The “Oops” Moment
Imagine you put a giant, unbreakable fence around your house (that’s Cloudflare). But you leave a side gate wide open with your home address painted on it. That’s exactly what I found with CyberWell.
Step-by-Step: How Anyone Can Find This
1. Go to a DNS Lookup Site
You don’t need hacking tools. Just go to any free DNS lookup website like:
2. Check the Main Domain
I typed app.cyberwell.org into DNSChecker. It showed Cloudflare IPs (like 104.x.x.x) - that’s good! The fence is working.
3. Check Suspicious Subdomains
Then I got curious about test.app.cyberwell.org. Same website, same search.
Boom. Different IP address: 167.xx.xxx.xxx (not a Cloudflare IP).
What This Means in Plain English
The test. version of their site was pointing directly to their actual server, completely bypassing the security fence.
How Bad Is This? Think of It Like This:
DDoS Protection: Gone. Like taking down the fence during a riot.
Firewall Rules: Useless. Like having a security guard who only checks IDs at the gate, but there’s a wide-open back door.
Rate Limiting: None. Like removing the “10 items or less” checkout line.
The Simple Test Anyone Could Run
bash
# This is like knocking on the back door instead of the front gate
curl -H “Host: app.cyberwell.org” http://167.xx.xxx.xxx/api/searchWhy This Should Scare Companies
I found this in 5 minutes with free websites. No hacking skills needed. Any competitor, disgruntled customer, or script kiddie could have found the same thing.
How to Check Your Own Company
Go to DNSChecker.org
Type your main domain (like yourcompany.com)
Type test.yourcompany.com, dev.yourcompany.com, api.yourcompany.com
Make sure ALL subdomains show Cloudflare IPs (104.x, 172.x, 173.x ranges)
The Bottom Line
This isn’t advanced hacking. This is basic IT hygiene. The fact that a billion-dollar company missed this shows how often simple things get overlooked in security.
Public Disclosure: Critical Cloudflare Bypass Vulnerability
Title: How a Single DNS Record Can Nullify Your Entire Cloudflare Security Stack