Responsible Disclosure

At Greenhost, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems. This is also called a "Coordinated Vulnerability Disclosure Policy"

Please do the following:

  • E-mail your findings to security@greenhost.net, Encrypt your findings using our PGP key below to prevent this critical information from falling into the wrong hands,
  • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
  • Do not reveal the problem to others until it has been resolved,
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

What we promise:

  • We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date, If you have followed the instructions above, we will not take any legal action against you in regard to the report,
  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission,
  • We will keep you informed of the progress towards resolving the problem,
  • In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise), and
  • As a token of our gratitude for your assistance, we offer a reward for every report of a security problem that was not yet known to us. The amount of the reward will be determined based on the severity of the leak and the quality of the report. The minimum reward will be a €50 gift certificate.
  • We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

*adapted from CC-BY Floor Terra http://floort.net/

GPG Fingerprint and public key

Contact email address: security@greenhost.net

GPG Fingerprint: 207C FAB6 ACD9 EF3E C5B3 C8FA F965 32D2 7CF8 368E

Full GPG public key:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFwPv+wBEACqva6tYCjRTh6u6dqAW5opx5ZPwbFI8LiIsR7tLonXUuy11hLU
MZgLdDh5qth1JHn8336MTOXpeCdRY+JQaShDvOQ4xyjDsHitUqk24oTQqsV+qNFz
rONvrZw/VGt/T4c6HfhB+HT9q72bnnnHIBsinFWhPHEHFPWCUEUXpDZeBnjVMSd1
GIDc9Wv0+/uYAonQ6NL6PltjXGVW8XbJktOlB10efcKJekmmoAcyfVyJZEJZC30f
eDvHd7sk0BC2VqXI0XR29nx8B5jpdHyobA2dpbbRMB87rv+YghrsVq/wx3kk4IGO
DFNkmJDnWCuM7DQ8OPAGw1OFu2UpgjhoVzjVsop+e+Y6J+pAwOgapTQ0FYXZvtCa
bYVehDyYYrGQY1+LTftNU5JZWV7ZD7g4nzGBnkFxRGKOQYdltcUdMZTrnT/PFNCH
DK7bU9+Zd06WIg1fYUKkBBXNP3IvRIoCz2ElOg/6IWSuzWJ+tnmhif8UZSFAsvWH
YHEOlZOcLSO1j7CBY8auCzMJmcRPAlQF77HUqIdRDE5HSH2tz4izZ4l76jTytcDG
dPrPP+tpNT8IHDrwEs2sCBozn/QKTN2VIxQVjIqTfij/LD6lkWqwpSqN6f2DGCB9
7GXuC1cV3ZnV4QkYPpxgaAEcvGKCE9qFYfdpieFBmLXyuu8FGxCN3lELYwARAQAB
tEBHcmVlbmhvc3QgU2VjdXJpdHkgKEdyZWVuaG9zdCBTZWN1cml0eSkgPHNlY3Vy
aXR5QGdyZWVuaG9zdC5uZXQ+iQJUBBMBCAA+FiEEIHz6tqzZ7z7Fs8j6+WUy0nz4
No4FAlwPv+wCGwMFCQlmAYAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ+WUy
0nz4No6OmxAAi2e4ITaU2vrg28biV0DIbMzn8VsBHUuJX8fap/G+b0sk2Zl/TbI4
ruegM4sze+RWxi4Xiwl9wo3r8qsAm1QJ4dMjqVauX0wexRmNBTMYaf13T2apL6xj
Lruq0x4yvkZClFV4R8C2huZ0/qscLgY/ariPOCAeqCM84Mf3r4sFJ6LH7lKWUoiu
x1JCXDvKW1FpZKPUzKerFCD5e2AQ5OwJR7RmUG1HadLDchIT/83CzZVoAng6sGSE
ClhCmTnh2/iSdPogCC4kMP0K1RC1GFvj1IsJrGxBkaWQ3UgX73DKhJfie162tAme
