Im using cloudflare and 100% sure my real server IP address is not leaked . I checked it out with various tools . the real IP address isn't register in DNS history at all but when I check the server logs , saw a lot of suspicious requests that doesn't come from cloudflare hit my server. How could this happen ?
Related
Hi Our site is based on Smartphone, Laptop, Gadgets Specs, Price
and we are using Linode server to get host our site but same sit opening in Linode rDNS, due to this most of our links such as https://www.pdevice.com/product/samsung-galaxy-s20-ultra-5g-price-specs opening with Linode domain address, we also contacted to them they have told us that, It looks like "pdevice.com" is your domain name but since it's pointing to CloudFlare's IP, you would need a work around in regards to setting reverse DNS. An option would be to create a subdomain and point this to your server's IP address. You may be able to get around this by having the "www" record for your domain point to your server's IP addresses rather than Cloudflare's IP addresses. and as we told we are using Cloudflare to provide CDN and DNS so how to solve this isse we can't recognize, because it shows issue while past RDNS to Subdomain.pdevice dot com, so how to do this with our server.
My .Net website uses WebClient to download a resource from another server. I am receiving "403 forbidden" responses from the remote server.
I think there is some sort of firewall issue as the requests work from my home development environment but the same requests are refused when my site is deployed to a web hosting company. I want to find the IP address that the refused requests originate from.
My question is this: is there a way to programatically find the actual source IP Address used by WebClient when it made the request?
I know the public IP address of my website but this might not be the same address WebClient would use for outgoing traffic. Unfortunately I have very limited access to the hosting company shared server and can't see any IIS logs or any other logs of incoming or outgoing traffic. Hence I am trying to get this IP address programatically.
I have seen SO questions on how to request a specific outgoing IP using BindIPEndPointCallback, but none on how to discover an actual actual IP used.
How do you hide an origin server behind CloudFlare and still be able to send transactional emails via providers like Sendgrid, Mailgun, etc.?
My problem is that when I send an email it seems that a Received: from line is always added to the message, revealing my origin server's real IP.
I tried it with Sendgrid, both via JSON API and SMTP endpoints, but it's visible in both cases.
How do you solve this problem?
Are there some transactional email providers which do not append this line?
Do you use some complicated setup with a distributed message queue and a worker running on a different host with different IP, only for sending emails?
Do you connect to the providers via a proxy / VPN? Is there such a thing as proxy for SMTP?
In your case we recommend running your email through a different server. You can find some guidance in this KB article. If your IP is still leaked you should contact Cloudflare support.
Run email on separate server/service If you are running your mail on
the same server as your website, then the attacker can always find
your origin server IP. To close this possible security gap, you can
use an email service on a separate server than your website, whether
through your hosting provider or an outside service (e.g., Google
Apps).
For Mac users:
You can run this command in Terminal to see what IP is being reported
with your MX records:
dig +short $(dig mx +short WEBSITE) For example, if I was concerned
about example.com, I would enter:
dig +short $(dig mx +short example.com) The output will be an IP
address. This is the IP address that an attacker can always find. You
want to make sure this IP address is different that the IP address for
your web server. Otherwise, no matter how many times you change your
web server, if your email is also on the same server, then the
attacker can always find the new IP.
For PC users:
You can run this command in command prompt to see what IP is being
reported with your MX records:
nslookup -q=mx WEBSITE For example, if I was concerned about
example.com, I would enter:
nslookup -q=mx example.com The output will be an IP address. This is
the IP address that an attacker can always find. You want to make sure
this IP address is different that the IP address for your web server.
Otherwise, no matter how many times you change your web server, if
your email is also on the same server, then the attacker can always
find the new IP.
I got a bounce message today from a client. In the bounce notice it shows:
The error that the other server returned was:
554-Service unavailable; Client host [mail-io0-f178.google.com] blocked using
554-Barracuda Reputation;
554 http://www.barracudanetworks.com/reputation/?r=1&ip=38.116.199.194
And further down where it shows the original message it says
Received: from Macbook-Pro-Retina.local ([38.116.199.194])
The above is a blocked Russian IP Address. Normally the source of my messages shows:
Received: from Macbook-Pro-Retina.local
(CPE0016cbc430da-CMf0f249004a80.cpe.net.cable.rogers.com. [174.119.**.**])
The 174.119 is my normal external IP address and shows in the source of any message I send. Also I use Google apps for all my mail so its going through their server.
So the question is, is the bounce message a result of an issue on my local machine or does it have to do with the client's server?
38.116.199.194 IP address is part of a 38.0.0.0 - 38.255.255.255 range allocated to Cogent (ARIN WHOIS). A part of this range, 38.116.198.0/23 subnet is operated by MaRS Discovery District.
It appears that your computer was connected to the MaRS Discovery District's network when you sent the email. Maybe you were using their Wifi at the time or maybe some (malicious) software on your machine was routing traffic via that network unbeknownst to you.
I'm using a DNS service and so far I've successfully hid my server's IP address from appearing to the public (including nslookup to all my subdomains).
The only problem is that my server's IP is still showing in the email header of every sent email. Is there a way to hide it from appearing or change it to something else?
I'm using CloudFlare service, as for my email service I'm using qmail.
Why do you want to hide your SMTP server? I don't believe it's possible to hide your IP completely because the receiving server has to know where the connection is coming from for TCP/IP to work (in the same way that your browser has to know an ip address for google.com to load the page). So the receiving server will always know the ip address even if you don't put it in a header.
There are many services that provide SMTP servers if you do not want to use your own and expose it to the world. I'd recommend exploring these options if privacy or security is a concern.