Banner object (1)

5283 policies in database
  Back Link to program      
09/02/2020
Endless Hosting logo
Thanks
Gift
Hall of Fame
Reward

Endless Hosting

**Do not test our Signup Forms, we have already secured them against XSS,

etc. If you do spam our Forms, it 's highly likely that you will get blocked from this Program and our Service.**

No technology is perfect, and Endless Hosting believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
  • SPAMMING ANY OF OUR SIGNUP OR PARTNER FORMS WILL RESULT IN YOU BEING BLOCKED FROM THE PROGRAM!
  • At this time we can only offer in-service rewards. If you would like these rewards, please let us know once your bug is marked as resolved. These rewards include things such as plan upgrades.

Exclusions

While researching, we 'd like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of Endless Hosting staff or contractors
  • Any physical attempts against Endless Hosting property or data centers
  • Spamming our partner or signup forms using automated tools

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Out of Scope

Besides the domains/things listed as Out of Scope below, the following are also considered N/A:

  • EH's customer sites (*.endl.site), or anything that is user-generated content on the service.
  • Insecure-Cookies as these generally do not pose a large security risk.
  • Clickjacking vulnerabilities as these also generally do not pose a large risk
  • HSTS/HSTS-Preloading
  • (for now, may change soon, keep a look out) Password auth allowed on SSH
  • Invalid SPF Setups (This only applies to GMail. Please test with other providers prior to reporting).

Thank you for helping keep Endless Hosting and our users safe!

In Scope

Scope Type Scope Name
web_application

Excluding ns1/ns2/autodiscover/autoconfig (no sites are served from these subdomains)

web_application

console-idrac.djelectro.me

web_application

idrac.djelectro.me

Out of Scope

Scope Type Scope Name
web_application

These are customer domains and do not affect the main service.


Firebounty have crawled on 2020-02-09 the program Endless Hosting on the platform Hackerone.

FireBounty © 2015-2020

Legal notices