Поддержка Способы оплаты
Личный кабинет

Сообщите об уязвимости — Помогите нам обеспечивать безопасность наших сервисов

Если вы обнаружили потенциальную уязвимость в наших приложениях и сервисах, пожалуйста, сообщите об этом на этой странице. Ваш вклад помогает нам поддерживать высокий уровень безопасности и защищать наших пользователей. Спасибо за вашу поддержку!

Перед отправкой отчета, пожалуйста, ознакомьтесь с полной Политикой раскрытия уязвимостей.

Обратите внимание: is*hosting не проводит публичную программу поощрения за нахождение уязвимостей и не предлагает вознаграждений или компенсаций за представленные потенциальные проблемы в рамках данной программы раскрытия.

Vulnerability Disclosure Program with HackerOne

At is*hosting, we value the efforts of the security community to help us maintain the highest security standards for our products and services. Our Vulnerability Disclosure Program (VDP) allows researchers to safely report identified vulnerabilities that can compromise our systems' integrity, availability, or confidentiality. We are committed to working with the community to resolve identified issues promptly.

Disclosure Policy

  • Please do not discuss this program or any vulnerabilities (even resolved ones) outside of the VDP program without express consent from is*hosting.
  • Follow HackerOne's disclosure guidelines.

Program Rules

In connection with your participation in this Program, you agree to comply with is*hosting Terms of Use, is*hosting Privacy Policy, and all applicable laws and regulations, including any laws or regulations governing data privacy or the lawful processing of data.

  • Please provide detailed reports with reproducible steps, including screenshots, code snippets, and environment details. If the report is not detailed enough to reproduce the issue, it may not be considered valid.
  • Submit one vulnerability per report. If chaining vulnerabilities to demonstrate impact, clearly explain the interdependencies and overall impact in a single report.
  • When duplicates occur, we only triage the first received report, which can be fully reproduced.
  • Multiple vulnerabilities caused by one underlying issue will be consolidated into one report and treated as a single submission.
  • Social engineering attacks (e.g., phishing, vishing, smishing) are strictly prohibited and will result in disqualification.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or have explicit permission to use. Unauthorized access to any account or data is strictly prohibited.

Core Ineligible Vulnerabilities

When reporting potential vulnerabilities, please consider (1) realistic attack scenarios, and (2) the security impact of the behavior. Below, you will find the most common false positives we encounter:

Safe Harbor