Blog - Full Content with Sidebar

What Is Ripple XRP And How To Buy It In India

January 4, 2018

Ripple is a real-time gross settlement system (RTGS), currency exchange and remittance network. Also called the Ripple Transaction Protocol (RTXP) or Ripple protocol, it is built upon a distributed open source Internet protocol, consensus ledger and native cryptocurrency called XRP (ripple).

The Main use case of Ripple is Global / cross border payments. Its competitor is SWIFT
Ripple is a cheaper alternative to SWIFT
Banks use SWIFT to make cross border payments. SWIFT takes 1 to 3 days or even more depending on your bank and location.
With ripple the transfer is instant and cheaper.

SWIFT has been enjoying monopoly for a long time, now it is facing the heat as banks are showing interest in ripple.
Even though SWIFT may seem obsolete, like a bullock cart in the digital age, it all comes down to adoption,

Some of the previous big news regarding ripple :
Ripple expands into India, opens office in Mumbai with former banking executive Navin Gupta as lead operations in the country. Gupta has multiple decades of experience in global banks including HSBC and Citibank.

Zoe Cruz joins Ripple Board of Directors.
-senior banking executive and former co-president of Morgan Stanley

“SBI Ripple Asia has signed a partnership agreement with some of the largest credit card companies in Japan ‎in a bid to bring Ripple’s enterprise blockchain solutions to the Japanese market of payment cards.”
http://www.sbigroup.co.jp/news/2017/1227_10934.html

Ripple is now mainstream with mainstream media Nasdaq and CNBC talking highly of ripple.

I am not a financial advisor invest at your own risk, do your own research. I didn’t believe it could go to 2 USD this year neither did other cryptocurrency enthusiasts because of the high supply but it did and one big reason is because institutions and media are talking positively about it and this is exactly what happens when big institutions come on board.

Ripple is centralized thats why many cryptocurrency enthusiasts who believe in decentralization don’t like ripple but the banks like it.
Right now ripple seems to the strongest contender which would surpass bitcoin’s market cap in the future. (market cap not price).

One thing you need to understand is that Ripple payment network and XRP which is native currency of ripple are not the same. It is not necessary that if banks use Ripple network they would have to use XRP currencry too. They may choose to not use XRP currency and just use Ripple network / protocol. Still if ripple gets popular its likely that its native currency XRP would also rise.

So How to buy ripple ?

You can buy ripple using your credit card from cex
Just add your credit card deposit the money in your cex account and you are good to go.

Now if you dont have a credit card then first you need to buy bitcoin and then purchase ripple using bitcoin.
In India you can buy bitcoin from
Localbitcoins
or from
Unocoin

After buying bitcoin you can transfer your bitcoin to Binance
After you receive bitcoin in your binance account then you can easily purchase ripple from there.

Here is a video tutorial

If you want to store ripple (XRP) for long term then you should either buy a hardware wallet or store ripple in offline desktop wallet like rippex

No Comments

How to buy Ethereum ETH in India

December 30, 2017

Ethereum in India can be bought from cex. All you need is a credit card. Add you credit card on cex.io and deposit the money in cex account.
After that you can purchase Ethereum ETH.
If you dont have a credit card then you would first have to buy bitcoin, then convert bitcoin to ethereum.
Below is a detailed video on how to buy ETH or ethereum.

In the video I used shapeshift to convert bitcoin to ethereum. Instead of using shapeshit or changelly you can also buy Ethereum from binance
All you have to do is signup on binance and then send bitcoin that you purchased from unocoin, zebpay or localbitcoins to the bitcoin wallet at binance and then purchase ethereum using bitcoin.

If both the options are open to you then the decision of whether to buy using credit card or using bitcoin should depend on cex fee and the current price of bitcoin. So you would have to do some math here to determine which option would be more profitable depending on the current market price. Although the deposit fee is 3.9% on cex but in India bitcoin price is usually higher than the price on the western exchanges. Therefore check the price at with you are buying bitcoin from Indian exchanges like unocoin or zebpay, also keep into consideration that when you send bitcoin to binance or other exchanges to buy Ethereum, a bitcoin transaction fee is charged, unocoin charges a fee of 0.0005 to 0.0009 BTC.

