I've just found out my server IP is still leaking on shodan.io :/. Now sure how they got my IP? I'm not using Letsencrypt, just using CF own certificate. No other domain is hosted on the server. Maybe removing port 80 and 443 on CSF TCP_IN and OUT?...