Security Sysadmin SSL ip leaking

You using cloudflare or something to hide server IP ? Can't really stop censys as it's scanner so if it is able to scan sites - it may have not got around to the https sites you checked yet. Centmin Mod 123.09beta01 does at initial install time add censys and shodan known IP scanner addresses to CSF Firewall block list in attempts to minimise this but there's more IP ranges than I'd be able to track.

If using cloudflare, best to just whitelist cloudflare IPs and block non-cloudflare at CSF Firewall level i.e. once whitelisted IPs, remove from /etc/csf/csf.conf TCP_IN and TCP6_IN port 80 and 443 from whitelisted ports and restart CSF Firewall https://community.centminmod.com/th...all-except-the-specific-ips.17627/#post-74613. Then non-cloudflare IPs access will be blocked on port 80 and 443

then check system /var/log/messages for all blocked CSF Firewall results for destination ports 80 and 443

Code (Text):

grep 'Firewall' /var/log/messages | egrep 'DPT=80 |DPT=443 '

 

When you whitelisted Cloudflare IPs in CSF Firewall via csfcf.sh https://community.centminmod.com/th...te-cloudflare-nginx-csf-firewall-setups.6241/ then they are allowed access to all ports regardless of whether they're listed in TCP_IN/TCP6_IN/UDP_IN/UDP6_IN lists at /etc/csf/csf.conf.