Hackers try to sign in my server using cloudflare IPS

hello everyone

Hackers have hacked my site and changed values in the database to their advantage

how can hackers use Cloudflare IP’s to hide their identities?

This IP was shown in my log for my server manager trying to enter the site. Like this, there are several attempts with different IPs from cloudflare.

Because it’S a cloudflare address Proxycheck does not recognize it as a threat, which it definitely is for me. Is there a chance to get the real IPS / identities behind these IPS`
Thank you
regards
Flow

Does your website use Cloudflare services (have you added it to your Cloudflare dashboard)?

2 Likes

yes, name servers are set and everything works. but currently, they are not trying to hack the site itself but try to sign in to the server manager plesk with Cloudflare IPS, when I check the IPS in proxycheck it says the IPS are safe and from cloudflare

It sounds like the server is not configured to restore visitor IP addresses:

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

2 Likes

ok I will have a look, but I fear that this will not solve my problem as this link goes only to the sign in page of the server manager and this URL isn’t added in Cloudflare. but my main question is how they can hide with cloudflare IPS without them being detected as VPN or proxy IPS?

Cloudflare works by proxying all content through Cloudflare’s servers first. See: https://www.cloudflare.com/learning/what-is-cloudflare/

In general, that means that whenever a visitor visits your website, Cloudflare is the actual IP address that connects (REMOTE_ADDR in some server software), and thus one of Cloudflare’s IP addresses will show up. With Cloudflare, you MUST ‘restore original visitor IPs’ if you want to know the real IP address of the visitor of the website since the real IP is not the visitor’s IP. If you don’t do this, all you will see is Cloudflare IP addresses in your logs and whatnot.

From https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

5 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.