Learn about Centmin Mod LEMP Stack today
Register Now

Security Sysadmin SSL ip leaking

Discussion in 'System Administration' started by julliuz, Jul 28, 2019.

  1. julliuz

    julliuz New Member

    25
    2
    3
    Dec 20, 2018
    Ratings:
    +5
    Local Time:
    11:25 PM
    1.15
    Hi there

    I was wondering if there is any way to stop my backend ip from leaking through the SSL certs ? We have a busy website and we are constantly the victim of attacks because people can simply scan it out on censys. When I look at other https websites their IP's seem to not be out in the open like that.

    Any way to stop the IP from leaking through ssl certs with centminmod ?
     
  2. eva2000

    eva2000 Administrator Staff Member

    42,352
    9,562
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,734
    Local Time:
    8:25 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You using cloudflare or something to hide server IP ? Can't really stop censys as it's scanner so if it is able to scan sites - it may have not got around to the https sites you checked yet. Centmin Mod 123.09beta01 does at initial install time add censys and shodan known IP scanner addresses to CSF Firewall block list in attempts to minimise this but there's more IP ranges than I'd be able to track.

    If using cloudflare, best to just whitelist cloudflare IPs and block non-cloudflare at CSF Firewall level i.e. once whitelisted IPs, remove from /etc/csf/csf.conf TCP_IN and TCP6_IN port 80 and 443 from whitelisted ports and restart CSF Firewall https://community.centminmod.com/th...all-except-the-specific-ips.17627/#post-74613. Then non-cloudflare IPs access will be blocked on port 80 and 443

    then check system /var/log/messages for all blocked CSF Firewall results for destination ports 80 and 443
    Code (Text):
    grep 'Firewall' /var/log/messages | egrep 'DPT=80 |DPT=443 '
     
    Last edited: Jul 29, 2019
    • Like Like x 1
  3. pamamolf

    pamamolf Premium Member Premium Member

    3,581
    345
    83
    May 31, 2014
    Ratings:
    +666
    Local Time:
    12:25 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    How Cloudflare connects to the server?

    I thought Cloudflare use that ports....
     
  4. eva2000

    eva2000 Administrator Staff Member

    42,352
    9,562
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,734
    Local Time:
    8:25 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
  5. Rake-GH

    Rake-GH Premium Member Premium Member

    34
    21
    8
    Jul 29, 2019
    USA
    Ratings:
    +29
    Local Time:
    5:25 PM
    default
    default
    Setup cloudflare on your current server. Migrate to a new server, using cloudflare from the beginning. Now your IP won't be leaked, only your old origin IP will be in historical databases. Unless your SSL provider publicly discloses the IPs. LetsEncrypt currently does not publish the IPs that generate the certs, but they do log them. They may publish them in the future, but as of right now, they don't. If your SSL issuer publishes them, use LetsEncrypt or someone else.
     
    • Like Like x 1
    • Informative Informative x 1