Keeping original IP exposed makes attacker life easier to prepare for an attack directly on the server.
You might be using cloud-based security, but if you haven’t taken the necessary action to hide the actual server IP, then most probably hackers will find that and turn your website down and hurt the business and reputation. DDoS is dangerous for online businesses.
A recent study by CloudPiercer shows over 70% of cloud-based security protected websites is exposing their real IP address.
Let’s take a look at online tools which will help you to test the origin IP vulnerability.
Censys
Censys search engine helps you to find how websites are deployed and reveal the origin-IP (if found) of URL.
Zoomeye
Users utilize a robust search engine, Zoomeye, to look for computers, websites, and other Internet-connected devices. Users can use it to discover the IP address of devices or look for specific ports, like port 80 for web servers.
It offers comprehensive search features so users can quickly locate details on the devices, including their operating system, place of origin, and other information, on the internet.
Users can use it to look up specific IP addresses, domain names, and other kinds of data. It offers quick and straightforward access to a sizable informational database that is frequently updated.
Using innovative algorithms, the platform builds an extensive database of IP addresses and device details. Users can use this information to find vulnerable devices and conduct detailed studies like penetration testing or vulnerability assessments.
Its primary users are security experts like penetration testers, bug bounty hunters, and CERT teams who use it to swiftly spot machines running open ports or services and other possible security flaws.
Additionally, it offers statistical analysis of the search results, which enables customers to learn more about network security.
Shodan
Shodan is a global searchable database of internet-connected devices that offers users access to Internet of Things (IoT) devices. Eighty-nine percent of the Fortune 100 companies utilize it, and it has three million registered users, demonstrating its credibility and popularity.
Security experts or system administrators can monitor the network’s range and set up real-time notifications for unexpected network intrusions with the help of Shodhan Monitor.
Professionals can use it to search their networks for connected devices and find out what kind of devices are there and their current status and settings. This process makes it possible to manage and secure one’s networked devices more effectively and troubleshoot and solve problems more quickly.
A utility like Shodan is essential for maintaining the security of one’s network in the age of the Internet of Things, where millions of IoT devices connect to the internet daily.
It enables users to look for various devices, including computers, routers, servers, networks, IP addresses, domains, and websites.
The platform gives comprehensive data statistics of Internet-connected devices, such as hosts or IP addresses, including open ports, services, version numbers, and other details.
Shodan also enables users to look for possible security flaws, specific vulnerabilities, or exploits to comprehend potential risks better.
Using Shodan, people can find potential vulnerabilities in a remote or their local network. Researchers, penetration testers, law enforcement, and other security experts also use it.
How to possibly fix the “Origin IP” vulnerability?
There is no real answer, but one of the essential things you could do is to change the IP address once the CDN/Security/DNS provider protects the URL.
To make it simple, let’s say you have example.com hosted on XYZ Hosting. And you decide to protect with some DNS/Security Provider.
What you could do in this scenario is – Get your website protected by DNS/Security provider, and once you are all done with configuration. You need to request your hosting provider to provide a new IP so you can update the new IP in DNS/Security provider directly. By doing this, your new IP is not exposed to the Internet and potentially safe.
You may also check out Incapsula or Cloudflare’s article, which explains this.
If you are using Cloudflare, then you may try their Argo Tunnel to protect the origin server.
Conclusion
I hope this helps you to find if your website origin IP is exposed or not. You may also consider implementing cloud-based DDoS protection from Cloudflare or SUCURI.
