I could hack your site. Because I found a bug.

Is this a a great location to telling about bug.

@Geek_Tips_Hub said:
Is this a a great location to telling about bug.

Hi,
I think it’s best if you contact them through here:
hello@infinityfree.net

Let’s wait for admin.

@Geek_Tips_Hub said:
Let’s wait for admin.

Like @UnknownLolz said, it’s best to send an email. Let’s not discuss potential security vulnerabilities somewhere where everyone can see them.

Well, I can give you some information. But, do you take legal action against me?

I want to know your terms and condition and policy about an ethical hacker.

All infinityfree users are insecure for this bug. And truly this company is so irresponsible about security. I want to know about the partnership with Ifastnet.

My website getting Error establishing a database connection. I need your clear approach. Do you have any bug fixing approach from client? What do I expect from you after disclosure vulnerability?

Well I fix my website errors.

@Geek_Tips_Hub said:
Well, I can give you some information. But, do you take legal action against me?

As long as you report the bug, promptly and privately, to us, then we have no reason to take legal action. In fact, the law in the Netherlands makes it legal to hack someone if you’re doing so for the purpose of improving our security (which effectively requires you to inform us about any issues you find) and do so responsibly (e.g. if you found a way to hijack an account, then you only hijack your own account and not someone else’s).

If you instead choose make the bug public before giving us a reasonable opportunity to fix it, or if you instead choose to keep it for yourself and use some unverifiable bug it to speak bad about us:

this company is so irresponsible about security

then we’re likely to sue you for slander and systems intrusion.

What you’re doing right now isn’t ethical and isn’t hacking, it’s throwing words like “bug” and “security” around to give us a bad name with zero evidence whatsoever.

So please stop posting here and instead send an email with more information (not just a link back to this topic, as you did just now).

In a mail you accept that your company doesn’t provide hosting (which is provided by your partners). You also tell that you can’t able to hack the database and hosting (which is provided to users). I’m recommend you to hire a professional hacker to do that. Not by your own.

Can you please provide a article about “how do you maintain your servers, which are provide to users?”

@Geek_Tips_Hub said:
In a mail you accept that your company doesn’t provide hosting (which is provided by your partners). You also tell that you can’t able to hack the database and hosting (which is provided to users). I’m recommend you to hire a professional hacker to do that. Not by your own.

Why would they hack the servers???

Your topic looks like you are threatening InfinityFree and scaring it’s user’s away.

And also are you an expert with the partnership system?? (What I mean about the “system” is the thing I’m not going to tell you).
I am curios about what you are planning to do.

Dr @UnknownLolz I am also a user of infinityfree and think a great service. Your first answer is “to improve security”. Second answer is “not your business”.
“What I mean about the “system” is the thing I’m not going to tell you” - I don’t need it.
If you really curious - do some research. Don’t blame me.
@Admin take my comments lighty. If your system is absolutely secure. That’s awesome. But sometimes that’s maybe a just a thought. Try to consider a better, secure system. And a article I demand, can improve transparency. I think you are able to understand me.

@Geek_Tips_Hub said:
Dr @UnknownLolz I am also a user of infinityfree and think a great service. Your first answer is “to improve security”. Second answer is “not your business”.
“What I mean about the “system” is the thing I’m not going to tell you” - I don’t need it.
If you really curious - do some research. Don’t blame me.

Wait…
This is the only question which I was planning to ask you.
Did you really found a bug?

Yes, but technically not the bug. Some security issue(I am not going to explain here). I am already forwarded this issue. So please don’t involve. If you anything need to ask me straightforward on http://bit.ly/2vygSDJ I explained my website privacy policy, but this security problem is making my my statement lie. So am just demanding some transparency as a user because it’s also about my security. @Admin hurry up please.

I about security not fun.

@Geek_Tips_Hub said:
In a mail you accept that your company doesn’t provide hosting (which is provided by your partners). You also tell that you can’t able to hack the database and hosting (which is provided to users). I’m recommend you to hire a professional hacker to do that. Not by your own.

The title of this post is “I could hack your site. Because I founded a bug.”. but this statement is a bit confusing…
You know that InfinityFree cannot hack the Database and Hosting which is provided to the user but you suggested them to hire a Professional Hacker to hack the Database and Hosting? What for? Security? If it is for security, then why did you make this thread!?

@Geek_Tips_Hub said:
Can you please provide a article about “how do you maintain your servers, which are provide to users?”
InfinityFree uses Advertisement to pay for the hosting and keep the service’s alive which should be pretty obvious.

@Geek_Tips_Hub said:
My website getting Error establishing a database connection. I need your clear approach. Do you have any bug fixing approach from client? What do I expect from you after disclosure vulnerability?

Is this a problem with YOUR WEBSITE or INFINITYFREE.NET!?
if your site can’t establish a database connection, check your credentials and make sure it is correct!

@Geek_Tips_Hub said:
@Admin take my comments lighty. If your system is absolutely secure. That’s awesome. But sometimes that’s maybe a just a thought. Try to consider a better, secure system. And a article I demand, can improve transparency. I think you are able to understand me.

So you’re saying that there is NO BUG at InfinityFree right now and you’re just messing around here?

@Geek_Tips_Hub said:
Yes, but technically not the bug. Some security issue(I am not going to explain here). I am already forwarded this issue. So please don’t involve. If you anything need to ask me straightforward on http://bit.ly/2vygSDJ I explained my website privacy policy, but this security problem is making my my statement lie. So am just demanding some transparency as a user because it’s also about my security. @Admin hurry up please.

So you’re just trying to get a clear understanding about this hosting so you can write a privacy policy?

@Geek_Tips_Hub said:
In a mail you accept that your company doesn’t provide hosting (which is provided by your partners). You also tell that you can’t able to hack the database and hosting (which is provided to users). I’m recommend you to hire a professional hacker to do that. Not by your own.

No, of course I can’t hack the database of iFastNet. That would be illegal.

@Geek_Tips_Hub said:
Can you please provide a article about “how do you maintain your servers, which are provide to users?”

No, I can’t provide such an article because I don’t know how the servers are maintained because the servers are maintained by iFastNet, not us.

@Geek_Tips_Hub said:
Dr @UnknownLolz I am also a user of infinityfree and think a great service. Your first answer is “to improve security”. Second answer is “not your business”.
“What I mean about the “system” is the thing I’m not going to tell you” - I don’t need it.
If you really curious - do some research. Don’t blame me.
@Admin take my comments lighty. If your system is absolutely secure. That’s awesome. But sometimes that’s maybe a just a thought. Try to consider a better, secure system. And a article I demand, can improve transparency. I think you are able to understand me.

The only thing you have indicated as being “not secure” is that some supporting services don’t use SSL yet, two factor authentication is not available and you cannot use special characters in hosting account passwords. That’s it. That’s the huge “bug” which makes us “irresponsible” and makes “all infinityfree users […] insecure”.

There is no (known) SQL injection vulnerability. Our database was not published on Pastebin like site. No credit cards have been stolen. No accounts are known to have been compromised because of this. As long as your own network is not being snooped on by malicious hackers, and you are using unique, randomly generated passwords for your hosting accounts, there is absolutely nothing to fear.

There might be systems which are more secure, but not systems which are better. This whole thing is a tempest in a teacup.

Well that’s good. but we should know about how ifastnet servers maintain( for security ), so we assure about security on our own sites (like my own website ). So admin and community, I asking you should we try to know about this?