Find server IP behind proxy?

Object

?
Nov 10, 2017
142
45
Hi every1

I've recently come across people claiming they can get past cloudflare, and therefore obtain the real server ip of in this case a hotel.

Some of them be claiming they be using Wireshark, but when I'm logging traffic the only results I receive is cloudflares IP addresses, which is ofc expected, since cloudflare is setup.

I'm worried due to, if people can just bypass cloudflare like it was nothing, even with the pro version, then that means they should be able to get any hotel IP they'd like including ofc the one I dev for - So if any of you out there are experts, can yall let me know how to make sure the server IP doesn't get leaked somewhere along the line, and stay proxied?

I've looked into CF argon mode, which should obfuscate the IP, but to me that seems rly drastic especially if you pay for the pro plan already

Thanks!
 
Last edited:

Johno

iFast - Insanely Fast Hosting & Servers
Sep 12, 2011
450
171
Cms make no sense lmao
Actually, it makes perfect sense, I have had a few customers complain of this and found shall we call it a bug in their CMS that prints the $_SERVER var, so even if you hide behind Cloudflare and someone triggers that it shows you the hosting servers IP

Care to retract that?
 

Object

?
Nov 10, 2017
142
45
Actually, it makes perfect sense, I have had a few customers complain of this and found shall we call it a bug in their CMS that prints the $_SERVER var, so even if you hide behind Cloudflare and someone triggers that it shows you the hosting servers IP

Care to retract that?
Was this specific to cosmic or was it another CMS? I mean i'd be nice for people using cosmic to know about this if there's such issue
 

Johno

iFast - Insanely Fast Hosting & Servers
Sep 12, 2011
450
171
Was this specific to cosmic or was it another CMS? I mean i'd be nice for people using cosmic to know about this if there's such issue
I have seen it on a few CMS, mainly edits. I am not longer involved directly in the community, only when a customer pays me for an extra service.

The best thing to do is check your access logs for any type of vars that you would not expect to be set to rule things like this out.
 

Raizer

Member
Feb 21, 2019
98
58
Was this specific to cosmic or was it another CMS? I mean i'd be nice for people using cosmic to know about this if there's such issue
There is no issue with Cosmic and getting real IP. Cosmic always looking for the proxy IP, called CF_Connecting_IP. When this IP isn't sended by your webserver which gets this information from Cloudflare it shows your original IP. Because the user should have the choice whether to use cloudflare or not.

So, don't complain Cosmic but your webserver for it :)
 

Object

?
Nov 10, 2017
142
45
There is no issue with Cosmic and getting real IP. Cosmic always looking for the proxy IP, called CF_Connecting_IP. When this IP isn't sended by your webserver which gets this information from Cloudflare it shows your original IP. Because the user should have the choice whether to use cloudflare or not.

So, don't complain Cosmic but your webserver for it :)
I never said it was, I was asking Johno since he referenced it (to my understanding) like it was something in Cosmic, and yet again it's still my friends hotel I'm simply asking cus im curious / concerned on the subject - Im sure if you read my message just 1 more time, you'd see "Was this specific to cosmic or was it another CMS?"
 

Raizer

Member
Feb 21, 2019
98
58
I never said it was, I was asking Johno since he referenced it (to my understanding) like it was something in Cosmic, and yet again it's still my friends hotel I'm simply asking cus im curious / concerned on the subject - Im sure if you read my message just 1 more time, you'd see "Was this specific to cosmic or was it another CMS?"
My reply was for

Johno

 

Liam

Moderator
Staff member
FindRetros Moderator
Apr 10, 2013
916
433
Refrain from going off-topic/insulting each other. Assuming we're all adults here, you should know how to behave.

If you have nothing nice to say, or nothing that helps the OP, don't bother saying anything at all.
 

ElMayor

New Member
Jul 20, 2014
8
1
If you're using flash the ip will for ever be discovered even with a simple netstat -n in CMD. If you use nitro-only using cloudflare in nitro you ip is very "secured" even tho in internet nothing is secured enough.
 

Kakan

New Member
Aug 28, 2021
4
1
If you're using flash the ip will for ever be discovered even with a simple netstat -n in CMD.
that's not true. a client sends their request to the proxy, the proxy sends the client's request to the end server. the client isn't actually in contact with the end server, but rather the proxy server. thus, the client will never know the end server's address.
 

ElMayor

New Member
Jul 20, 2014
8
1
that's not true. a client sends their request to the proxy, the proxy sends the client's request to the end server. the client isn't actually in contact with the end server, but rather the proxy server. thus, the client will never know the end server's address.
And you think a TCP Proxy will save you? Most of the proxy retro use are useless because all the same traffic are still reaching the server. That’s why I stopped using TCP Proxy and got good at iptables.
Post automatically merged:

And you think a TCP Proxy will save you? Most of the proxy retro use are useless because all the same traffic are still reaching the server. That’s why I stopped using TCP Proxy and got good at iptables.
I can literally take any retro flash client down rn but impossible to take down the beta/nitro client with the web sockets under cloudflare because in fact cloudflare is a beast of a proxy.
 

Kakan

New Member
Aug 28, 2021
4
1
And you think a TCP Proxy will save you? Most of the proxy retro use are useless because all the same traffic are still reaching the server. That’s why I stopped using TCP Proxy and got good at iptables.
sorry but yikes, you truly do not understand how a proxy works. i'll explain it again:

client A sends "hi" to server A
server A sends "hi from client A" to server B
server B sends "hello to client A" to server A
server A sends "hello" to client A

of course the traffic reaches the end server, but the traffic to the end server comes from the proxy server not the client.
I can literally take any retro flash client down rn but impossible to take down the beta/nitro client with the web sockets under cloudflare because in fact cloudflare is a beast of a proxy.
no you can't.
 

Johno

iFast - Insanely Fast Hosting & Servers
Sep 12, 2011
450
171
Nothing will ever be 100% attacker proof, a simple fact there is always someone that will find a way around even the most complex setup and protection.
 

Nigo

New Member
Jun 25, 2020
19
16
And you think a TCP Proxy will save you? Most of the proxy retro use are useless because all the same traffic are still reaching the server. That’s why I stopped using TCP Proxy and got good at iptables.
Post automatically merged:


I can literally take any retro flash client down rn but impossible to take down the beta/nitro client with the web sockets under cloudflare because in fact cloudflare is a beast of a proxy.
Haha! You only can take down poor configured hotels and threatens them to send players to your hotel. You don't even know how your 'own' attack works.
 

CosmoPeak

PeakRP.com
May 15, 2016
270
262
If you're using Cloudflare for a website, another thing you can do is only allow Cloudflare IPs in your firewall or in your nginx (or other web server) config, there's a few guides online about this.
 

Users who are viewing this thread

Top