Find server IP behind proxy?

Object

?
Nov 10, 2017
142
45
Hi every1

I've recently come across people claiming they can get past cloudflare, and therefore obtain the real server ip of in this case a hotel.

Some of them be claiming they be using Wireshark, but when I'm logging traffic the only results I receive is cloudflares IP addresses, which is ofc expected, since cloudflare is setup.

I'm worried due to, if people can just bypass cloudflare like it was nothing, even with the pro version, then that means they should be able to get any hotel IP they'd like including ofc the one I dev for - So if any of you out there are experts, can yall let me know how to make sure the server IP doesn't get leaked somewhere along the line, and stay proxied?

I've looked into CF argon mode, which should obfuscate the IP, but to me that seems rly drastic especially if you pay for the pro plan already

Thanks!
 
Last edited:

JayCustom

Always Learning
Aug 8, 2013
5,425
1,342
Are you sure they aren't getting the IP Address from any websockets or the client connection?

Use a tool like mxtoolbox.com to ensure you have cloudflare setup properly.
 

Object

?
Nov 10, 2017
142
45
Are you sure they aren't getting the IP Address from any websockets or the client connection?

Use a tool like mxtoolbox.com to ensure you have cloudflare setup properly.
Everything seems proxied, I blocked multiple ips, asns etc etc, but i'll make sure to try ur suggestion! the hotel only supports nitro and the socket connection should be proxied also
Post automatically merged:

Are you sure they aren't getting the IP Address from any websockets or the client connection?

Use a tool like mxtoolbox.com to ensure you have cloudflare setup properly.
I've tried the domain, the websocket domain, and whatever might be a possibility, all returns a cloudflare name server
 
Last edited:

habbouser

New Member
Nov 15, 2020
28
3
If you are using flash client, the can see the IP in the client.

You can't proxy that with Cloudflare as far as I know. So the way to go then is to take an tcp proxy.
 

Object

?
Nov 10, 2017
142
45
If you are using flash client, the can see the IP in the client.

You can't proxy that with Cloudflare as far as I know. So the way to go then is to take an tcp proxy.
Im not taking about my hotel specifically, but thx i do use a tcp proxy also on the hotel u dev,as we offer both but the hotel struggling only offer nitro.
Post automatically merged:

Ignore the trolls. Worry when you get dosed :down:
I would rather be prepared, as they already ddosing the hotel that supposedly had their ip exposed even tho theyre using CF pro, everything seems proxied, and when I use wireshark i only receive the CF Ip.
 

Object

?
Nov 10, 2017
142
45
^^^^

some people in this community are just sad little bums and they'll just boot somebody for the fun of it, if somebody REALLY wants to boot you, they'll find a way how to
Yes sadly some people behave dumb in this community, but this still doesnt change the fact im asking for people with this certain knowledge how to make sure the IP doesn't get exposed behind cloudflare, I dont want to worry once shit hits the fan, im also intererested in learning how just cus im interested.

I'm not trynna be a dick or anything, but for future people commenting here, please just comment if you have something useful information toward my question(s) I want to keep this on topic
 

habbouser

New Member
Nov 15, 2020
28
3
Im not taking about my hotel specifically
Aahh, I tought because it is in the habbo retro section.

However, if it is not about a hotel. Mostly they can't get you IP and they are just threatening.
Unless your IP is leaked or leaking somewhere (like for example in the flash client). But also as mentioned above, for you mailserver.

So if you've configured it right, no worries.
 

Object

?
Nov 10, 2017
142
45
Aahh, I tought because it is in the habbo retro section.

However, if it is not about a hotel. Mostly they can't get you IP and they are just threatening.
Unless your IP is leaked or leaking somewhere (like for example in the flash client). But also as mentioned above, for you mailserver.

So if you've configured it right, no worries.
I am talking about habbo retros, just not my own hotel specifically.
 

boz

don daddy
Mar 23, 2021
106
32
Have they exposed the real ip of the server yet? Or are they just saying that they can? Was cloudflare setup from the getgo if not they can use securitytrails which shows all ips of the domain if it was active before enabling cloudflare.
 

Object

?
Nov 10, 2017
142
45
Have they exposed the real ip of the server yet? Or are they just saying that they can? Was cloudflare setup from the getgo if not they can use securitytrails which shows all ips of the domain if it was active before enabling cloudflare.
I mean it's one of my friends which originally started having the issue. I've been on his Cloudflare, setting it up further, like tarpitting bots, geo-blocking, firewall rules u name it, they claimed they got the real IP through Wireshark, but I've tried that myself which only returned Cloudflare IP which was expected.

Cloudflare tried themselves, the same result as me

But they claim to have to IP and the server did get hit by DDoS the owner even got an email from the provider about them being hit by a large attack.

I've already checked on many DNS history sites (including) security trails, every site returns the same output, either no records or Cloudflare nameservers.

I've tried multiple sites/tools which should be looking for the wrong setup, vulnerabilities, etc everything without any luck so far.
 

boz

don daddy
Mar 23, 2021
106
32
I reckon he's not setup CF from the start, just tell him to request an IP change from his server provider and if CF is already setup I hardly doubt they'd be able to find new one, if they do then smt's v wrong
 

Fxxxx

Active Member
Jul 1, 2016
131
45
Hello, Object.

If you successfully linked your Cloudflare with your domain name servers and pointed it towards your web server there should be no way the attacker would obtain your server's ip address through your domain.

What type of attack is it? @Object
 

Object

?
Nov 10, 2017
142
45
Hello, Object.

If you successfully linked your Cloudflare with your domain name servers and pointed it towards your web server there should be no way the attacker would obtain your server's ip address through your domain.

What type of attack is it? @Object
Hey, Thanks for your reply. I'm unsure which type of attack it was exactly, but it sent almost 12m requests directly to the origin IP. But after further investigation, it might have been something caused by the owner himself, as those people ddosing his hotel seems very obsessed with him, therefore while he changed server they might have just been waiting for the maintenance to go off, and then if he didn't put Cloudflare before changing his domain to the new server, they probably grabbed the IP before Cloudflare got activated. - That's atleast my current guess atm
 

boz

don daddy
Mar 23, 2021
106
32
Hey, Thanks for your reply. I'm unsure which type of attack it was exactly, but it sent almost 12m requests directly to the origin IP. But after further investigation, it might have been something caused by the owner himself, as those people ddosing his hotel seems very obsessed with him, therefore while he changed server they might have just been waiting for the maintenance to go off, and then if he didn't put Cloudflare before changing his domain to the new server, they probably grabbed the IP before Cloudflare got activated. - That's atleast my current guess atm
Sounds like that's what happened tbh
 

Joe

skrrt
Jun 10, 2012
3,951
1,824
Hey, Thanks for your reply. I'm unsure which type of attack it was exactly, but it sent almost 12m requests directly to the origin IP. But after further investigation, it might have been something caused by the owner himself, as those people ddosing his hotel seems very obsessed with him, therefore while he changed server they might have just been waiting for the maintenance to go off, and then if he didn't put Cloudflare before changing his domain to the new server, they probably grabbed the IP before Cloudflare got activated. - That's atleast my current guess atm
Always setup the domain and CF before adding the server IP.
 

Users who are viewing this thread

Top