To the guy with IP: 115.242.186.210 from Chennai, India:
So if someone tries to find a vulnerability you post his IP ? This might, or might not, be his actual IP, but aren't you supposed to keep this information (and other you might collect) private ? He/she might be trying to help you after all... if I had any interest on this, now I would surely never give it a try.
Also, every related program I've seen paid much more than what you're offering. I don't see why anyone not so honest with an actual bug would sell it to you. Be clear about what you would actually pay, "There is no maximum reward" is not clear at all.
Finally, if you intend to help the community, you should disclose the bugs reported after you fix them.
You are right, I had a misunderstanding. At the time I thought he was being malicious and what he was doing looked like a DDOS so I posted his IP. It was a mistake I shouldn't have.
Why not put test site on different server? Vulnerability scan is intense, what you what the india guy to do, page by page manuall?
Minimum one need to run crawler and catch all file and pages to look at manually.
It is on a different server. You are right I had a misunderstanding. I thought he was being malicious.
PS. This ASICSRUS guy is a troll. just look at his post histories. He blackmails and spread rumours about all the casino owners in order to extort for bitcoins.