If you want to hold ethereum for long term then instead of keeping it on exchanges like cex or binance it is safter to store ethereum in myetherwallet.com
After signing up on myetherwallet don’t forget to save your private key and Keystore file. Store it in a safe place, you can also password protect it using winrar or sevenzip for extra security.

No Comments

What is an ICO and how to minimize the risks

November 28, 2017

Initial coin offering (ICO) is when a company or startup sells a new cryptocurrency or token for the first time to the public to raise money. It is basically crowdfunding. The concept of ICO comes from IPO (initial public offering) which takes place in case of stock markets.
An initial public offering (IPO) on the other hand is the first time that the stock of a company is offered to the public to raise money.
Both sound similar but they are not exactly the same but still it gives you a general idea.

There is another term known as the ‘ICO pre sale’ or ‘pre sale’ which takes place before the main ICO.

The ICO price of a cryptocurrency / token is generally low but investing in ICO’s is also more risky, you are basically investing in a startup that has no finished product just the promise, so thorough research about the project must be done before investing in an ICO.

These days Ethereum (ETH) is the primary cryptocurrency which is being used to sell tokens during an Initial coin offering (ICO).

Few days or weeks after the completion of the ICO the token gets listed on the cryptocurrency exchanges where it can be traded ( bought and sold).
The price on the exchange could either go up or it could even go below the ICO price, it all depends on the demand, hype, news and other factors surrounding a particular project.

What is the advantage of investing in an ICO ?
Risk to reward ratio – Because the price is low during the ICO phase, you can buy more with less money and if the price of the cryptocurrency rises in the future you can get massive returns.

What are the cons ?
Market is driven by greed, new ICO’s keep springing up every day and it is difficult to tell if this particular project is going to deliver what they promise or whether this project would be a success or not, you could loose money very easily especially if you are new to cryptocurrency market.
There have been scam ICO’s which were just setup to take money. At the moment cryptocurrency market and community as a whole is new and not mature enough so its easy for someone to make a nice looking website, write down a few nice things and make you put your money on the table

I know the risks and I still want to invest in the ICO
* To minimize the risk you need to research.
* Check out the team which is involved in the ICO project. Look for possible red flags. Look at the development team whether they are qualified enough.
If the team members are unknown and you cannot verify if the info is true, they don’t have any linkedin or other profiles then that is a red flag.
* If you find any one in the team that is renowned or powerful, (for eg, someone who works in the government or is CEO, ex-CEO, VP of some renowned company, or it is Vitalik Buterin himself in the team of advisors) then that is a positive sign but this alone is not enough.
* Think about what problem this project is going to solve, what is its use, what industry could it possibly disrupt and what are its current competitors.
* Read the project’s white paper.
*Determine if the project really needs blockchain ? Many companies just want to join the blockchain bandwagon.
* See what people are saying about the project or ICO on reddit, facebook and others forums.
* Ask questions on the project’s reddit, telegram or facebook and see if they are able to answer your questions.
* See the hard cap of the ICO, hard cap means what is the maximum amount of money that the project aims to raise, if the amount of money is ridiculously high then that is a red flag. There was a fraud ICO named Tezos which raised $232 million (too high). The money raised during an ICO is meant for the development of the project and not to fill anybody’s pocket. There are many kinds of costs involved for example – hiring new people, buying things necessary for the project, marketing cost etc..
* Don’t get burned during the dump. The ICO’s which have a lot of hype around it, when it hits the exchanges its price rises and when it does the initial investors who bought it during the ICO phase tend to dump or sell their holdings in order to make profit. Now whether you want to sell it early or you want to hold it for the long term is entirely up to you.
* Put the amount of money that you can afford to loose.

