Ok, i finish the test and here is the report.
First of all, congrats for your site. Have a great looking.
I just create a account, got 1 mail for the verification, and after that got another mail with the user to login, The register and login system work great.
I take a look to the different pages on your site and only found one problem:
You don't have catcha in the ticket "Create a New Support Ticket":
http://i57.tinypic.com/2j2eovl.pngIf i use the next code, i can auto post a ticket;
VERSION BUILD=8920312 RECORDER=FX
TAB T=1
URL GOTO=http://www.100bit.co.in/support.php
TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:frmsearch ATTR=NAME:adtitle CONTENT=test01
TAG POS=1 TYPE=TEXTAREA FORM=NAME:frmsearch ATTR=NAME:ticket_desc CONTENT=test0011
TAG POS=1 TYPE=INPUT:SUBMIT FORM=NAME:frmsearch ATTR=NAME:ticket
And that mean i can send you 1000 tickets if i want with a script. And was thinking in do it, but better report it here
At the same time, i test your site with nikto to find some vulns, but you dont have any vuln. there.
[usr@localhost ~]$ nikto -h www.100bit.co.in
- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 104.28.28.49
+ Target Hostname: www.100bit.co.in
+ Target Port: 80
+ Start Time: 2015-04-04 10:22:52 (GMT-6)
---------------------------------------------------------------------------
+ Server: cloudflare-nginx
+ Cookie __cfduid created without the httponly flag
+ Uncommon header 'cf-ray' found, with contents: 1d1e5ac1ed8d1431-LAX
+ Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
+ 4197 items checked: 0 error(s) and 3 item(s) reported on remote host
+ End Time: 2015-04-04 10:28:24 (GMT-6) (332 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
[usr@localhost ~]$
Only include a captcha on that "Create a New Support Ticket" section, and your site will be ready for the launch.