Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-28, 19:11:41

Author Topic: Help fix admin misconfiguration to protect real ip address on Cloudflare  (Read 10040 times)

0 Members and 1 Guest are viewing this topic.

Offline befree22

  • Valuable Member
  • *
  • Posts: 95
  • Karma: +0/-1
    • View Profile
Hi,

I added my sites to Cloudflare for a layer of security (DDOS protection) but I saw the real ip address for my sites on google while doing a search. The real ip address is listed at http://www.cloudflare-watch.org/cfs.html because Cloudflare doesn't have email forwarding and anyone can locate direct-connect addresses.

I'd like to protect my real ip address from being leaked by Cloudflare (and other sites). The following 2 links show people how to find real ip address for sites on Cloudflare:
http://tipstrickshack.blogspot.com/2012/11/how-to-find-real-ip-protected-by-cloud.html  AND
http://pentesterscript.wordpress.com/2013/11/06/cloudflare-resolver-bash-script/

The author states that "All these methods are based on bad admin configurations, if admin configuration is good ,then you can not find real i.p." He also said "Ports are filtered, so it blocks your ping request. It allow only some specific i.p."

Could you help me block the real ip address of my vps from being revealed on any sites, including networks like Cloudflare? I want to fix the admin configuration so that direct-connect, pinging and other methods cannot reveal my ip address.

Thanks in advance

Offline befree22

  • Valuable Member
  • *
  • Posts: 95
  • Karma: +0/-1
    • View Profile
MRatwork sent me a pm stating that:

In Kloxo-MR:

1. Nginx have mechanism to protect for DDOS with limiting access from 1 source
2. Only IP in 'allow-tranfer' able as secondary DNS

I have 2 questions.

1.  Can Nginx protect vps from a high bandwidth DDOS attack? I ask because on webhostingtalk a poster said there's nothing you can do to prevent a high bandwidth DDOS attack.

2. What do you mean by "only ip in "allow transfer" able as secondary DNS"? My goal is to PREVENT my real ip address from being leaked via direct-connect, pinging, etc.

Awaiting a reply

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
1. If you open /home/nginx/globals/proxy.conf or php-fpm.conf you will see:
Code: [Select]
    location / {
        limit_conn addr 25;
where it's mean only 25 connection permit from 1 IP address.

2. You open /home/bind/conf/defaults/named.acl.conf (example for bind) you will see something like:
Code: [Select]
acl allow-transfer {
    localhost;
    188.165.252.83;
};]
where it's mean only localhost (127.0.0.1) and 188.165.252.83 as secondary dns for your domain. It's make no possible to 'hijack' for your domain
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline crossing

  • Senior Member
  • *
  • Posts: 336
  • Karma: +0/-0
    • View Profile
----------
1. If you open /home/nginx/globals/proxy.conf or php-fpm.conf you will see:
Code: [Select]
    location / {
        limit_conn addr 25;
where it's mean only 25 connection permit from 1 IP address.
----------

That means that if we use Kloxo-MR nginx we don't need cloudflare DDOS protection ?
« Last Edit: 2014-01-05, 18:10:03 by crossing »
Kloxo-MR -> Great Panel ->  Great person behind it ->  Mustafa

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Absolutely yes.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline befree22

  • Valuable Member
  • *
  • Posts: 95
  • Karma: +0/-1
    • View Profile
----------
1. If you open /home/nginx/globals/proxy.conf or php-fpm.conf you will see:
Code: [Select]
    location / {
        limit_conn addr 25;
where it's mean only 25 connection permit from 1 IP address.
----------

That means that if we use Kloxo-MR nginx we don't need cloudflare DDOS protection ?

Hmmm...so Cloudflare limits the number of connections to the ip address. And applying Mratwork's 2 rules above means that Cloudflare isn't needed at all.

1. Does this mean that I can change the number of connections to a even lower number, say only 6 connections maximum per ip? Also, I use a VPN service to connect the internet -- will this lock me out of my vps?

I ask because of my ddos problems and and I'm looking to harden my vps and websites from malevolent attacks.
I'm disappointed that Cloudflare leaks real ip using direct connect and the purpose using cf is to prevent ddos.

2. I'd like to apply the rule "where it's mean only localhost (127.0.0.1) and 123.45.678.9 as secondary dns for your domain. It's make no possible to 'hijack' for your domain."

I use a VPN service to connect the internet -- will this lock me out of my vps?
Where do I find the secondary dns ip address?

3. I'm getting 200+ hits from 1 ip address in 1 day -- see image below. Should I delete the log of Lxguard ip connections in Kloxo-MR? 
« Last Edit: 2014-01-26, 03:41:49 by befree22 »

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix
Click Here

Page created in 0.034 seconds with 22 queries.

web stats analysis