I just wonder if Cloudflare is protecting only the domain name accesses ? Lets say I have a website mydomain.com and this domain has a dedicatedIP, 192.168.1.1 if someone uses 192.168.1.1 with the browser it is possible to access to the website. So the DDOS attack as well. In this case can writing a php code will prevent from direct ip access ddos attacks ? Like checking if the entered url is a domain or IP, if it is IP show 403 ?
%99.9 ddos attackers do not use domain name to attack, they first check the dns records of the domain and they attack to the website IP, especially if you have a dedicated IP assigned to the website, even if you hide the mainIP of the website by using Cloudflare nameservers, the mx and email IP dns records are listed again and they are your dedicatedIP where pointed to your website when you call that IP. This is the problem I'm trying to solve.
Cloudflare's DDOS protection is only useful if you hide the origin IP - the IP of your server. They have an article with tips on this. You'll want to point MX etc. records somewhere else and send mail from a different server, because you're right - it would reveal the IP of the server.
If your host supports it, you can also firewall off your server from any IP address that isn't in Cloudflare's range.
Related
How to check if user is visiting site from our own local network or common internet.
Suppose, If somebody scans the qr code in our restaurant, it links to something, which is checking, are you connected to the local network or you're opening it from global? (no idea how)
Local - redirecting to the local domain (no idea how i can do this also, eg. restaurant.menu)
Global - redirecting to the global domain (eg. menu.com)
You can check the IP of the customer and compare it with IP range of your network. If the customer IP falls in your range redirect the user to local site otherwise to your global site.
You can use $_SERVER['REMOTE_ADDR']; to get IP of user visiting the site from the QR code.
You can setup a dns record for your local IP (external IP). The IPs mentioned in the comment 10.100.109.10-256 are private IPs and not publicly accessible. These wont work, search on google with what is my ip and I am sure you will get many options.
Once done you can create a script which will get user ip address ($_SERVER['REMOTE_ADDR'];) and do a gethostbyaddr() lookup to get the hostname associated with that IP. If the hostname matches the one you have set, your visitor is from a local connection.
For the redirection to work, if your website is hosted on server that is not in the same network as your router then you need to have a public facing domain name (ie. restaurant.menu should be reachable publicly)
A second approach could be to redirect the traffic at the router level. If your router allows you can setup a redirection in the router itself. If it does not you will need to setup a dns server. In this dns server you will specify the desired (local) IP address for the domain. You router needs to have a backup dns to keep resolving other domains.
These are hacks but if implemented correctly they will provide very predictable results.
I am working on a WordPress website and have the plugin WP Security installed. It tells me the current IP Address I am on when viewing the website. However the IP address it is producing isn't my correct IP address. I did the same thing on another WordPress website and it did produce the correct IP address.
The reason I'm trying to figure out the IP address is because someone entered their login credentials wrong 5 times. The website is set up so when that happens it locks that person out of website for an hour. Well when this happened it didn't just block their IP address, but blocked our IP address and the clients IP address. And the IP address it said it was blocking was neither of ours.
What could be the reasoning for this single website to be grabbing the incorrect IP address and believing it belongs to us and our client?
EDIT: after looking into it a little more the IP address that is showing up on this website is through Liquid Web, our hosting provider. So it is showing that IP address instead of our current/local IP address.
"All" traffic is routed to your webserver via another server (CDN, Firewall, Nginx etc). Following a failed login attempt the WP plugin is blacklisting this intermediate servers IP address locking everyone out.
Typically php scripts gets the visitors IP frome the REMOTE_ADDR environment variable: but depending on configuration with e.g. intermediate Nginx server REMOTE_ADDR may contain the nginx server IP; and the "real visitor" IP may be in HTTP_X_REAL_IP
You can use this script to: check which environment variable on your site contains the actual visitor IP.
It would be useful if you provided the link to the site from which you got the WP Security plugin.
Solution:
Ask your host provider to configure servers so REMOTE_ADDR on your web server will contain visitors IP; or
If you know which environment var is valid (above); then the security plugin may have a setting to configure accordingly; or
Report as a bug on plugins support forum.
I need to get my users IP address'.
I found this article How to get Client Ip Address in Laravel 5.1?
