Something I've seen before, and is talked about in a DefCon talk, is people will setup a proxy on say, your VPS in the example, and capture the traffic between the user and the server that's going through the proxy. Some people are able to not only perform MITM attacks, but also MITB (Man In The Browser); which can present even more major security risks.
For an attacker to sniff all of the traffic going to a web server, they would need to have remote access to it, and have the ability to sniff the network and transfer the collected data to themselves. Hackers will commonly use VPSs to hide their identity whenever they've cracked into a web server and attempting to perform such attacks. This might be where you've got this from.
As for the resources that would be required; A packet sniffer such as wireshark would work. Also an exploit for a vulnerability on the web server would be needed as well.