×‰?×B!’×‘C‘×˜š Íá ÍáÍ{u×‰œ“×‰	Ú 7cassandra://PPcWwF1f_xQHLrJTOrnATRwCpF3OoyIAN_Ik8kIaD5cÎ ^7Í`Í±Í
×‰	Ú 7cassandra://bDpo68u0jTAz0M6ngqqImyBbF-ZbScAR_qevEidCv_kÍ8ëÍ`ÍTÍà×‰	Ú 7cassandra://a6YMv4zgmvEP9p6A1eJu9Tz6MzQWIZTjGx4Uo9jb8ngÍÍ`ÌµÍ ×jtç\^DŒ^Èš× ×jtç\^DŒ^È‹ Í²ÌÌÅ 9×‰H·https://vgy.me/u/tX01hAG××ÒÔÔÔrÒïïïÌ× ×jtç\^DŒ^ÈŒ ÍYÍ-ÍH9×‰HÚ *https://smcloud.cc/dashboard/check_key.phpG××ÒÔÔÔrÒïïïÌ× ×jtç\^DŒ^È ÍxÍqÌÊ9×‰H¹https://www.hcaptcha.com/G××ÒÔÔÔrÒïïïÌ× ×jtç\^DŒ^ÈŽ ÍYÍ“Í79×‰HÚ 'https://www.google.com/recaptcha/about/G××ÒÔÔÔrÒïïïÌ× ×jtç\^DŒ^È™ ÍYÍ›Í79×HÚ 'https://www.google.com/recaptcha/about/××Ðˆ× ×jtç\^DŒ^È˜ ÍxÍyÌÊ9×H¹https://www.hcaptcha.com/××Ðˆ× ×jtç\^DŒ^È— ÍYÍ4ÍH9×HÚ *https://smcloud.cc/dashboard/check_key.php××Ðˆ× ×jtç\^DŒ^È– ÍÍW9×H±http://smcloud.cc××Ðˆ× ×jtç\^DŒ^È• ÍYÌðs9×H±http://smcloud.cc××Ðˆ× ×jtç\^DŒ^È” Í²Ì¥ÌÅ9×H·https://vgy.me/u/tX01hA××Ðˆ×ˆE×jtç\^DŒ^È…×‰EÚªSOME OF OUR VOUCHES CAN BE FOUND IN: https://vgy.me/u/tX01hA
smcloud.cc â€“ Security Analysis Report
Domain: smcloud.cc
Active CDN: Cloudflare
Example = Recommendation
Report
Part 1: Website entry
At first entry to the website, there is a captcha which is a great practice to stop many DDoS
attacks, excluding those that are exclusively made for Captcha Bypass.
The good side of this is that rarely there are any legit booters that have Captcha Bypass, and
those that do, have a hefty cost, inaccessible for most people.
Part 2: Index
For the most part, the index is secured. The only problem found is that there is no captcha added to
https://smcloud.cc/dashboard/check_key.php and there is no rate limiting.
In order to add rate limiting you can simply use Cloudflare â€œprotect my loginâ€.
In order to add captcha, you should use https://www.hcaptcha.com/ or
https://www.google.com/recaptcha/about/ .
I would also recommend â€œWAFâ€ to be on, also called â€œWeb Application Firewallâ€. This can be found in
Cloudflare.
Part 3: Client Area
The client area is nearly perfect: the only recommendation I could give would be hosting the combos on
your own website and not an external service.
×‰	Ú 7cassandra://a6YMv4zgmvEP9p6A1eJu9Tz6MzQWIZTjGx4Uo9jb8ngÍÍ`ÌµÍ ×jtç\^DŒ^È†×jtç\^DŒ^È…ÍÂÍ{×‘C‘×˜š   ÍáÍ{u×‰œ“×‰	Ú 7cassandra://lf83fqWExrPCQ_QeGrUo1EEeQWxlCZkFtZFiKgYDgEEÎ l¯Í`Í±Í
×‰	Ú 7cassandra://SSZtk4cIr5fb9NBuMluK5Q5F8PDfNkWRGtSJoV76-4IÍ"Í`ÍTÍà×‰	Ú 7cassandra://tcBpknmfZLWAJ2O4Lad3NuXPXspwsxoNQ33wAV4J-hsÍƒÍ`ÌµÍ ×jtç\^DŒ^Èš”× ×jtç\^DŒ^È’ ÌäÍ%Ìˆ9×‰H²https://smcloud.ccG××ÒÔÔÔrÒïïïÌ× ×jtç\^DŒ^È“ Ì´Í­ÍI9×‰HÚ *https://smcloud.cc/dashboard/check_key.phpG××ÒÔÔÔrÒïïïÌ× ×jtç\^DŒ^È Ì´ÍµÍI9×HÚ *https://smcloud.cc/dashboard/check_key.php××Ðˆ× ×jtç\^DŒ^Èœ ÌäÍ-Ìˆ9×H²https://smcloud.cc××Ðˆ×‰EÚÃNext Page
Part 4: Ending Note
In general, the https://smcloud.cc website is very nicely made, with a very straight forward UI,
easy-to-use interface. It is lacking protection, but all this can be easily fixed with a bit of effort.
Vulnerabilities found:
â— https://smcloud.cc/dashboard/check_key.php is vulnerable to POST attacks, we recommend
adding rate limiting and a captcha challenge.
â— Backend is exposed: (54.39.51.94) although this IP is protected by OVH ddos protection,
bypasses are coming out more & more, and are getting cheaper & more publicly used, so you
should still research into load balancing and protecting your backend through IPTables
configuration.
Debug Labs Corporation est.2022
×‰	Ú 7cassandra://tcBpknmfZLWAJ2O4Lad3NuXPXspwsxoNQ33wAV4J-hsÍƒÍ`ÌµÍ ×jtç\^DŒ^È‰×ˆE×jtç\^DŒ^ÈŠ×jtç\^DŒ^È‰ÍÂÍ{,°SMCloud report-1×jtç›ÖÎS‡¯Õ¤