I am getting a bit into protecting my website but someone keeps posting the origin-ip of my website. I've found out that this website is exposing it: http://www.crimeflare.org:82/cfs.html
after some extra research I found that this site has been online for a couple years but no info on how it is made or what technique it uses. Does anyone have a clue how this website gets the direct-connection IP address? Thanks in advance.
I can answer this question. It's really all due to domain history in a nutshell. In order to avoid domain history fetching websites, so-called CloudFlare resolvers and Crimeflare, you need to change your origin IP while under the banner of CloudFlare. Then to stay hidden you MUST not use the email services from your domain otherwise a simple MX record lookup will expose your origin IP. So this means you now need to use third-party email services. If you are using a VPS or bare metal you need to setup IPtables so that ALL IPs are blocked and just allow CloudFlare's IPs. This way IP scanners like Censys can't find your origin IP either since all IPs would be blocked except CloudFlare's forcing all connections to go through CloudFlare. Thankfully CloudFlare IPs don't change that often and they do publish the IP list at their website.
If you are using a shared account you'll want to make sure your shared account uses a shared IP and not a unique IP. With a shared IP your website is mixed with others and these CloudFlare resolver websites can't distinguish between who's who to get your origin IP.
There are some other very minor trivial things to also consider. One trivial possible vector for origin IP exposure is allowing remote content to be published via the website. Be it a remote avatar or file. The link used from this remote content has the possibility of resolving your origin IP behind CloudFlare.
If you are using a shared account you can help block direct IP connections and keep all connections going through CloudFlare in one of two ways. In an Apache or Litespeed SAPI, add the following to your htaccess file:
RewriteCond %{HTTP:CF-IPCountry} ^$
RewriteRule ^ - [F,L]
What that code does is check for the CloudFlare Geo location header in the request from CloudFlare and if not present the user gets a 403. Thus all connections must go through CloudFlare. In order for this to work, the IP Geo Location option has to be turned on in your CloudFlare dashboard under Network.
The other really unique and awesome way of doing this is by using CloudFlare Workers. You can read about that here: https://community.cloudflare.com/t/stop-cloudflare-bypassing-on-shared-hosting/91203
I use all of these methods myself with my websites minus the fact of not using a VPS. So far my origin IP is not shown in Crimeflare or other websites.
Best of luck.
They very much explain it on that very site:
There are sites on the web that specialize in collecting registration and nameserver data. [..] CloudFlare maintains around 391 nameservers, and customers must change the nameservers on their registration in order to use most services. Each customer's domain is assigned two nameservers. This makes it easier to verify which domains depend on CloudFlare, and helps us keep our domain lists relatively current.
In other words, they look at public nameserver data and filter out the domains that have their nameservers pointed at one of CloudFlare's nameservers.
Related
I am a bit new to the deployment of a website. I have a server which is written in Node.js. Previously I had been using Heroku for deploying my apps without knowing much about deployment. I would like to know how do I deploy my server to create a website which has .com at the end of it like www.example.com and not www.example.herokuapp.com. I think it has something to do with domains (correct me if I am wrong). I would like to know what exactly is a domain and a DNS provider and how to deploy a website in such a way. Thank you.
You should ask one question to yourself when you hit www.example.com in browser how does it load a page?. When you run a website on your laptop it basically runs locally, if you want to access your website over the internet you would require public IP(host or server) accessible over the internet so you can access a webpage using public IP:port. But this is not the best option because IP may change in the future and also remembering IP for each application will be difficult. Imagine if you access Facebook, Instagram or any other websites by its IP addresses how difficult and inconvenient would it be? There are a couple of things you should know.
DNS-> Domain Name system
Every host is identified by the IP address but remembering numbers is
very difficult for the people and also the IP addresses are not static
therefore, a mapping is required to change the domain name to IP
address. So DNS is used to convert the domain name of the websites to
their numerical IP address.
DNS is a hostname to IP address translation service. DNS is a distributed database implemented in a hierarchy of name servers. It is an application layer protocol for message exchange between clients and servers.
Name servers
Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.
DNS record
A domain name, IP address what is the validity?? what is the time to live ?? and all the information related to that domain name.
