SOME OF OUR VOUCHES CAN BE FOUND IN: https://vgy.me/u/tX01hA smcloud.cc – Security Analysis Report Domain: smcloud.cc Active CDN: Cloudflare Example = Recommendation Report Part 1: Website entry At first entry to the website, there is a captcha which is a great practice to stop many DDoS attacks, excluding those that are exclusively made for Captcha Bypass. The good side of this is that rarely there are any legit booters that have Captcha Bypass, and those that do, have a hefty cost, inaccessible for most people. Part 2: Index For the most part, the index is secured. The only problem found is that there is no captcha added to https://smcloud.cc/dashboard/check_key.php and there is no rate limiting. In order to add rate limiting you can simply use Cloudflare “protect my login”. In order to add captcha, you should use https://www.hcaptcha.com/ or https://www.google.com/recaptcha/about/ . I would also recommend “WAF” to be on, also called “Web Application Firewall”. This can be found in Cloudflare. Part 3: Client Area The client area is nearly perfect: the only recommendation I could give would be hosting the combos on your own website and not an external service.
Next Page Part 4: Ending Note In general, the https://smcloud.cc website is very nicely made, with a very straight forward UI, easy-to-use interface. It is lacking protection, but all this can be easily fixed with a bit of effort. Vulnerabilities found: ● https://smcloud.cc/dashboard/check_key.php is vulnerable to POST attacks, we recommend adding rate limiting and a captcha challenge. ● Backend is exposed: (54.39.51.94) although this IP is protected by OVH ddos protection, bypasses are coming out more & more, and are getting cheaper & more publicly used, so you should still research into load balancing and protecting your backend through IPTables configuration. Debug Labs Corporation est.2022
1 Publizr