Results 1 to 11 of 11
  1. #1

    fix admin configurations to prevent direct-connect server ip leak

    Hi,

    My vps is a Linux: CentOS 6 - 32bit, Nginx server, Kloxo-MR control panel, 1 GB RAM, (Xen PV), 512 MB swap, ipv4

    I added my sites to Cloudflare for a layer of security (DDOS protection) but I saw the real ip address for my sites on google while doing a search. The real ip address is listed at http://www.cloudflare-watch.org/cfs.html because Cloudflare doesn't have email forwarding and anyone can locate direct-connect addresses.

    I'd like to protect my real ip address from being leaked by Cloudflare (and other sites). The following 2 links show people how to find real ip address for sites on Cloudflare:
    http://tipstrickshack.blogspot.com/2...-by-cloud.html AND
    http://pentesterscript.wordpress.com...r-bash-script/

    The author states that "All these methods are based on bad admin configurations, if admin configuration is good ,then you can not find real i.p." He also said "Ports are filtered, so it blocks your ping request. It allow only some specific i.p."
    I found a way to possibly prevent my real ip from being leaked at http://www.jonboy60.com/2010/09/07/h...-fedoracentos/

    Will the above iptables changes work on my vps? Could an experienced IT professional help me block the real ip address of my vps from being revealed on any sites, including networks like Cloudflare? I want to fix the admin configuration so that direct-connect, pinging and other methods cannot reveal my ip address.

    Thanks in advance

  2. #2
    Could someone tell me if the code on Could someone tell me if the code on jonboy60 link given above will prevent my real vps ip from being leaked will prevent my real ip from being leaked?

  3. #3
    You can use luxsci.

  4. #4
    Someone said that "2. Only IP in 'allow-tranfer' able as secondary DNS".

    What does this mean? How does this help me prevent my real ip from being leaked on Cloudflare (and other sites)?

  5. #5
    Cloudflare provides a different IP address for your domain name, but has nothing to do with your external mail.

    > Someone said that "2. Only IP in 'allow-tranfer' able as secondary DNS".
    > What does this mean? How does this help me prevent my real ip from being > leaked on Cloudflare (and other sites)?
    No, that doesn't help you. What it does is blocking PING replies so that your server "appears" as offline, which won't do you any good since if anyone were to attack it directly - it will go down.

    So, to prevent "IP leak" (as you've described it):
    If your web site sends e-mails, you will need an external mail server that doesn't show the "sender-address" (your server IP address).

    As I have told you already, luxsci provides such feature. You may contact their live chat for more info. I have not yet found an alterntive to their service.

  6. #6
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    899

    Post Hi,

    Quote Originally Posted by befree33 View Post
    Hi,

    My vps is a Linux: CentOS 6 - 32bit, Nginx server, Kloxo-MR control panel, 1 GB RAM, (Xen PV), 512 MB swap, ipv4

    I added my sites to Cloudflare for a layer of security (DDOS protection) but I saw the real ip address for my sites on google while doing a search. The real ip address is listed at http://www.cloudflare-watch.org/cfs.html because Cloudflare doesn't have email forwarding and anyone can locate direct-connect addresses.

    I'd like to protect my real ip address from being leaked by Cloudflare (and other sites). The following 2 links show people how to find real ip address for sites on Cloudflare:
    http://tipstrickshack.blogspot.com/2...-by-cloud.html AND
    http://pentesterscript.wordpress.com...r-bash-script/

    The author states that "All these methods are based on bad admin configurations, if admin configuration is good ,then you can not find real i.p." He also said "Ports are filtered, so it blocks your ping request. It allow only some specific i.p."
    I found a way to possibly prevent my real ip from being leaked at http://www.jonboy60.com/2010/09/07/h...-fedoracentos/

    Will the above iptables changes work on my vps? Could an experienced IT professional help me block the real ip address of my vps from being revealed on any sites, including networks like Cloudflare? I want to fix the admin configuration so that direct-connect, pinging and other methods cannot reveal my ip address.

    Thanks in advance
    We also have tips in our knowledge base about this under "General Website Security Guidelines" (you can do a search).
    CloudFlare Community Evangelist

  7. #7
    @damoncloudflare I visited cf an read the tips on "General Website Security Guidelines."

    I understand that I'll still need an external email server.
    I will employ the suggested tips, ie. remove dns records not using, and rename "direct" subdomain to access services. However, I'm still unclear about renaming "direct" subdomain and using orange cloud.

    PLEASE CLARIFY "If you are concern about security, then you can enable orange clouds for the subdomains and use either the direct IP or renamed "direct" subdomain to access these services without passing through CloudFlare's network. For example, to FTP you would use FTP direct.your-domain.com and replace "direct" with whatever you renamed the subdomain to."

  8. #8
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    899

    Post Hi,

    Quote Originally Posted by befree33 View Post
    @damoncloudflare I visited cf an read the tips on "General Website Security Guidelines."

    I understand that I'll still need an external email server.
    I will employ the suggested tips, ie. remove dns records not using, and rename "direct" subdomain to access services. However, I'm still unclear about renaming "direct" subdomain and using orange cloud.

    PLEASE CLARIFY "If you are concern about security, then you can enable orange clouds for the subdomains and use either the direct IP or renamed "direct" subdomain to access these services without passing through CloudFlare's network. For example, to FTP you would use FTP direct.your-domain.com and replace "direct" with whatever you renamed the subdomain to."

    You can rename/edit the direct record in your CloudFlare DNS settings to something less intuitive than direct (if that makes sense).
    CloudFlare Community Evangelist

  9. #9
    Would I still need to enable orange clouds for the subdomains after I "rename/edit the direct record in your CloudFlare DNS settings to something less intuitive than direct?"

  10. #10
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    899

    Post Hi,

    Quote Originally Posted by befree33 View Post
    Would I still need to enable orange clouds for the subdomains after I "rename/edit the direct record in your CloudFlare DNS settings to something less intuitive than direct?"
    You shouldn't enable the proxy (orange cloud) direct if you're using it to do things like ftp.
    CloudFlare Community Evangelist

  11. #11
    I added DNS records in Cloudflare to prevent direct connect. Please tell meif the following will indeed prevent direct connect to the server and leak real ip address: see image at http://i43.tinypic.com/2i0dr2x.png

    1. I changed "direct" to another word in Cloudflare dns records.
    2. You said not to use Cloudflare/orange proxy so I left it as is.
    3. I am using an external mail server.

Similar Threads

  1. Dedicated server from hosts with AWS Direct connect
    By Ssvss in forum Dedicated Server
    Replies: 6
    Last Post: 12-19-2012, 09:11 PM
  2. Fix: Memory Leak with WHM Installed on RHEL and CentOS
    By TurkReno in forum Hosting Security and Technology
    Replies: 8
    Last Post: 09-05-2010, 12:05 AM
  3. Replies: 0
    Last Post: 08-11-2010, 10:37 AM
  4. Server Admin Experienced with custom database configurations.
    By dataword in forum Employment / Job Offers
    Replies: 4
    Last Post: 12-03-2005, 01:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •