Ethical or Unethical Hacker?

Yesterday I received an email from Chris Mazzula, clamming to be a ethical hacker, and they found a “bug” in my wordpress website, xmlrpc.php exploit from 2018. Now for reporting this “Bug” to me i got this response,
I think it would be justifiable if your website grant me a reward as a token of appreciation.
Standard reward for this bug as per hackerone bug bounty policy:

When I stated , Well maybe if I had asked you to do this for me I would be happy to pay you, however I am not in the practice of paying random visitors to my website.

Has anyone else had this issue?

Sounds like the virtual equivalent of those guys who try to wash your windscreen with a bottle of drain water and a dirty rag at the traffic lights.
Bug bounties are a good thing, but that’s not how they work Chris.

I tend to use a catch all email account for my domains just to see what random address’s get hit. Get some weird emails from dead relatives trying to give me money right through to the cheap boner pills. Have not had one from Chris yet! Look forward to the day :slight_smile:

Well I haven’t heard back from him as yet, I did block the City of Karachi, where he lives from accessing my site, but we all know how that works.