Many people choose to hide their website’s IP address mainly due to security and privacy reasons.
Properly configuring cloudflare is important if you want to avoid information leakage.
Merely enabling cloudflare is not enough. See for example the case below
Clearly from the Nameservers and CDN it is evident that the above site is using cloudflare but it is still leaking website / server IP address and the web host which is Bluehost.
Some tools are more effective than others. The tool in the example above is from the following site https://hostadvice.com/tools/whois
Checked it using a different website http://www.whoishostingthis.com but this one wasn’t good enough to detect the real IP and web host provider for the same website.
Ideally this should be the result if you want to completely hide your website’s IP and other info like web host provider (see the image below)
184.108.40.206 is cloudflare’s IP address and not the website or server IP address. Location is also cloudflare’s IP location. So in the above example server’s real IP, location and web host is hidden behind cloudflare and no information is being leaked.
So if you are wondering how to avoid the leakage then here is how, its very simple.
If the cloud is orange it means traffic is routed through cloudflare and if its grey then it means it is not hidden behind cloudflare in other words traffic will not pass through cloudflare system.
When you setup cloudflare, by default it enables cloudflare (orange cloud) only for “A record domain name” in this case its marxtudor.com and the www record. Other records like webmail, ftp etc.. have grey cloud by default.
Tools like https://hostadvice.com/tools/whois target those records thats why it was able to find out the IP and web host in the example I already showed you above. So what you can do is click on that grey cloud and toggle it to orange, do it for each one of them. Alternatively you can also delete all those records which has the Cloud Option except your main domain and www record.
Note: No matter which method you choose, whether choose to delete the records or you enable the orange cloud for all the other records like mail, ftp, cpanel; they wont be accessible via domain name, for example cpanel.your-domain-name would not work but you can always access those using IP address, for example cpanel.your-website-ip-address would work fine, in case of FTP client like filezilla enter the website’s IP address instead of the domain name.
If you just found out that in spite of using cloudflare your website’s IP was still being leaked and you followed this method, you won’t see the result straight away. It would take 15 to 30 days for the information to update everywhere but eventually after 15 to 30 days or may be less when you check your site again it would all be hidden.