Is cloudflare not hiding your website’s IP location and web host

Many people choose to hide their website’s IP address mainly due to security and privacy reasons.
Properly configuring cloudflare is important if you want to avoid information leakage.

Merely enabling cloudflare is not enough. See for example the case below

cloudflare ip leakage

Clearly from the Nameservers and CDN it is evident that the above site is using cloudflare but it is still leaking website / server IP address and the web host which is Bluehost.

Some tools are more effective than others. The tool in the example above is from the following site https://hostadvice.com/tools/whois

Checked it using a different website http://www.whoishostingthis.com but this one wasn’t good enough to detect the real IP and web host provider for the same website.

cloudflare hidde ip

Ideally this should be the result if you want to completely hide your website’s IP and other info like web host provider (see the image below)

cloudflare hide info

104.25.138.7 is cloudflare’s IP address and not the website or server IP address.  Location is also cloudflare’s IP location. So in the above example server’s real IP, location and web host is hidden behind cloudflare and no information is being leaked.

So if you are wondering how to avoid the leakage then here is how, its very simple.

cloudflare anonymous setupcloudflare anonymous setup

If the cloud is orange it means traffic is routed through cloudflare and if its grey then it means it is not hidden behind cloudflare in other words traffic will not pass through cloudflare system.

cloudflare config

When you setup cloudflare, by default it enables cloudflare (orange cloud) only for “A record domain name” in this case its marxtudor.com and the www record. Other records like webmail, ftp etc.. have grey cloud by default.
Tools like https://hostadvice.com/tools/whois target those records thats why it was able to find out the IP and web host in the example I already showed you above. So what you can do is click on that grey cloud and toggle it to orange, do it for each one of them. Alternatively you can also delete all those records which has the Cloud Option except your main domain and www record.

Note: No matter which method you choose, whether choose to delete the records or you enable the orange cloud for all the other records like mail, ftp, cpanel; they wont be accessible via domain name, for example cpanel.your-domain-name would not work but you can always access those using IP address, for example cpanel.your-website-ip-address would work fine, in case of FTP client like filezilla enter the website’s IP address instead of the domain name.

If you just found out that in spite of using cloudflare your website’s IP was still being leaked and you followed this method, you won’t see the result straight away. It would take 15 to 30 days for the information to update everywhere but eventually after 15 to 30 days or may be less when you check your site again it would all be hidden.

 

Previous Post
How to examine if your computer is infected
Next Post
Deep Web Dark Web and Darknet explained in detail

Related Posts

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Menu