If you know the IP address, you can easily launch attacks against their web server. Protecting the real IP address of your website is a basic technique in order to revent some basic types of DDOS attacks and floods.
Is your website IP protected? Are you sure? While there are certain methods to hide your IP address, almost 99% of the people don’t do it. Let’s find out if you are one of those people who have their real IP (origin) exposed.
The IP address of a website is like the address of a house in the real world. If you know where someone lives, you can go there, talk with their owners if you need, say hello, or if you are a damn lunatic, you can go and make a mess, steal things, or even throw a bomb into their property. Websites are the same.
How can I find the real IP address of a website?
There are many ways to find the real IP address of a website, you can use for example a simple ping command or dns record lookup using dig command.
The result will reveal the apparently real IP address:
[webtech@localhost ~]$ ping www.linux-foundation.org PING linux-foundation.org (22.214.171.124) 56(84) bytes of data.
dig A www.linux-foundation.org
;; ANSWER SECTION: www.linux-foundation.org. 10798 IN A 126.96.36.199
However, in these days, people who protect their website IPs do it using dns & proxy cloud based protections, which makes it a bit more difficult to get the actual IP. However, it still possible if we dig a little bit.
Another way is using some tools like Censys, which is is a fantastic search engine that allows security researchers and digital investigators to find out network information about websites, which can help to reveal the origin IP address as well.
With Censys you can also get more than the IP address, but also:
- Web Hosting Provider
- Server Geographic Location
- HTTP Status Code
- Public Protocol Data
- SSL Certificate Information
- Alexa Ranking
This is the result of the IP address scanning using Censys:
Reveal the IP address behind a proxy
A well configured reverse proxy will never show up information about the back end servers. However, there are still a few things to do to find out the origin IP address.
A records for a domain behind a proxy will probably point to the proxy server, however most sites use MX records that usually point to the real servers. For example:
dig MX www.linux-foundation.org
Will show the real MX servers:
[webtech@localhost ~]$ dig MX linux.com | grep MX ; <<>> DiG 9.11.1-P2-RedHat-9.11.1-2.P2.fc26 <<>> MX linux.com ;linux.com. IN MX linux.com. 1800 IN MX 10 smtp1.linuxfoundation.org. linux.com. 1800 IN MX 15 smtp2.linuxfoundation.org. [webtech@localhost ~]$
Proxy Configuration Errors
If you didn’t configure your proxy in the best way, there are chances that your setup is exposing too much information, more than the one you need. This common errors can help attackers and curious people to leak web server’s IP address.
Enabling mod-info is a good example of this, it will expose Apache status page to the whole internet.
Sites protected by Cloudflare
There is a simple way to protect your website IP using Cloudflare. If a website is powered behind Cloudflare proxy and you can’t find the real IP then you must follow this next tutorial in which we will show you the bes ways to reveal / bypass the real IP of a website powered by Cloudflare: Find real IP address behind Cloudflare.
What about you? Do you know ther ways to reveal the real IP address of website?