No Comments

How to disable direct IP access in vestacp centos server

April 27, 2017

If you want to disable access to your website or domain through the IP address of your server then you can follow the steps below.

Log in to your server using putty (SSH).
After that you need to access httpd.conf file. The location of httpd.conf may vary. In this case – VestaCP is installed on Centos server and the location is- /home/admin/conf/web/
Use the following command to go into the directory which contains httpd.conf file
Note: If the username is something other than admin then replace admin with the appropriate username.

cd /home/admin/conf/web/

After this to edit httpd.conf file use the command given below

vi httpd.conf

Now you can edit the file using vi editor, below is an example of httpd.conf file

Add the code at the beginning of the file everything else remains the same. Below is the code.

<VirtualHost 5.5.5.5:8080>

ServerName 5.5.5.5
Redirect 403 /
ErrorDocument 403 "No"
DocumentRoot /dev/null/
</VirtualHost>

Note: Replace 5.5.5.5 with your server IP address.

Save changes and then restart httpd using the below command.

service httpd restart

Now if any one types in your server’s IP address then rror will be shown and your website will not be accessible using the IP address of the server.

No Comments

How to load a different header for a wordpress page

March 21, 2017

How create a separate header for a wordpress page that gets loaded whenever someone opens that page.

Create a new file and name it header-YourFileName.php
header- should be as it is after that you can put any name you want.
For example: header-mycustomheader.php

The code which you want to put into the header file depends on you. You can even copy all the code from the original wordpress header.php file and paste it inside your custom header file which is header-mycustomheader.php in this example.

Next thing you should do is upload the file in the template directory which is usually wp-content/themes/theme-which-you-are-using.

After you upload the custom header file go into the wordpress admin dashboard, Appearance then Editor.
Look for page.php file.

The code inside page.php may look different depending on the theme which you are using but one thing you should look for is the get_header(); function.

Replace get_header(); function (which is used to call the default header.php file) in the page.php file with the code below.

if(is_page(page-id-here)) {
get_header('mycustomheader');
}
else {
get_header(); 
}

In the first line you need to put the page id of the page for which you want to load a different header.
How to find the Page ID:

Just go to Pages and from the list Edit the page for which you want to display a separate header. In the above example 247 is the page id.

The code should be within PHP’s opening <?php and closing ?> tags.
The above code means, if page id is 247 then load mycustomheader.php file for that particular page if not then execute get_header(); which loads the header.php file (theme’s default header).

If you want to enable it for multiple pages then below is an example code.

if(is_page(247)) {
get_header('mycustomheader');
}
elseif(is_page(105)) {
get_header('mycustomheader');
}
elseif(is_page(199)) {
get_header('anothercustomheader');
}
else {
get_header(); 
}

No Comments

How to easily migrate wordpress website to another server

March 18, 2017

How to move your wordpress website without uploading or downloading any backup file.

This tutorial would work for you if you want to:
* Migrate an existing wordpress website to a different server.
* Migrate or move your existing wordpress website to a different server with different domain name or address.

First login to your wordpress dashboard and install the plugin named “UpdraftPlus”
https://wordpress.org/plugins/updraftplus

After activating the plugin you need to configure it to work with Google Drive.
Below is the video showing how to configure this plugin.

Don’t want to watch the video, then follow the link below for text instructions.
https://updraftplus.com/support/configuring-google-drive-api-access-in-updraftplus

After you successfully configure the plugin, click on backup now and the backup files will be sent to Google Drive
https://drive.google.com/drive

Now log in to the new server where you want to move your existing website. You might be using cpanel, vestacp, any other control panel or just SSH, doesn’t matter. All you need to do is install wordpress on that server.

You would need to point your domain name to the server where you install wordpress. Nameservers / DNS takes some time to update.

Visit the website and log in to the wordpress admin dashboard.

Now go to plugins then click on add new and search for “UpdraftPlus”. Install and activate the plugin.

