We take security very seriously at RATELIMITED. We welcome everyone to peek at our code and verify for themselves, as well as run a clone of our service for themselves.
In order to give the community time to respond and upgrade we strongly urge you report all security issues privately. Please use our vulnerability disclosure program at Hacker One to provide details and repro steps and we will respond ASAP. If you prefer not to use Hacker One, email us directly at security@ratelimited.me with details and repro steps. Security issues always take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes.
Mostly, a security issue would be one of the following:
- SQL Injection
- Priviledge Escalation
- XSS
And the like.
First off, any third-party site (Such as, but not limited to discordapp.com, okta.com, duo.com, bitly.com) is out of scope entirely.
Now, attacks related to our site which would be out of scope would be of the likes:
- DDoS attacks
- Physical attacks
- Phishing attacks
- Attacks that require access to a client's computer in order to work (Such as Remote Administration Tools/Trojans installed on ones PC)
- Social Engineering attacks
Sadly, due to our size and our costs to run, we are unable to pay for security vulnerability disclosures, but don't let that stop you! We'll award you with recognition on our Discord server and premium benefits on our service if your submission is deemed valid!