SSL Certificate
I have an Ubuntu VPS server running a web server with Nginx. Initially, I configured Cloudflare as a reverse proxy pointing to my server’s IPv4 address. I noticed that my server’s IPv4 address was being exposed on services like Shodan.io, one of my friends checked it and told me the reason was from the ssl, because when he searched with the ssl he also found the ip, even though I had configured SSL to "Full" mode in Cloudflare and hosted the SSL certificate on my server.
As I’m still new to server management, I switched the SSL setting in Cloudflare to "Flexible" and removed the SSL configuration from the Nginx setup. Could this change have been the reason my IPv4 address was exposed? Additionally, I would like to know the best practice for SSL configuration. Should I use "Full Strict" mode and host the SSL certificate on my VPS?
29 Replies
Ping me when someone reply
your servers ip address can be exposed through your domain if your A/AAAA records are unproxied (dns only)
If you have proxying enabled for all records that contain your ip then it is not possible to directly figure out your servers ip (...)
whether or not tls is used doesn't have anything to do with that as far as I know
But I've already proxied them and the ipv4 was still showing on shodan.io
is not possible to directly figure out your servers ipthere are workarounds
wdym by workarounds
if you had your records unproxied previously or if your server answers to traffic that doesn't originate from cloudflare
there are many ways that your ip can end up in a database, associated with your domain
so if it was previosly unproxied would that be the issue?
the data base is also hosted in the vps and i can not even access it witout connecting to the vps
what's your domain
lutex.io
DNS over Discord: A records
lutex.io A @1.1.1.3 +noall +answer
diggy diggy hole
DNS over Discord: AAAA records
lutex.io AAAA @1.1.1.1 +noall +answer
diggy diggy hole
¯\_(ツ)_/¯
what?
at first glance your dns seems fine
once again there are a lot of slip ups that could lead to your ip being exposed
there really isn't much you can do after that
I'm changing the ipv4 but i need to make sure that the mistake i did before is not going to happen again
Are you sure that it has nothing to do with ssl?
I'm not an expert on that topic, so maybe wait for someone else to respond
sure
>﹏<
If you don't have firewall rules that only allows connections from Cloudflare IPs then your server will show up on shodan. All it does is just run a scan of all IP addresses
Additionally, I would like to know the best practice for SSL configuration. Should I use "Full Strict" mode and host the SSL certificate on my VPS?Yes.
If you only want to allow connection through Cloudflare, whitelist the Cloudflare IPs and block all others. Otherwise there's no reason the site can't be reached just by guessing the IP, which is exactly what Shodan does as Jok3 pointed out.
IP Ranges | Cloudflare
This page is intended to be the definitive source of Cloudflare’s current IP ranges.
Or use a Cloudflare tunnel, so you don't have to update IP Lists 🙂
Plus added benefit of blocking all ingress traffic and securing SSH access. That's my go-to nowadays.
i did that once it got leaked
Why not flexible?
wdym by guessing the ip? my friends have like over 10 website none of them is in shodan
No one can access the vps do not worry, i was just confused how did it got leaked in shodan even tho im sure that i did nothing wrong, i was hosting ssl in my vps while using cloudflare (full ssl config), when i contacted my friends we checked that the different configuration from what they did is the ssl, which why when they search with my website's ssl they find the ip so i guessed that it was the issue
-
please ping me when there is a reply
Exactly what I said and what Jok3 said. People sweep the entire public IPv4 space daily. If it can be reached by IP, it's gotten. Probably the web server listening for all connections, not using SNI.
If you type in the IP and the site shows up then it will be found.
SSL errors are irrelevant, they can be ignored by the client.
But how does shodan knows that this is the website they are looking for? how do they link it to the domain
it was, it should be stopped now
Could the leak happened because of the dns history? if i did serve the website without cloudflare proxy once will it appear in the history?
Again...
People sweep the entire public IPv4 space daily. If it can be reached by IP, it's gotten.There you go, you answered your own question. :dogewowspin:
hmm
It seems like you need to research how this stuff works so you actually understand it and can better defend yourself. I'm not sure how else I can explain it if you still don't get it.
So i will get back to ssl full strict and host ssl in my vps, while blocking traffic from ips that's not from cloudflare, hopefully it does not get leaked again after i change the ipv4