After activating the plugin visit Google API Console https://console.developers.google.com the same developer console using which you configured the UpdraftPlus plugin.

Click on Credentials and then UpdraftPlus

Copy Client Id and Client Secret

Go to the settings page in the UpdraftPlus plugin, select Google Drive , paste the Client Id in Google Drive Client ID field and Client Secret in the Google Drive Client Secret field.
Click “save changes” situated at the bottom of the page.

Allow access

Click on Existing Backups then Rescan remote storage

Existing backups from Google Drive will be fetched. Click on Restore.

Make sure all those boxes are checked from plugins to database. Click on Restore button.

Again click on restore (ignore any warnings you get).
After the restore process you would be logged out.

In case you migrated the website and kept the same domain name then nothing more needs to be done and you can now log in to your wordpress site using the username and password of the website you migrated.
But;
If you migrated your wordpress website and there is a change in domain name or address then you need to update your wordpress site url and database.

Go to file manager or you can use ftp client like filezilla to access wordpress directory.
Open wp-config.php file and at the top of the file just below the <?php
add the following two lines

define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');

Replace example.com with the new domain name or website url.

Now you will be able to access wordpress admin dashboard.
After logging in go into Plugins then Add New and search for the plugin named Search and Replace.
https://wordpress.org/plugins/search-and-replace

Since there is a change in your website address and the old database has the old links we need to replace them with newer ones.
Go into tools and click on Search and Replace.

Replace old-domain.com with the domain name of the website you were using before you migrated the site and replace new-domain.com with the new website address that you are currently using. Make sure there is no white space.
‘Select all tables’ and to be on the safe side check the box ‘Dry Run’. Dry Run works like preview. Click on ‘Do search and replace situated at the bottom of the page with Dry Run checked’. Then at the top of the page click on View details the changes will be previewed.

If the result of Dry Run seems fine then go ahead and uncheck Dry Run and check the radio button “Save changes to the Database”. This time the changes will be saved inside the Database and the old value which is your old domain name will be updated to the new one. Nothing more needs to be done this ends the migration process.

No Comments

Deep Web Dark Web and Darknet explained in detail

March 12, 2017

Deep Web or invisible web is simply anything which the search engines cannot index. There are several search engines like google, Bing, Yahoo etc.

On the other hand anything that comes up on the search page and anything that is capable of being indexed by search engines like google comes under Surface Web, visible web, clearnet, indexed Web or Indexable Web.

Websites like google, youtube, facebook, twitter, amazon, news websites like BBC, your online banking website etc.. all come under surface web.
But;
The database where your personal information is stored falls under Deep Web because it is hidden and cannot be indexed by google. Can you search your online bank account info like account number, account username, password and other such details on google ? Simply no. Its another thing if someone is stupid enough to put those details on a public website or forum which then comes up on the google when searched.
So Deep Web consists of information that is beyond the reach of search engines. More examples are corporate databases, government databases which contains sensitive information, a closed facebook group whose contents doesn’t show up on google but you can access the group if you are logged in and you are a member of that group, password protected pages, subscription-only information.

How big is the Deep Web ?
Deep Web is much larger than surface web. It is said that Deep Web is 96% whereas Surface Web is only 4%. The numbers are not 100 percent accurate but it is used in a sense to give an idea of how large Deep Web is as compared to the Surface Web.

Dark Web
Now that you have an idea of Deep Web and Surface Web, it is time to look into Dark Web or Darknet.
Some people use the terms Deep Web and Dark Web interchangeably as they don’t understand the key difference or they get confused because both look like nearly the same from the outside and also have some things in common; Just like the content of Deep Web cannot be indexed by search engines like google similarly the content of Dark Web or Darknet is also hidden and cannot be indexed still interchanging the two terms is inaccurate.
Dark Web (also called Darknet) is a small portion of Deep Web. You need specific software, configurations or authorization to access Dark Web, software like TOR browser, I2P and FreeNet.
Darknet and Dark Web are used interchangeably, though to be more technically precise Darknet is a network while Dark Web is a portion of World Wide Web just like Surface Web which is also a part of World Wide Web. In other words you can say Dark Web exists on Darknet (network).

