Topic: Cloudflare Back End IP Resolver (Read 6824 times)

Yes I highly recommend you start using http://DDoS-Protection.io as soon as possible to prevent your back end from being accessed and then stored by a malicious user.

Making attacks even that much harder to mitigate.

I can help you set up the DDoS protection, and even the evaluate the security of your current website if you like.

Thanks for the feedback!

I was also willing to use cloudflare for my site. But now i just dropped that idea. Thanks for providing this info i will now try http://ddos-protection.io/
as they also provide free service to do trial.

At this time, we only have one location (montreal) which is globally very central.

http://check-host.net/check-report/95f716

As you can see getting .2second page loads on average globally.

We do have a huge EU server cluster coming in a few days which we will setup anycast on.

We also have automatic out bound load balancing.

One of the things I do like about Cloudflare though is their global CDN capabilities.  Im legitimetly interested in your DDoS Protection; however, many of my sites receive traffic worldwide on a rather routine basis so CDNs that offer facing on regional servers is ideal. 

Is your datacenter for the DDoS protection a single location or multiple spots and does it offer any CDN?  Is it easily implemented with CDN networks.  Please elaborate.

Thank you for the responses, yes you are correct if you know the back end IP of a cloudflare website there is really no point to cloudflare.

This shows why you should not use it, I include a better alternative in the OP.

Yeah.  DNS records are public, but if you have a site on Cloudflare, the DNS records resolve to A Records of Cloudflare Servers and thus the Whois data displays at Cloudflare ownership.

But like the OP mentions, it's not a perfect solution and some IP resolved can see past Cloudflare or other similar proxies.  Fuethermle, Cloudflares purpose is not to provide secrecy to you and while they don't willingly give up information, they will as necessary for malicious users or law enforcement.

thank you for great explanation, i was never thinking about cloudflare this way that i could hide my server's IP. I thought that dns records are public, but i guess it is more complicated, such service would be great which hides server ip and acts as cdn too   

So my little forums are on Cloudflare.

But when I put minerfarmforums.com into Cloudflare it can't resolve it because it says it's not on the Cloudflare network...

Yes, but if you're not familiar with Cloudflare, it is far more than just a proxy system.  That just happens to be one of their many features and also the main way that they integrate their CDN, DDoS protection, etc services.  As the original poster shows, if you can resolve the originating IP, some of the security features are worthless...but personally as a free service, it has benefits beyond just security protection and most legitimate user bases won't be actively trying to resolve your IP for malicious purposes.  They just want to see content.

Essentially, after you build a website on a server and give it a domain name, you can go to Cloudflare and have them scrape the name server records (such as A Records) that tell them what server IP address your website is on.  

Once they have that information, you can simply change the name servers to theirs and it will filter traffic through them first before rerouting it to the actual location.

Thereby, when a visitor prompts Cloudflare for www.examplecloudflaresite.com, they're directed to a Cloudflare IP address where Cloudflare first implements security features that have been activated, and then if the visitor is safe it will gather as many cached copies of content from your website off its servers as it can to quickly deliver to the visitor.  Anything it hasn't cached or is disallowed to cache such as dynamic content, Cloudflare requests from your server IP address and then passes on to the visitor.

Unlike typical proxy systems though, delivery of content is much, much faster and it's even much, much faster than delivering straight from the originating IP because of their network of servers across the globe and how they cache versions of content on those servers readily available for quick access.

The neat thing is, because you're requesting content from them and not the site directly, and because they have a copies of that content, even if your server crashes they can deliver your website even if in just a very simple, static content only method.  Plus, since traffic is routed through them, they can add on pieces of code to the website as they request it, which allows them to make adding on a variety of little apps and such like keyword advertising systems for you if you do choose.

Anyways, so yeah typically, if you use a whois type service it'll act as though Cloudflare owns the servers because it's only requesting the originating IP associated with the name servers.  There was one whois service I found that was correctly able to show the resolved IP but I don't remember.

That said, Cloudflare isn't meant to mask your identity of you abuse their services and I don't believe they'd under any obligation to keep your identity private or to keep the originating IP private of they're requested, although I believe they protect identities unless there is a reasoning for them to release the details.  And obviously, there are ways to resolve the address anyways.

It's pretty neat...and basic advantages are free.  Again, as the original poster shows, it's not a perfect system, but as for making a site more faster for your average users and protecting you from basic spam and bots, I think it works well....in fact see the next post.

cloudflare is supposed to mask server ip?

Hello,

This tool demonstrates how Cloudflare provides ZERO security.

Your back end can be grabbed if you use Cloudflare, making any potential security benefits completely null.

Here is the tool

http://orcahub.com/index.php?act=cloudflare-resolver


I know a lot of people have been looking for this, and finally here is one that actually works.


I recommend using a true protection service such as http://DDoS-Protection.io for your website, which specializes in network security.