Cloudapp Security Warning Security Risk

Avoid Cloudapp custom domain at all costs

Cloudapp security risk warning

This is a quick Cloudapp security risk warning:

For the second time, one of my sites received a manual strike from Google for security problems. Someone hijacked a sub-domain, pointing to Cloudapp and used it for malware distribution.

Upon several requests, Cloudapp could not provide a satisfying (or any) info on how that could happen and what they’re doing to make sure it cannot happen again.

I cannot recommend that you use their custom domain feature because it’s not safe. At least, I would not use a sub-domain of an important site of yours.

Hackers can create random links using the sub-domain you point to Cloudapp to create random links to harmful content.

Someone from Cloudapp contacted me via Twitter to inform me I would hear from their support. But I didn’t. Unless you count an email of them stating they don’t know how someone can create random links using my (sub)domain.

The company cannot solve the problem or communicate appropriately.

Don’t put your site at risk!

The way they handled the issue, seemingly unbothered by it, was shocking to me.

Luckily, I did not use an important URL. Because the site has not recovered from the penalties even months later.