Drag the background!

Bug bounty is on pause

The Ancient Brain "bug bounty" program is on pause for the moment.

We paid out exactly € 1,620.
Thanks to all who submitted bugs.
The bug bounty program may resume again in the near future.

Rewards (now on pause)

I offer the following rewards for the discovery of bugs in the Ancient Brain site.
  • € 30 for a minor bug.
  • € 100 for a major bug.
  • € 200 for a critical bug.
My decisions are final.

I have the funds. So go try and hack it!

Hacking ideas

Here are some ideas to test for bugs and exploits:

Do not cause damage

If you find an exploit that can cause damage:

If you actually cause damage, you will not be paid. Instead, report how you could cause damage, and collect your payment.

Do not report

I am aware of the following issues. Do not report them:

I am aware the user management system could be stronger. Do not bother reporting these issues:

  • "Forgot password" should not actually reset the password but should email a link to reset it.
  • Registration does not allow picking your own password at the start.
  • Change email does not force validate new email (only informs it).
  • CSRF token needed for login/logout
  • I use password "p" rather than a real Captcha.

Do not bother reporting issues on these platforms:

  • IE
  • Windows Phone
  • Any platform that is discontinued.
  • Any browser that does not support HTML5.
Also: First come first served. Second report of same bug gets nothing.

Firewall blocks

Hacking attempts may trigger the site firewall (not my code) and it may give you blocks/timeouts if certain rules are triggered.
  • To check if your IP is blocked / given a timeout, or if something else is going on, try the site from another IP.
  • An actual bug might be if firewall rules are being triggered when they should not be, so you could report that.
  • When you attempt an exploit, it can be hard to tell if it got through and then generated an error, or if it never got through and the firewall blocked it. So you may report what looks like the former and then I look into it and discover it is only the latter.

Send reports

Send bug and exploit reports to:

And you will (subject to my decision) get rewards as above.

Dr. Mark Humphrys
Ancient Brain project
School of Computing
Dublin City University
Glasnevin, Dublin 9, Ireland
Tel: (+353 1) 700-8059

The background is a program, showing the JavaScript graphics used on this site.
The globes light up when you log in.

Website copyright © Ancient Brain Ltd. 2018-20.
Users retain copyright of their own content.
Ancient Brain ™ is a trademark of Ancient Brain Ltd.

Platforms      Stats      The name      Terms and conditions

Bug bounty      Classes      Contact

Call for partners!
If you are interested in writing a programming course, textbook or tutorial videos, Ancient Brain is looking for partners. We will work with you, and integrate your course into the site. This is an opportunity for someone looking to develop a course or textbook to partner with a site to support it and promote it.