Once you understand the DNS
Host(Deploy) your website to Amazon EC2 or Heroku and obtain Public IP.
Buy a domain from domain provider like Godaddy
Map domain(ie www.example.com to IP)-> DNS record
Mapping domain to IP may vary platform to platform but the Core principle remains the same. I would suggest you these below link. Try to find differences in both, doing so you will learn along the way
http://www.littlebigextra.com/map-domain-name-amazon-aws-ec2-instance/
https://medium.com/progress-on-ios-development/connecting-an-ec2-instance-with-a-godaddy-domain-e74ff190c233
A client of ours has the domain client.com
Our application is at superapp.mycompany.com
We want the client to be able to access our application via their own subdomain, like: superapp.client.com.
Normally we'd just tell the client to add a cname for superapp and point it to superapp.mycompany.com. Then on our server (IIS) we'd bind their domain to our app and everything would work as intended.
However, we can't replicate this functionality when our mycompany.com domain is managed via cloudflare.
When we navigate to superapp.client.com we get the following error page:
Error 1001
What happened?
You've requested a page on a website (superapp.client.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (superapp.client.com).
Is there any way that Cloudflare can be used in this fashion?, this seems like a pretty standard set up for a multi tenant application that supports custom domains.
We don't need all the protection that Cloudfront offers for these client domains, but we want to use the Cloudfront nameservers for out application (mainly for fast switching of DNS records in the event we migrate servers, etc).
Any help is appreciated.
I hope it's not too late. But just found a way to do so.
You just need to add your client's domain (Add site in Cloudflare) to your account.
You don't need to change client domain's NS. So in your Cloudflare panel this domain will showing as "Pending Nameserver Update".
Next step is add the CName record to this domain.
Although the NS of client domain is not changed to CF, but CF has a lookup record as CName for it.
Hope it helps.
Just in case someone arrived here with same issue as me. Here is the answer. For short, no that won't work.
Since Cloudflare is a reverse proxy for the domain that is on Cloudflare, the CNAME redirect for the domain (not on Cloudflare) wouldn't know where to send the traffic to.
Ref: https://support.cloudflare.com/hc/en-us/articles/360017421192-Cloudflare-DNS-FAQ#CloudflareDNSFAQ-CanICNAMEadomainnotonCloudflaretoadomainthatisonCloudflare
If you don't need the CDN benefits, you can still use Cloudflare nameservers to manage your DNS zone and keep your current configuration. Just make sure the CDN is deactivated for the target subdomain in your zone (superapp.mycompany.com in your case).
You can tell if the CDN is activated or deactivated for a subdomain by looking at the cloud icon on the right of each DNS entry: if the cloud is orange the CDN is active, if it is gray, it isn't.
Cloudflare also supports external CNAME resolution in their CDN infrastructure, but it's only available for its Enterprise customers:
https://support.cloudflare.com/hc/en-us/articles/217371987-Managed-CNAME
Is it possible to move my domain from one.com to cloudflare?
If so, can I then buy an ssl from them?
Also, any resources on how to do this would be great.
My biggest concern is the downtime when switching over.
Cloudflare is not a webhost and domain registrar services are only available to Enterprise customers. It provides DNS, proxy, CDN and various other tools.
SSL is provided free to all customers on all plans, but your certificate will be shared. If you need/desire a dedicated certificate that can be purchased as an add-on to any account for $5 a month.
If you are worried about downtime when you begin routing your traffic through Cloudflare (assuming that's what you mean by "move" to) just make sure you follow steps 1 and 2 of the Cloudflare 101 tutorials in the Knowledge Base before changing your nameservers in Step 3. It should be seamless.
A little more detail to answer the follow-up:
After adding your domain to Cloudflare, and setting up your DNS records, you will be provided with details for two Cloudflare nameservers. Take them to your registrar (in this case one.com) and update your nameserver information. As soon as the changes take effect with your registrar your traffic will begin routing through Cloudflare which is waiting and ready to go.
