Chromaniac
Well-known member
Proxy key doesn't hide your ip. Only way is to route traffic through an external server.
Proxy key doesn't hide your ip. Only way is to route traffic through an external server.
Than you for the quick reply. My ticket ID is KH20240731217C. The attacker stopped for now but I'm sure that he'll begin at around 17:00 PM CET.
Yup that's a fine approach to take, but only works for folks with dedicated environments. Shared environments don't have that ability.We had the same issue a couple of years ago. Simply configure your firewall to allow traffic from Cloudflare servers only.
IP Ranges
This page is intended to be the definitive source of Cloudflare’s current IP ranges.www.cloudflare.com
Do we need to request this from the host? We use shared.We had the same issue a couple of years ago. Simply configure your firewall to allow traffic from Cloudflare servers only.
IP Ranges
This page is intended to be the definitive source of Cloudflare’s current IP ranges.www.cloudflare.com
I think I got my answerYup that's a fine approach to take, but only works for folks with dedicated environments. Shared environments don't have that ability.
Do we need to request this from the host? We use shared.
Get rid of shared hosting. Providers such as IONOS or OVH offer a firewall for all their virtual servers or cloud instances. Simply use Plesk / cPanel / ISPconfig or w/e (which you should also protect using the firewall; allow access from your ip address only) if you are still not familiar enough with Linux.Do we need to request this from the host? We use shared.
You should never be using your server to send emails these days. Let AWS or MailChimp or someone handle it. That way, your emails won't leak your IP.Ufortunately I do via sent mails and unfurl. I'll fix this when I move to VPS/VDS.
Than you for the quick reply. My ticket ID is KH20240731217C. The attacker stopped for now but I'm sure that he'll begin at around 17:00 PM CET.
I disagree, as long as all your email server results are good, there is nothing wrong with using your own SMTP settings.You should never be using your server to send emails these days. Let AWS or MailChimp or someone handle it. That way, your emails won't leak your IP.
If you are a small hobby site, that is not at risk for any attacks, or if you're unlikely to reach a high level of activity then sure. Otherwise it's easy enough to use a separate service, and lessen the headache of hosting your site, and also prevent a way of your IP leaking.I disagree, as long as all your email server results are good, there is nothing wrong with using your own SMTP settings.
Why would the host have to secure their IP from leaking? It makes no sense for a host to have to secure the customers site because there is no solution that will work for every customer, nor every host. They provide a service allowing you to publish your website to the public internet, and you can then choose to secure however you feel fit.I still don’t understand if this was a problem with his mail setup leaking the IP, or if it was the fault of his host. If the former, the subject title casts a very negative light on the host that is not deserved, and should be changed. It’s very unfair to the host.
Disclaimer…… I’ve been with this host for years and have never had a problem that wasn’t solved almost immediately.
Authenticated origin pulls can be configured per-host in every sane webserver setup I know of, and the mutual TLS ensures connections which aren't from cloudflare's proxy service are rejected.Yup that's a fine approach to take, but only works for folks with dedicated environments. Shared environments don't have that ability.
Indeed it can and if you want to go one further and not use a shared Cloudflare Authenticated Origin Pull client certificate, which would allow other Cloudflare customers to possible connect, you can generate your own CA/Intermediate signed client SSL certificate and upload it to Cloudflare for custom hostname Cloudflare Authenticaed Origin Pull client certificates. I leverage Cloudflare's own cfssl toolkit for this as outlined at https://github.com/centminmod/cfssl-ca-ssl.Authenticated origin pulls can be configured per-host in every sane webserver setup I know of, and the mutual TLS ensures connections which aren't from cloudflare's proxy service are rejected.
We use essential cookies to make this site work, and optional cookies to enhance your experience.