A user bypassed cloudflare

Hello there, in my website I have the orange cloud active, a user (as well) my friend managed to bypass Cloudflare and find the original IP of the server.
I never disabled the cloud.

How i can prevent this?

Thank you.

Could be a dozen different things - maybe it’s the same as before you had Cloudflare so it’s in DNS history services, maybe you have a record pointing to the same origin which isn’t proxied or maybe your server leaks it in some other way.

If you know the user, just ask them how they did it?

It’s always recommended that you get a new IP for your origin when first using Cloudflare.

Hi, thanks for the reply. No it wasn’t for old DNS records, the IP is new. He told me that he can bypass but he doesn’t tell me how.

If he has a genuine method to bypass Cloudflare, he can report it through Cloudflare’s bug bounty program that rewards responsible disclosure. HackerOne

However, I really doubt they have a bypass for Cloudflare and rather that your server or DNS is exposing it in some other way. Could you share the domain?

limitati.killteamseller.it

Make sure you have at the very least completed step 1 and 2. I also strongly recommend doing step 3.

2 Likes

Already done. Thank you, but the problem still

Step 3 as well? :slightly_smiling_face:

Only Cloudflare can access to my website but the user can bypass this and find only the original IP address of my server.

Hey,

As mentioned there’s various ways if you don’t properly secure the server. I’d recommend searching SecurityTrails and censys to see if you can find your IP. If so, it means you need to lock down your server more and get a new IP. There’s more tools but these are two good ones to look at initially. What @albert suggested are definitely good steps to do.

1 Like

Thank you, i will do, may i can ask if you can hidden the links you sent here? Please.

Removed :slight_smile:

1 Like

Thank you, another question, how i can edit the question and messages here?

There’s an edit button under your posts, the little pencil. Just click that and edit as you wish

Hmm i don’t see.

I really doubt they have a bypass for Cloudflare and rather that your server or DNS is exposing it in some other way. Could you share the domain?

already solved, old record dns (but is too strange)

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.