StopTheHacker + CloudFlare
StopTheHacker is part of the CloudFlare
__family. Before submitting an issue to us,
please make certain you have read CloudFlare's Vulnerability Disclosure
Any domains accessible under
*.stopthehacker.com are in scope for the
Eligibility and Disclosure
In order for your submission to be eligible:
All legitimate reports will be reviewed and assessed by our security team to
determine if it is eligible.
For each eligible vulnerability report, the reporter will receive:
- Recognition on our Hall of Fame.
- A limited edition CloudFlare bug hunter t-shirt. CloudFlare employees don't even have this shirt. It's only for you all. Wear it with pride: you're part of an exclusive group.
- 12 months of CloudFlare's Pro or 1 month of Business service on us.
Monetary compensation is not offered under the program.
The following conditions are out of scope for the vulnerability disclosure
program. Any of the activities below will result in disqualification from the
- Automated vulnerability scanners are not permitted.
- Physical attacks against StopTheHacker employees, offices, and data centers.
- Social engineering of StopTheHacker employees, contractors, vendors, or service providers.
- Knowingly posting, transmitting, uploading, linking to, or sending any malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
- Any vulnerability obtained through the compromise of a StopTheHacker customer or employee accounts. If you need to test a vulnerability, please create an account.
- Being an individual on, or residing in any country on, any U.S. sanctions lists.
Hall of Fame