How to access Dark Web ?
Dark Web is accessed via darknet such as TOR. Darknet is simply a network that supports or provides a way to communicate and access Dark Web content.
To access Dark Web you need to download TOR browser https://www.torproject.org/download/download-easy.html.en Once you install TOR browser you can search for “Hidden Wiki” which is like a small directory that contains links to some websites on the Dark Web, it is just the starting point. If you search ‘hidden wiki’ on google you would find many sites providing links to hidden wiki and other Dark Web / Darknet sites.

Other ways of accessing Dark Web are apps like FreeNet and I2P but TOR is more famous among the internet community.
The full form of Tor is The Onion Router and the links to Dark Web sites ends with .onion suffix just the like links to surface web sites may end with .com, .net, .org etc..
Normal browsers like internet explorer and firefox cannot open .onion links. TOR is one of the most secure browsers it changes your IP address / location and provides you high level of anonymity plus don’t even think of accessing the Darknet without Tor browser.

A lot of criminal and illegal activity goes on inside the Dark Web / Darknet whatever you want to call it. FBI and NSA do monitor the Dark Web.
Some of the illegal stuff inside Dark Web:
* Drugs / Narcotics.
* Child Pornography
* Disturbing videos, animal abuse videos
* Stolen Credit and Debit Card info
* Weapon / Arms Market

An example of Darknet’s illegal weapon market

* Fake ID’s

* Counterfeit currency

Is it illegal to access Dark Web/Darknet ?
It is not illegal to access the Dark Web but you should be careful, do not download anything from sites with illegal stuff, don’t do anything that makes the authorities take an interest in you. Its another thing if you unintentionally come across an illegal website but don’t browse the illegal websites. Some sites on the Dark Web are honeypots or baits set by the law enforcement agencies to lure the criminals. Dark Web also consists of some of the finest hackers, don’t click on just about every random link you find inside the dark web, you might get your PC infected with some malicious code or zero days, chances are very slim but still no harm in being careful.

Why is there more illegal stuff in the Dark Web as compared to Surface web ?
Darknet (Tor) provides a very high level of anonymity and it is very difficult to track / trace anyone inside TOR network that is the Darknet. It can be used to create sites that cannot be traced, you can’t just do a simple whois search and try to find out the server IP and location, everything is anonymous.
Even with the hacking capabilities that NSA has it is difficult to trace every person and every illegal website inside the Dark Web. It takes time, resources and money.

How is the illegal stuff sold inside the Dark Web ?
Payments inside Dark Web were initially made using Bitcoin whose ledger is public but after the emergence of privacy focused cryptocurrencies like monero the preference shifted towards it.
Your credit card / debit card info has some personal details about you it is also linked to your bank account and can be easily traced back to you but the Bitcoin wallet address using which you can send and receive bitcoins doesn’t have any personal info its just a unique address (for example: 4rEiV9BiJmhfYhE7MzsSdmH82xRYrbYrtb)

How is the illegal stuff shipped ?
Many say it can be shipped in the US via USPS courier, which is one of the ways, unlike other couriers that can be inspected by postal officers and courier companies themselves if they sense anything suspicious First-Class USPS provides enhanced protection of the 4th amendment of the US constitution and cannot be opened by anyone. The law enforcement agencies cannot inspect or open the package without probable cause and warrant.

Do not buy anything from the Darknet
Yes there are legal things sold on the Darknet too but many of them are fraud and scams, you never know who the seller is could even be some criminal organization or just a random scammer. Since it is very difficult to trace anyone inside the Darknet on top of that the mode of payment inside the Darknet is Bitcon a cryptocurrency difficult to trace therefore it attracts scammers due to high level of anonymity which makes it kinda safe haven for them.
Furthermore you are associating with people who operate in black markets which is not safe.

