Discover Centmin Mod today
Register Now

Security Sysadmin SSL ip leaking

Discussion in 'System Administration' started by julliuz, Jul 28, 2019.

  1. julliuz

    julliuz Member

    37
    3
    8
    Dec 20, 2018
    Ratings:
    +7
    Local Time:
    2:05 PM
    1.15
    Hi there

    I was wondering if there is any way to stop my backend ip from leaking through the SSL certs ? We have a busy website and we are constantly the victim of attacks because people can simply scan it out on censys. When I look at other https websites their IP's seem to not be out in the open like that.

    Any way to stop the IP from leaking through ssl certs with centminmod ?
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:05 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You using cloudflare or something to hide server IP ? Can't really stop censys as it's scanner so if it is able to scan sites - it may have not got around to the https sites you checked yet. Centmin Mod 123.09beta01 does at initial install time add censys and shodan known IP scanner addresses to CSF Firewall block list in attempts to minimise this but there's more IP ranges than I'd be able to track.

    If using cloudflare, best to just whitelist cloudflare IPs and block non-cloudflare at CSF Firewall level i.e. once whitelisted IPs, remove from /etc/csf/csf.conf TCP_IN and TCP6_IN port 80 and 443 from whitelisted ports and restart CSF Firewall https://community.centminmod.com/th...all-except-the-specific-ips.17627/#post-74613. Then non-cloudflare IPs access will be blocked on port 80 and 443

    then check system /var/log/messages for all blocked CSF Firewall results for destination ports 80 and 443
    Code (Text):
    grep 'Firewall' /var/log/messages | egrep 'DPT=80 |DPT=443 '
     
    Last edited: Jul 29, 2019
  3. pamamolf

    pamamolf Premium Member Premium Member

    3,824
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    3:05 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    How Cloudflare connects to the server?

    I thought Cloudflare use that ports....
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:05 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  5. Rake-GH

    Rake-GH Active Member

    138
    67
    28
    Jul 29, 2019
    USA
    Ratings:
    +104
    Local Time:
    8:05 AM
    default
    default
    Setup cloudflare on your current server. Migrate to a new server, using cloudflare from the beginning. Now your IP won't be leaked, only your old origin IP will be in historical databases. Unless your SSL provider publicly discloses the IPs. LetsEncrypt currently does not publish the IPs that generate the certs, but they do log them. They may publish them in the future, but as of right now, they don't. If your SSL issuer publishes them, use LetsEncrypt or someone else.