Security and penetration testing policy

security.txt file | acknowledgements

I don't offer bounties, but if you have found a vulnerabiliity, you are welcome to report it :)

Rules for scanning/pentesting the server:

• No flooding / volumetric denial of service / resource overload, or similar attacks.
• No attacks on the VPS provider.
• Don't access personally identifiable information.
• Don't access private data.
• Don't modify/delete/mess up any existing data.
• Don't upload/add any data except for minimal data needed for testing. (In particular, don't upload any illegal content)
• If you cause this server to send outgoing messages/requests/network traffic, it must be sent only to yourself.
• Use common sense and don't cause problems for me or anyone else.
• Report security problems to my e-mail samuel@kodafritt.se
• Even if you didn't find any problem, please send timestamps, URLs, etc. of your scan, so I can identify the scanning activities as white-hat rather than black-hat.

Scope

The following domains are within scope. But only subdomains that point to the same IP (there are some external subdomains). Note that some domains/subdomains use external e-mail servers; those are not in scope!

• *.kodafritt.se
• *.fribid.se
• *.slbdata.se

Revision history

• 2022-12-26 : Initial version
• 2024-01-11 : Added sialentreprenad.se and clarified that e-mail on that domain is out of scope.
• 2025-04-11 : Removed sialentreprenad.se