Find Real IP (Origin) address of Website

If you know the IP address, you can easily launch attacks against their web server. Protecting the real IP address of your website is a basic technique in order to revent some basic types of DDOS attacks and floods.

Is your website IP protected? Are you sure? While there are certain methods to hide your IP address, almost 99% of the people don’t do it. Let’s find out if you are one of those people who have their real IP (origin) exposed.

The IP address of a website is like the address of a house in the real world. If you know where someone lives, you can go there, talk with their owners if you need, say hello, or if you are a damn lunatic, you can go and make a mess, steal things, or even throw a bomb into their property. Websites are the same.

How can I find the real IP address of a website?

There are many ways to find the real IP address of a website, you can use for example a simple ping command or dns record lookup using dig command.

ping www.linux-foundation.org

The result will reveal the apparently real IP address:

[webtech@localhost ~]$ ping www.linux-foundation.org
PING linux-foundation.org (140.211.169.4) 56(84) bytes of data.

or

dig A www.linux-foundation.org

The result:

;; ANSWER SECTION:
www.linux-foundation.org. 10798	IN	A	140.211.169.4

However, in these days, people who protect their website IPs do it using dns & proxy cloud based protections, which makes it a bit more difficult to get the actual IP. However, it still possible if we dig a little bit.

Another way is using some tools like Censys, which is is a fantastic search engine that allows security researchers and digital investigators to find out network information about websites, which can help to reveal the origin IP address as well.

With Censys you can also get more than the IP address, but also:

  • Web Hosting Provider
  • Server Geographic Location
  • HTTP Status Code
  • Public Protocol Data
  • SSL Certificate Information
  • Alexa Ranking

This is the result of the IP address scanning using Censys:

Screenshot of how to reveal origin IP address using Censys
Screenshot of how to reveal origin IP address using Censys

Reveal the IP address behind a proxy

A well configured reverse proxy will never show up information about the back end servers. However, there are still a few things to do to find out the origin IP address.

DNS information

A records for a domain behind a proxy will probably point to the proxy server, however most sites use MX records that usually point to the real servers. For example:

dig MX www.linux-foundation.org

Will show the real MX servers:

[webtech@localhost ~]$ dig MX linux.com | grep MX
; <<>> DiG 9.11.1-P2-RedHat-9.11.1-2.P2.fc26 <<>> MX linux.com
;linux.com.			IN	MX
linux.com.		1800	IN	MX	10 smtp1.linuxfoundation.org.
linux.com.		1800	IN	MX	15 smtp2.linuxfoundation.org.
[webtech@localhost ~]$

Proxy Configuration Errors

If you didn’t configure your proxy in the best way, there are chances that your setup is exposing too much information, more than the one you need. This common errors can help attackers and curious people to leak web server’s IP address.

Enabling mod-info is a good example of this, it will expose Apache status page to the whole internet.

Sites protected by Cloudflare

There is a simple way to protect your website IP using Cloudflare. If a website is powered behind Cloudflare proxy and you can’t find the real IP then you must follow this next tutorial in which we will show you the bes ways to reveal / bypass the real IP of a website powered by Cloudflare: Find real IP address behind Cloudflare.

What about you? Do you know ther ways to reveal the real IP address of website?

About the Author: Esteban Borges

Experienced Sr. Linux SysAdmin and Web Technologist, passionate about building tools, automating processes, fixing server issues, troubleshooting, securing and optimizing high traffic websites.

Leave a Reply

Your email address will not be published.