Responsible Disclosure and Bug Bounty notifications

Responsible Disclosure and Bug Bounty notifications

Lines

At LinQhost we take security very seriously. But unfortunately we also make mistakes sometimes. If you encounter a vulnerability in one of our systems, you can report it to us without (legal) problems. As an appreciation, we will include you in our hall-of-fame. For this we do have a few "rules":
  1. You have not deleted, downloaded or distributed any data
  2. Do not make any changes to the system
  3. You must be the first person to report the problem
  4. Do not cause interruptions to our services (e.g. by performing a DoS or DDoS)
  5. This concerns a vulnerability on a server or website of LinQhost and not of a customer of ours
The following are excluded:
  1. A vulnerability in a client server or website
  2. Vulnerability in Plesk
  3. Validation of DNS records such as SPF/DKIM
  4. The absence or incompleteness of security headers
  5. Results based on an automatic scan
  6. Excluded hostnames: kb.linqhost.nl

Report

You can report security issues to security@linqhost.net . The more details the better. This way we can fix the problem as quickly as possible. The contact details can also be found on our security.txt page

Hall of Fame

10-10-2018:
Sumit Jain reported minor WordPress issue.

23-07-2018:
Some minor issues specific with our shared HPW servers (Reported by Josse Zwols)

09-12-2014:
www.linqhost.nl was vulnerable for clickjacking and a XSS problem in our past My LinQhost (Reported by Manikandan Rajakumar)