Backend Still Exposed

Hello!, Today a user pointed out my IP was still exposed

org => 104.28.30.15 (USA) [CloudFlare IP]
www. => 104.28.31.15 (USA) [CloudFlare IP]
cpanel => 104.28.30.15 (USA) [CloudFlare IP]
ftp => 104.28.30.15 (USA) [CloudFlare IP]
mail => 104.28.30.15 (USA) [CloudFlare IP]
webmail => 104.28.31.15 (USA) [CloudFlare IP]
dc-847d2fbf10a9.mysite.org => snip (USA)

I attempted to add this to my cloudflare but it said it was already added?

Now he has been hitting my site offline via that one exposed part, any help would be awesome

You likely have your Mx record pointing to your root domain or another :orange: record. Cloudflare doesn’t proxy SMTP traffic for :orange: records. It doesn’t proxy FTP either, so that record just won’t work for FTP traffic.

So the dc-$foo record is retuned for an Mx lookup rather than your actual Mx so you can actually receive mail.

You can either remove your Mx record (and stop receiving mail) or move your mail to a different server than your origin for other things like your website or use a 3rd party relay (e.g. proofpoint) to obfuscate your true mail server origin.

You can also restrict access to your server on http/s ports to only Cloudflare IPs.

2 Likes

how do I remove the MX record so I may better my site
and what 3rd party do you recommend?

Well if you remove the Mx you won’t get mail. Probably better to either ask your host if you can have mail on a different server or look to a service like Gmail or Office 365 for your email separate from your hosting.

2 Likes