1. Report a security concern
Send concerns affecting dianyeweb.cyou, customer portals, administration, files or customer information to info@dianyeweb.cyou. Include the page, time, safely reproducible steps, impact and a contact method. Do not disclose customer information publicly.
2. Good-faith conduct
- Use only your own accounts, information and projects.
- Validate with minimal impact and do not download, change or delete information that is not yours.
- Stop further access when a concern is confirmed and report it promptly.
- Allow a reasonable repair period before discussing public disclosure.
3. Unauthorised conduct
- Denial of service, malicious traffic, brute force, social engineering, spam or availability disruption.
- Accessing, downloading, changing or publishing another customer’s information, credentials, secrets or private files.
- Uploading malware, conducting supply-chain attacks or exploiting an issue for commercial leverage.
- Testing third-party systems without permission.
4. Response process
Dianye will acknowledge, assess, contain, repair and verify reports and notify affected parties when appropriate. Timing depends on severity and report quality. This page is not a bug-bounty programme and does not authorise activity beyond law and this policy.
5. Existing safeguards and limits
Current safeguards include server-side authorisation, session expiry, login and submission rate limits, input and upload validation, private-file checks, random identifiers, activity logs, sensitive-field protection and security headers. Controls are reviewed over time, but no online system can guarantee absolute security.