Sites that get your server IP

O

Onlyme

Active member
I thought that being behind cloudflare and using a 3rd party email provider would stop my server IP being leaked and make it harder for people to attack me.

Today I was informed of sites like this https://censys.io/ipv4?q=

Can anyone please explain to me in simple terms how this works and how to stop it.
 
It's actually pretty simple.

First would be to parse the internet for an SSL certificate valid for your domain name, which most likely will give up your real IP address.

Second would be an audit trail from when you weren't using cloudflare.

There is no such thing as 100% anonymity on the internet.
 
Snog said:
It's actually pretty simple.

First would be to parse the internet for an SSL certificate valid for your domain name, which most likely will give up your real IP address.

Second would be an audit trail from when you weren't using cloudflare.

There is no such thing as 100% anonymity on the internet.
Click to expand...
I've been reading its done via the certificate. And I I've also seen that it can be prevented by only allowing cloudflare IP range to your server, I'm guessing by firewall.

If you or anyone has a better solution please do share.

Good to see you Snog :)
 
madness85 said:
I've been reading its done via the certificate. And I I've also seen that it can be prevented by onlying allowing cloudflare IP range to your server, I'm guessing by firewall.

If you or anyone has a better solution please do share.

Good to see you Snog :)
Click to expand...
I'm still lurking around :D

At this point it might be too late to protect your server with a firewall. The audit trail exists without it.

You MIGHT be able to get around the audit trail by changing servers and locking it down to cloudflare before putting it online. I don't know, I've never been worried about that so I never had a need to do it.
 
Another potential problem is emails from your server to users if email resides on the same server as the forum.
 
Interestingly enough, while working on the spam traps for one of my servers this showed up in the mail logs this morning...
Code: 
Nov 23 07:42:47 server postfix/smtpd[26382]: warning: hostname worker-10.sfj.corp.censys.io does not resolve to address 198.108.66.161
Nov 23 07:42:47 server postfix/smtpd[26382]: connect from unknown[198.108.66.161]
Nov 23 07:42:47 server postfix/smtpd[26382]: disconnect from unknown[198.108.66.161]
So, what that means is Censys now knows my server's name and IP address from the smtpd HELO response. From that they can easily figure out my web site name since the server is named server.sitename.com. It doesn't matter to me, but it might to some people.

If someone wants to firewall their IP addresses, this is what ARIN has to say about Censys IP addresses...

And there's no guarantee that they don't have IP addresses in other countries (RIPE, APNIC, etc.).
 
Last edited:
You must log in or register to reply here.

Similar threads

⭐ Alex ⭐
Why exactly do we need a cookie notice for third party cookies?
Replies
1
Views
570
⭐ Alex ⭐
⭐ Alex ⭐
H
XF 2.2 Print Debug Messages
Replies
3
Views
397
hurricane_sh
H
The Cyst
  • Locked
Sin Studios - A server development forum!
2
Replies
23
Views
2K
Agentos
A
PumpinIron
Looking to improve your ad revenue? Check out Datablocks
Replies
17
Views
2K
bennylava
B
digitalpoint
Cloudflare optimizations for XenForo
7 8 9
Replies
175
Views
17K
digitalpoint
digitalpoint
Top Bottom