Getting unwanted behaviour, is luckily something that doesn't happen very often. At the same time, it can not always be avoided when working with the crowd.

If your system is experiencing a heavy loading coming form one or more specific IP addresses, you can check in the platform if the IP addresses is known by us and linked to a researcher.

A couple of steps to take when this happens are:

  1. Check the IP's through the IP lookup feature

  2. Update the program rules and send out an update

IP Lookup

Go to the "IP Lookup" in your profile

Then copy the IP address and see if the IP address is in use.

If it is known to a researcher, please reach out to your customer success manager and report this behaviour. We will then contact the researcher.

If the IP lookup doesn't generate any result, you can still let us know and we will still inform the community team about the activity.

Important Note:

The IP lookup feature is also available through our API. Contact your Success Manager to see if this an option for you and to get more information.

  • Tighten program details under In Scope in case you want to limit the number of requests in automation or ensure researchers register with their email address.

  • Send out an update about the new restrictions

Adjust program rules & send out update

Possibly you'll want to add rules regarding the use of automation or other rules, e.g. that researchers have to always use email addresses for registration, or that they should never test on production but only on the provided test instances, never break into customer instances and so on.

In our experience, automation can be useful tools and they are easily configurable.

You could add the following text to your "In scope" section to make it more clear and then send out an update about it to all researchers.


### Please use a rate limit of x requests per second.

### Please do not use the following methods:

  • Bruteforce -> Password / Username bruteforce

  • Directory / file enumeration: see rate limit guidelines

  • Directory / file / content enumeration: see rate limit guidelines

  • Rate limit (maximum amount of requests per second) used in automation: 1 requests per second

For more information on sending out Updates, See the following article:

Did this answer your question?