Any language, any framework, any database. For you it's a regular Linux server — just invisible.
You decide who sees your application
Switch with one click. No config changes, no server restarts, no DevOps required.
Every visit is logged — who accessed, when, and for how long. Complete picture of your application usage.
Each server gets a ready URL — app-.vibecode.bitrix24.com. HTTPS, DNS — everything configured automatically.
Pay only when you work
Cloud servers at the best prices on the market. No markup for "invisibility" — Black Hole protection is included.
No requests for N minutes — the server falls asleep automatically. No costs.
First request — it wakes up on its own. Nothing changes for the user.
Set your timeout: 15, 30, 60 minutes, or unlimited.
A typical internal tool is used 2–3 hours a day.
On a regular VPS you pay for 24 hours.
With Black Hole — only 2–3 hours.
A forgotten server no longer costs money.
Who it's for
Black Hole solves problems for two kinds of teams. With zero extra setup.
Companies with internal tools
Employees build dashboards, bots and automations for Bitrix24. Black Hole gives them servers with access control out of the box — no DevOps required.
Developers who value simplicity
Secure hosting with no firewall, VPN or SSL certificate setup. Create a server — get a protected URL — deploy your app.
Common questions about Black Hole servers
How invisible servers work
What does "server invisible from the internet" mean?
Black Hole servers have no public IP address. No port responds to external requests, and no scanner can find the server. Access is only possible through an encrypted VibeCode tunnel.
How do I access a Black Hole server?
Through the built-in VibeCode CLI tunnel. The vibe tunnel command connects you to the server over an encrypted channel. SSH, HTTPS and other protocols work through the tunnel.
What are the server specs?
Cloud servers on Linux with dedicated resources. CPU, RAM and disk depend on your chosen plan. Servers spin up in a minute via the API or control panel.
How is Black Hole different from a regular VPS?
The key difference is security by default. The server is invisible from the internet — no need to configure firewalls, SSL or close ports. Everything is protected by the tunnel out of the box.