Security Research Welcome

Security

We value the security community and encourage responsible disclosure

Responsible Disclosure

We take the security of Ultimate Proxy seriously. If you've discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

We're committed to working with security researchers to verify and address any potential vulnerabilities quickly and effectively.

How to Report a Vulnerability

If you believe you've found a security vulnerability, please send us a report:

Email us at:

[email protected]

Please include "SECURITY" in the subject line

What to Include in Your Report

To help us triage and fix the issue as quickly as possible, please include:

  • Description of the vulnerability and its potential impact
  • Detailed steps to reproduce the issue
  • Proof of concept (PoC) code or screenshots
  • Your recommendations for remediation (if any)
  • Your name/handle if you'd like to be credited

Scope

✓ In Scope

  • Web application vulnerabilities (XSS, SQLi, CSRF, etc.)
  • Authentication and authorization issues
  • Server-side vulnerabilities
  • API security issues
  • Data exposure or privacy issues
  • Business logic flaws

✗ Out of Scope

  • Social engineering attacks
  • Denial of Service (DoS/DDoS) attacks
  • Physical attacks against our infrastructure
  • Spam or social engineering of our staff
  • Reports from automated tools without validation
  • Issues in third-party applications or services

Responsible Disclosure Guidelines

We ask that you:

  • Give us reasonable time to investigate and fix the issue before public disclosure
  • Avoid violating privacy, destroying data, or degrading service for other users
  • Only interact with accounts you own or with explicit permission
  • Don't exploit the vulnerability beyond what's necessary to demonstrate it
  • Keep confidential any information obtained through security testing

What We'll Do

When you report a vulnerability, we commit to:

  • Acknowledge your report within 48 hours
  • Provide an estimated timeline for a fix
  • Keep you updated on our progress
  • Credit you for the discovery (if desired) when we disclose the issue
  • Not take legal action against you if you follow these guidelines

Our Commitment to the Community

Security is a two-way street. We're also committed to reporting vulnerabilities we discover in mining pools and related services to their respective teams. While we won't name specifics, we've already helped identify and fix issues for major players in the ecosystem.

Bug Bounty Program

We currently do not have a formal bug bounty program, as we're in the beta phase. However, we greatly appreciate security research and may offer rewards on a case-by-case basis.

We're actively considering launching a bug bounty program in the future. If you're interested, stay tuned for updates!

Security Researchers Hall of Fame

We're grateful to the following security researchers who have helped us improve Ultimate Proxy:

Be the first to contribute! 🚀

Safe Harbor

We support safe harbor for security researchers who:

  • Make a good faith effort to comply with this policy
  • Report vulnerabilities responsibly and in a timely manner
  • Avoid privacy violations, data destruction, and service interruption

We will not pursue legal action against researchers who follow these guidelines.

Questions?

If you have any questions about our security policy or the disclosure process, please contact us at [email protected].

Last updated: 11/27/2025