The above mentioned article uses the Request::ip();
However, this method returns my servers IP address. From what I can understand from other sources, this happens when the site is localhost - but the site is hosted and is live on a server.
This site is live and online, but it might refer to localhost, as the site might be sitting on its own server (I dont have any experience in server config to know if this is true or not, just a guess).
When I connect to the DB Host, I do so using localhost referencing as well, and not something like mysql.phpmyadmin.hosting.com as DB Host. Therefore, my guess is, that the Request::ip(); returns the server ip, because the site somehow is sitting localhost.
However, if I use $_SERVER['HTTP_X_FORWARDED_FOR']; I get the correct IP address.
Now to my final question: Is this safe to use? Is there another way to use a Laravel function to make this request?
From what I can understand, the $_SERVER['HTTP_X_FORWARDED_FOR']; can have security holes, according to How to get the client IP address in PHP?.
Can I use $_SERVER['HTTP_X_FORWARDED_FOR']; safely without worrying? If not, what other way could I go, to get the users IP address safely?
The risk with X-Forwarded-For is that a user could create the header themselves, and thus pass along any IP they wish.
The solution is to only trust the header when REMOTE_ADDR is that of your trusted proxy. There's a Laravel package that lets you enforce this restriction.
During a recent DDoS attack on a DNS, my site was unable to continue to function.
While the main site remained up and running, I was unable to connect to an external API on a different domain, leading the site to become completely unusable.
The data is fetched using PHP:
file_get_contents(API_PATH)
I currently call the API using the domain name, but I'm able to use the IP address if required.
Are there any advantages/disadvantages of calling the API by IP?
Is there anything else I should be aware of before making this change?
Your machine probably cached the resolved host, and has not updated it yet. You would need to flush the DNS cache.
It is not a good idea to use an IP address. While the DNS provider might be attacked, it is more likely that the IP is changed. I mean, rarely is a DNS provider attacked in such a large scale like the recent one, and it is definitely more common to see a website to have its IP address changed (although it shouldn't always happen normally). Therefore, you may want to use an IP address during a DNS attack (although your own DNS provider might be attacked as well), but not as the normal condition. If you want to be safe, fallback to use a cached IP address if the domain fails to resolve; but writing that kind of code is meaningless anyway, since it is rarely useful.
If you use an IP address:
You can't move the service to a different server without updating all the client code
You can't use some forms of load balancing
You can't use the hostname to distinguish between multiple services hosted on the same IP address
There really is not much difference in using the DNS name or IP address in your API calls.
However, If you ever change the service provider, you will have to update both your DNS settings (such as your A records) and the IP address in your code, you would not have to do this otherwise.
Other than that, pretty much good to go, unless someone else thinks of any other reason.
I assume you want to mitigate the impact of the recent DNS DDoS attacks.
Advantages:
Your website still functions. Although that may not matter too much because nobody will be able to even visit your website.
Disadvantages:
What if the API changes its IP address?
What if the API does load balancing using DNS (e.g. it may resolve to different IPs at different times)?
What if the API uses a CDN?
I do not recommend it.
I have website and have one page for receiving some news (newly registered users, activity, etc.) and is restricted for everyone except for my IP (Page for only me to view).
I'm interested if there is a way that someone else can "fake" my IP and view this file?
P.S. I am aware of other ways of doing this.
Usually, you dont get fixed IPs, most provider give dynamic IPs. So if you restart your Router, your IP will change and make it impossible to access the page again. If you get a fixed IP, it should work. He can ofc. modify the IP, but then he wont get the response back.
Converting my comments to an answer.
It depends on how you are trying to get the client's IP address. If you are:
only using $_SERVER['REMOTE_ADDR'] to get the ip address
don't have a shared ip address
don't use a (shared) proxy
You should be just fine, because a possible attacker can technically spoof the ip address, but that would not work because, (as Andrey) rightfully pointed out to me the tcp handshake would simply fail.
Some caveats:
Your IP may change at some point effectively locking yourself out.
When you are behind a proxy / internal -> external router / vpn / otherwise shared ip other people in the same network might also have access
Never ever ever use $_SERVER['HTTP_X_FORWARDED_FOR '] because this can be spoofed easily.