Hundreds of websites are a victim of DDoS attacks every day, and quarterly report by Akamai shows that UK positioned number one in top 10 countries in Q3, 2015.
Keeping original IP exposed makes attacker life easier to prepare for an attack directly on the server.
You might be using cloud-based security or DNS provider but if you haven’t taken necessary action to hide the actual server IP then most probably hacker will find that and turn your website down and hurt the business/reputation.
A recent study by CloudPiercer shows over 70% of cloud-based security protected websites is exposing their real IP address.
Let’s take a look at online tools, which will help you to find if your websites origin IP is exposed, or not.
CloudPiercer scans your website to discover the original IP using a various method including.
- IP history database
- DNS Records
- Sensitive files
To protect the privacy, you need to verify the domain ownership by adding TXT record, Uploading HTML file or adding a <meta> tag on your homepage.
So go ahead and give a try! Scan results may take few minutes. I got my report in 10 minutes.
Censys search engine helps you to find how websites are deployed and reveal the origin-IP (if found) of URL.
Crimeflare (Only for powered by CloudFlare)
Crimeflare may help you to find the original IP of a website powered by CloudFlare only.
How to possibly fix “Origin IP” vulnerability?
There is no real answer, but one important thing you could do is to change the IP address once CDN/Security/DNS provider protects URL.
To make it simple, let’s say you have example.com hosted on XYZ Hosting. And you decide to protect with some DNS/Security Provider.
What you could do in this scenario is – Get your website protected by DNS/Security provider and once you are all done with configuration.
You need to request your hosting provider to provide a new IP so you can update the new IP in DNS/Security provider directly.
By doing this, your new IP is not exposed to the Internet and potentially safe.
I hope this helps you to find if your website origin IP is exposed or not.
If you are a site owner and looking for DDoS protection, then you may check out SUCURI.