XV1yh5hFPu4XFMMldxESPQiduJd0jS9sK6oBqk9bjOLRY7wMv8IR3qbngekAo6kg
2f/RSsrmz/eRr3A0TGJH7QTG6u60XH3pHnKiV2DMtPvlTapS6pKmQsH9f/n4Fiag
1226hymrmc72KMy/Ir95FlEm/CGd3gDgk4fFs2nUV/XWUMjdjb79eKnPVmw5vyUz
CMW1/lSr0EwbXdzXkanmr2VYcu7pUiHm4ju5eflyK8lv6HlIQ8rrfAVOmvHzyufx
j/m6e2XQF5yhwk5jT17lMmKpZNCsY7YId1xL+9m7+I1fXxRAFwAmrRy/92XT+pjj
Wm87Bepl0GICINKcLdQePnd+WjNoaY13slH70PZMP2/SVU8F705v/Ba0P0dyZWVu
aG9zdCBTZWN1cml0eSAoR3JlZW5ob3N0IFNlY3VyaXR5KSA8c2VjdXJpdHlAZ3Jl
ZW5ob3N0Lm5sPokCVAQTAQgAPhYhBCB8+ras2e8+xbPI+vllMtJ8+DaOBQJcD8EM
AhsDBQkJZgGABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEPllMtJ8+DaOzEYP
/2Wm59M4G7OlFlT1yQ2SQs713dsIZI6tBi1kcoaIP+R1tS7EBDNdUWo2ETFIYQTs
0+w6A4aLPN+P9Piti1MFKQxKvYtmDBWOiYRALOifC8epEThZoyEorVdqRl8MxpJQ
eR1K9l0Tl00Oj3RQSod16RR53rziMTxWccLdSRNgJxY21PPZaCP34Uap2xMLCOPR
TjNh+aVCr3mjFwTIBUpTUsCJcvpvK7TFXqd1Agvag07r5ISA/WU6FqMnVSEsTDZT
FeQnyyC+WSU7ko9LSqG08tZhH0VGIy90uz6jYNgtE/9kHHzMivqUgSDkWUkQJg5e
Os+YeA/XaA+Bv51MDCH+4bp+YzacMsMEySFi+VZ8g/UdmiQQFS9hDS9j20+U6oUk
1gfOUum5vhBmQSQpgrxN7zZevwwVrHJHKZNKaupg9jhjCP1P+VTcaNMihQ8WV9b9
ymUJ+hXmAPb65EfKENtNBDBmqrAry2s00RzKDmceAkKuK3oUzICYS3DNUzBWZrlw
0fAXP51Fi5ayrFRHhv6bLK44VxLQvwjeM4RJkzq6hNfglZN+7pLPIWzTDeVJJMxB
x9TFdBpev13xfVFFK8joH+ifPea5hX9+8a69Nd5yMKJHwsvcf4pqUhRhKsDnNNQD
HXC8IHe+AvSzbVeIl9zzbWfwjZ1ehatf2WSRo4DX4zhRuQINBFwPv+wBEADB9Bh9
p8y8lzk3dUm5RHToyV7qua1kXompBKrX0GABzRoD8L+2ETIucJq5I2rYClFh/ozG
jR4J0DegDYGfX0ZA8IQL12t51VlP8+jLV4xxSlomE1CXu5RIW1a+1DqBPZk9HcMT
V++zCQsRcP362RcVJPRsnvabcg8gVo2G/INTV8V63bWTPeh0wqlzQEnWg5km+AYX
gnliAkGGCcFTM+SmGumqoQXQyAI+Vkp7t0S9GoMq9RU7Cz3ydFMfH0ak+YX6k0x/
ekOxUJ9bNaBGAAo5qoEVHFUBqxrtrmwDtHEMuVY4boEgHQIalfghcrYHieS6CJ2s
uh1GV+pa8YJ0QqYiZNHnzufCYBGIWmrp8/9PsnmmRE09LDZ8LwldxjCypuPvpYGR
6Hhb6u0zxjl/PBUvaSmu5MheJcjlGMUvSEMvxTm75IgI7sHmZWqpw6/srKLrOLIj
WwXN4vbHYZRxiEzrivvokD/9wu78kIDH+Pdj9k4qa7crhOfZMYxVNnok0FI4I/Eq
baU+QlyT3b4zeRQGgqEggDm8OaVWlOSfVQjOrLLmmszu8mWvglUHrj/GEzpOONmx
iqcP/iqmk61bi2aGPdIa5yBvju7VlxoX0eg5OIXQJylPiA6LUkFcCS2M/rQXIB+H
5Tn/tnJrtaXuzL1XWl1vGLLt8lU1a2m59WGceQARAQABiQI8BBgBCAAmFiEEIHz6
tqzZ7z7Fs8j6+WUy0nz4No4FAlwPv+wCGwwFCQlmAYAACgkQ+WUy0nz4No4Cgw//
ar//9UNt3677JGFWJpc3z35gn51rT/lLJWTCOub5KnoYo+kRLCDttfl+wIs/TBIo
kp4E9w6fMDlVvwBEGWcku/LquG9NoysPddO9TcE4q1GGGxWZbUInnOR2TSW1fhwF
72Jle8mP/X+8tr5siny18IORD2y3ckFVTXbLKXKg/hRzIXgCPePPoivSq7oQyOQf
FhJWOxM72rsgHtjHCZEWoSjQFtR0/RIuTy8zHDp8lvjcZKJpZQ9bMhCA8inEMvqs
nfnYOlby3PqHp2FPP3AlTPhY9oG3Yr9ZdMNrfbz5a7OnuWuB1qyJontbX22C4fQW
/rQHLlcDeFnUPPJCWcL1z68/A3U9117m0DIHkhFxDHZYy94l+z61Qe+vhJdqppCi
rSjL45iUcDSeK/9d/ty6OpGAm9iZh7+XS/ih7t/XzYF3VcJSaHdVhWy/krLV8Tlm
RNNYDbEeiuS4NPlOqNXQ0UdB6MewYKUfl3BKBAVMY9AOjWLrgM0i5ywNmE5/CAEB
gUpg3zZA4/sRYevLVMpCyEXll08peOL4YomIxiFceDMBDmTg8gxZZgH5CDn12yui
eYJbq3WxYFY+tBZZkIdfPk8CWVfE8r6stBoYBGdGlGmmuISF7wdIvXJVthqA6XP8
ID25sYrtswyN2WMDyIbgXm+8Kc5+sZKItDvd+WetAoI=
=09Sr
-----END PGP PUBLIC KEY BLOCK-----