Silk Road
Silk Road is an infamous darknet market notorious for selling narcotics, weapons, and other illegal goods.

January 2011: Silk Road was founded by a user named ‘Dread Pirate Roberts’
October 2013: FBI locate and arrest the person accused of being the ‘Dread Pirate Roberts’. Silk Road is shut down.
November 2013: Silk Road 2.0 founded.
November 2014: Silk Road 2.0 gets shut down and operator arrested.
$1.2 billion worth of goods were sold on Silk Road before it was shut down.
Silk Road 3.0 is online, source: wikipedia

Is Dark Web only used for illegal activities ?
No, in fact Dark Web is used by the government agencies themselves to communicate securely, to send and receive sensitive information which tells us how secure it can be. Therefore criminals are also attracted to the Dark Web due to the secretive nature of the network and the level of anonymity it provides.
Dark Web / Darknet is used by journalists in countries where there is no free speech and there is a fear of getting caught so they share information via the Darknet.
It is also used by whistleblowers as it protects dissidents from political reprisal.
Used to share sensitive news leaks.
Political activists in high-risk countries where free speech and dissent amounts to crime.
Used by intelligence agencies and even military to send information securely and also used for intelligence gathering.
Users who want to bypass censorship and surveillance and hide their identity online.
Many countries such as China has firewalls to limit what their citizens can see. The US government promotes and funds Tor as the tool which enables them to bypass censorship.
In 2011 Tor received FSF award for helping 36 million to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network also proved pivotal in dissident movements in both Iran and Egypt.
Darknet also has some email providers and “Sigaint” which is a darknet e-mail service is considered one of the most secure and anonymous e-mail services out here.

Who created Darknet ?
Darknet / TOR (The Onion Router) : The core principle of TOR, “onion routing”, was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online.
It was further developed by the Defense Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998.

The name of the Tor browser is derived from an acronym for the original software project name “The Onion Router“.
The Onion Routing project or TOR project was made public by the U.S Naval Research Laboratory who released the code for Tor under a free license around 2003.

Why did the government made TOR Project public it could also be used against them by criminals and terrorists ?
Some conspiracy theories revolve around this question but some of the reasons seem more logical than the others. Any piece of technology can be used by criminals as well as law abiding citizens. If only the US government or the Navy was the only one to use Tor, then obviously they wouldn’t gain any anonymity, it defeats the whole point of being anonymous. Someone (enemy spies or hackers) who noticed traffic from a Tor exit node would immediately know that someone from the government is sending those requests. So by making the public use the Tor network they are able to hide themselves among the masses. An anonymity network used only by the government would not work.
Another reason that is given is that they gave a tool to users in the censored nations to bypass censorship and to communicate securely and anonymously while some speculate that they now regret making it public as NSA is having hard time shutting down illegal websites on the Darknet. When one is shut down, another is hosted again with a new version. They wanted to offer it to journalists and whistleblowers but soon it started attracting criminals.

Can Darknet be shut down ?
There is no place where you can go to shut down the network. There is no central facility or server running the Darknet. Darknet is a network with groups of computers owned by different people around the world. If you shut down one server or computer it doesn’t shut down the whole network.
Moreover legally it is very difficult to shut it down, it goes against the laws. Yes criminal activities happen inside the dark net but it also happens on the surface web, on the phones and many other places. Any technology can be used by bad guys as well as good guys, shutting down the entire thing would amount to censorship. Moreover using the network is not illegal, the government themselves use the Darknet so it would be ironic if the US government tries to shut the Darknet.
It is possible to shut down specific sites on the Dark Web which requires incredible amounts of time, money, resources, and effort.
The combined governments of various countries have enough trouble keeping the torrent website ThePirateBay from operating on the Surface Web, now you can imagine trying to shut down an entire network of Darknet sites with encrypted communications and hidden IP addresses hosted in different parts of the world.

