Getting unwanted behaviour, like too many requests to your server causing operational impact, is luckily something that doesn't happen very often. At the same time, it can not always be avoided when working with the crowd.

Below is an overview of what you can do to prevent operational impact from too many requests as well as what Intigriti does to help prevent this.

Testing Requirements in Rules of Engagement

The first step is to make sure your Testing Requirements on the program are set correctly, see the following article: https://kb.intigriti.com/en/articles/5317169-rules-of-engagement-testing-requirements

This will give a good understanding to researchers of what is expected.

Too Many Requests - High Server load

You have set the program Testing Requirements to a certain limit. but you're still occasionally seeing this being breached. Unfortunately, this can never be avoided with 100% certainty in a Bug Bounty program.

The more you open up your program to more researchers (See program confidentiality in the article on program settings), the higher the risk that someone didn't take the rules as literal as they should have.

In these cases, Intigriti will take action and give the researcher a warning or even ban them from the program, according to the Code of Conduct.

Most often, this is actually a simple mistake in the configuration of the tools they use (e.g. Burpsuite) and there is no faul play at hand.

IP Lookup - researcher match

If you provide us with the IP address, after performing an IP Lookup check (see below) to see if there is a match on the platform, our community team will reach out to the researcher and ask them to stop the intrusive testing.

Go to your profile in the top right corner, and select IP Lookup:

Then enter the IP address in the box and the platform will let you know whether or not there is a match, but not the researcher name. This is to ensure the communication is done via the correct channels. Please inform us and we will reach out to the researcher to mediate from our side.

No match - Send Program Update

If there is no match, one of two things might be happening.

  1. An Intigriti researcher is sending requests from a different IP address, which can happen in case they rent servers for their testing purposes.

  2. You are indeed being targeted by a real hacker, which is always a possibility, and in which case there is not much we can do.

Sometimes the surge in traffic coincides with the start of the program. In this case, even though there is no IP match, we can assume a researcher is causing the high load. In this case, we advise to send out a program update as soon as possible to reach the researchers, as we do not have another way of knowing who the researcher is, if there is no IP match. By using a program update, you can reach all researcher.

For more information on sending out Updates, See the following article: https://kb.intigriti.com/en/articles/5192023-sending-program-updates

IP Blocking

On top of what Intigriti can do, it is advised to have (automatic) IP blocking in place This is industry best practice, as it will protect you against black hat hackers as well.

Did this answer your question?