Report Ethical Hacking

Web.com supports the safety of its customer's assets and data, the environment we provide them, as well as the health of our partners, peers and the Internet broadly.

To assist that greater good Web.com encourages security researchers, white hat hackers and our users to report security flaws that they may discover through our Security Vulnerability Responsible Disclosure Policy.

This document describes what to report and how to do it in a way that protects our customers, Web.com and the reporting individual from negative consequences.

The public disclosure of security flaws on Web.com systems or products puts other users at risk. Therefore we ask that you give us a reasonable timeframe in which to mitigate or remediate the problem before releasing any details to the security community or the public at large. This timeframe may vary according to the complexity of the issue however it will usually not exceed 30 days.

If you follow this process in good faith and especially avoid the behaviors listed in What Not To Do section of the policy we will not bring any lawsuit against you nor report your activity to law enforcement.

Please Enter Your Information |

*Required Fields

Attach File(s) | (acceptable formats are jpg, pdf, doc, txt)

Do not report any of the following types of issues through this process:

  • Spam
  • Content Injection
  • The public availability of content stored on our CDN (this is by design)
  • Social engineering techniques
  • Bugs originating from versions of browsers of third-party plugins
  • Suspected malicious traffic originating from our network (these should be reported to our 'Abuse Team')

By Submitting the following information, you agree to the following:

  • Do not remove, copy, transfer or edit/destroy any data that you may discover during your investigation.
  • Do not interact with any other persons account without the written permission of that user.
  • Do not engage in any activity that could result in a degraded service to our other customers, denial of service or damage to data.
  • Do not use automated testing scripts of software during your investigation that are overly broad in scope or unqualified in their targeting.

I hereby represent and warrant that all statements made above in my submission are truthful and accurate and that the domain name associated with this submission is registered with a registrar owned or otherwise operated by Web.com Group, Inc.