One.com is shared hosting and you can not change DNS settings on it aside from creating new subdomains. Also, your shared host will change its IP pretty frequently, so pointing a non-one.com managed domain to your one webspace's IP will break faster than you can update it. There is a reason that you can't even see your IP in your account settings.
If you really want to use cloudflare for DDoS protection and its other benefits, one.com and most other shared hosting is not a good choice.
When you search for a new web&domain host, confirm that they allow you to move your DNS to cloudflare before you sign up.
I'm not a routing expert. But what I know: It can be a really big topic. So, I'm currently thinking about geo-load balancing and how I can provide it. You can use Route 53 to create GeoDNS lookups. And this is fine and good. But I think about CDNs. I have only two location, while CDNs have tons of locations. Why not resolving my domain www.example.com with one of these CDNs IPs directly? My frontend is static. The dynamic stuff is created by Javascript. So, is it possible to resolve my domain example.com directly with the nearest CDN IP?
What you describe is quite usual setup. On AWS, after you create CloudFront distribution, you will simply create ALIAS in your Route53 console:
www.example.com A ALIAS xyz123xyz.cloudfront.net
If you are using other CDN/DNS providers, you will create CNAME record:
www.example.com CNAME xyz456xyz.somecdn.net
It is possible to resolve your domain to only one CDN IP. And when we talk about CDN IP, it is usually virtual IP (Anycast IP) where it maps to different physical edge servers globally. Depending on where the request is coming from, that virtual IP will map to the edge server closest to the end user.
Take this domain www.cloudflare.com for example, it is on Cloudflare (http://www.whatsmycdn.com/?uri=www.cloudflare.com), and it is pointing to two Cloudflare virtual IPs for failover purpose I suppose.
dig www.cloudflare.com +short
198.41.215.162
198.41.214.162
Of course, pointing that domain to only one Cloudflare virtual IP is completely doable, although it is not desireable.
I am trying to find hosting provider for a website that is connected to cloudflare. On Whois Lookup, I get Name Server(s) NOAH.NS.CLOUDFLARE.COM
UMA.NS.CLOUDFLARE.COM
When I use this website http://network-tools.com
I get Attempt to get a DNS server for 104.XX.1xx.3x failed:
I know that cloudflare is not a hosting provider. How can I dig deep and find the actual hosting provider?
If you have some type of abuse related issue with the website in question you'll need to file a complete abuse report at cloudflare.com/abuse
In most cases there isn't an obvious way to identify the underlying hosting provider for a website behind CloudFlare. With a valid and complete abuse report they can put you in touch with the hosting provider's abuse team though.
There is a service called CrimeFlare that helps to resolve the actual IP address behind CloudFlare.
If the website owner has properly set up their website's configuration with CloudFlare. There is no way to acquire the IP through any external means (Whois, DNS, etc)
If you must send an abuse report or DMCA complaint, you can contact CloudFlare through their website and they will be able to forward it on for you.
1. Check hosting history
Services like https://toolbar.netcraft.com/site_report can help you discover the history of hostings for the website.
2. Try Cloudflare IP resolver
https://iphostinfo.com/cloudflare/ (Works as of 2019.12.10, not sure if you can trust this source in a long-term).
Enter your domain name. Click "Search DNS" and you will be
brought to a page that checks for common DNS entries. This tool was
created to help webmasters configure their domains DNS with CloudFlare
properly and is not meant to be used for abuse purposes. If you see
your servers real ip in any DNS entry, anyone can easily find your
real servers ip then.
3. Look for subdomains manualy
You can check and WHOIS the IPs for subdomains. E.g. if www.XYZ.com and XYZ.com are both behind CloudFlare, check for popular subdomains, like:
status.XYZ.com
ns.XYZ.com
beta.XYZ.com
test.XYZ.com
forum.XYZ.com
blog.XYZ.com
admin.XYZ.com
etc..
There is some chance that they will be available directly without CloudFlare.
4. Ask
You can find a way to ask them directly. Or get such information via CloudFlare if you have a legit need to know it. (E.g. by contacting cloudflare.com/abuse as suggested by #xxdesmus).
Law enforcement officials can contact us directly at abuse+law#cloudflare.com. You must include your badge & case number when contacting us to receive a response.