Misinformation about Dark Web
No doubt Dark Web has become infamous, most of the media thrives on negative reporting, sensationalism and clickbaits just because you hear everything bad reported in the media about the Dark Web doesn’t mean everything going on inside Dark Web is bad. There are so many youtube channels that spread misinformation, fake stories and hoaxes about the Dark Web along with fake videos, because of its mysterious nature people tend to take an interest in it and it sells very well. Most of those scary Darknet stories, especially those Redroom stories on the youtube channels with millions of views are false only a few of the stories are true for eg. Peter Scully’s case. Because the stories about Darknet sell so well many youtubers have made it a business doesn’t matter if those stories are true or false. This reddit group is a good place to ask questions and discuss about the Dark Web.

Does Tor provide enough security to access the Dark Web ?
Yes unless you think you are the next Julian Assange. I mean it depends why you want to access Dark Web. If you just want to go there out of curiosity and you know the basics to keep yourself out of trouble (don’t click on every random link you come across, dont share your email or other info on the Darknet etc..) then you should be fine. But if you are some journalist or an activist in a country who fears persecution or a whistleblower who is under surveillance then it isn’t recommended to use Darknet on windows operation system or on your main operating system which you usually use for day to day activities. Linux would be more secure, a special security focused Debian-based Linux distribution known as Tails https://tails.boum.org developed by ‘Project Tor inc.’ is made for specially this purpose, it is aimed at preserving privacy and anonymity.
In 2013 Edward Snowden used Tor (Darknet) to leak NSA Document. Leaked presentation revealed that NSA attacks and tries to exploit the Tor network, it considers blanket surveillance action against Tor not feasible as Tor is a powerful tool the anonymity provided by Tor makes it impossible or at least very difficult for even the NSA to know who the user is.
https://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
https://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

Is cloudflare not hiding your website’s IP location and web host

March 8, 2017

Many people choose to hide their website’s IP address mainly due to security and privacy reasons.
Properly configuring cloudflare is important if you want to avoid information leakage.

Merely enabling cloudflare is not enough. See for example the case below

Clearly from the Nameservers and CDN it is evident that the above site is using cloudflare but it is still leaking website / server IP address and the web host which is Bluehost.

Some tools are more effective than others. The tool in the example above is from the following site https://hostadvice.com/tools/whois

Checked it using a different website http://www.whoishostingthis.com but this one wasn’t good enough to detect the real IP and web host provider for the same website.

Ideally this should be the result if you want to completely hide your website’s IP and other info like web host provider (see the image below)

104.25.138.7 is cloudflare’s IP address and not the website or server IP address. Location is also cloudflare’s IP location. So in the above example server’s real IP, location and web host is hidden behind cloudflare and no information is being leaked.

So if you are wondering how to avoid the leakage then here is how, its very simple.

If the cloud is orange it means traffic is routed through cloudflare and if its grey then it means it is not hidden behind cloudflare in other words traffic will not pass through cloudflare system.

When you setup cloudflare, by default it enables cloudflare (orange cloud) only for “A record domain name” in this case its marxtudor.com and the www record. Other records like webmail, ftp etc.. have grey cloud by default.
Tools like https://hostadvice.com/tools/whois target those records thats why it was able to find out the IP and web host in the example I already showed you above. So what you can do is click on that grey cloud and toggle it to orange, do it for each one of them. Alternatively you can also delete all those records which has the Cloud Option except your main domain and www record.

Note: No matter which method you choose, whether choose to delete the records or you enable the orange cloud for all the other records like mail, ftp, cpanel; they wont be accessible via domain name, for example cpanel.your-domain-name would not work but you can always access those using IP address, for example cpanel.your-website-ip-address would work fine, in case of FTP client like filezilla enter the website’s IP address instead of the domain name.

If you just found out that in spite of using cloudflare your website’s IP was still being leaked and you followed this method, you won’t see the result straight away. It would take 15 to 30 days for the information to update everywhere but eventually after 15 to 30 days or may be less when you check your site again it would all be hidden.

No Comments