How can I hide my servers IP address


#1

Hello,

I have a server program that listens for raw TCP/IP socket connections coming in from from my android app that connects using the sites domain, such as new socket(“https://www.mysite.com”);

So the DNS look up contains the IP address for my servers domain name, and android gets that and connects using that IP.

I want to prevent hackers getting my sites IP address. I know they can easily find out which IP my app is connecting to by simply having the app connect over WiFi and then looking at the packets to see which IP it connects to and then hack my site at that IP address.

Im using RAW TCP/IP sockets, not http, not https, not WebSockets.

  1. Anybody knows how to hide my servers IP address, yet still be able to connect to from my app?
  2. Can I use a VPN from android to my server? Will that hide my servers IP address?
  3. Is there any other way you can think of even without using cloudflare?

Thanks


#2

Since CloudFlare is a reverse proxy, this isn’t possible as far as I know. The only exception I know of is Teamspeak.

There’s currently a (limited) beta test running called “Proxy Anything”.

A VPN between app and server wouldn’t hide the ip address because the client needs to know the endpoint. (DNS or IP).

You could hide the server itself by putting it behind a NAT (router, firewall, 2nd server) or something like this. But the IP address of this devices will be exposed.

Using a jump host can prevent direct attacks against your content server (via ssh for example).

What kind of attacks are you thinking about?


#3

Hello MarkMeyer

Thanks for taking the time time answer. I dont know what kind of attacks, but whatever hackers plan to do they have to at least know the IP address. I had a site one time that kept getting hacked. Each day i would find new php scripts magically appearing on the server, and existing php scripts keep getting modified, adding hidden code at the top of the php file such as this

<?php secret php code normal php code ?>

You cant really see it here because this site removes extra blanks, but they would put a bunch of blanks on the same line after <?php so that their code would end up off screen and if you opened the file you wouldnt see it.

Other hacks were they would add some php file with encrypted php code, these files would be given a random name like ieuhfrxer.php or suhiuehun.php and spread all over the place each with a different random name.

Each day i would see more and more of these random files and changes to existing code, and having to manually delete them.

God know what other hacks were there.

So I dont want that to happen to my current site, or any other hacks, but i dont know how to stop them other than to hide the site all together, changing the IP address every no and then.

Dont know why people spend time hacking sites, if they are so smart why dont they make their own products or websites instead of wrecking others.

Thanks for any help.


#4

How do I sign up for the “proxy anything”? Is that from cloud flare or some other site?


#5

Proxy Anything is currently in closed Beta. I have no idea when it will become public, but a wild guess would be six months. Even then, I don’t know if it will be free.

This is what I understand of your situation so far:

  1. You have a server with a single IP address
  2. You run a website on it on ports 80/443
  3. You also run an app service on that IP address, but a different port
  4. You want to protect that server so hackers don’t hack your website
  5. Assumption: Your app service on your server is pretty secure and you’re not particularly worried about hacks. Correct?

Does your app setup need connectivity to your website data? (in other words, could it run on a different server?)

Some random thoughts:

  1. You’ll need to do more than just hide your IP address. You’ll need to firewall it so only Cloudflare IP addresses can hit it. But only through proxied connections. A :grey: DNS entry isn’t going to work due to the firewall limitation.

  2. Cloud hosting, such as Digital Ocean, Linode, and Vultr, have low-cost instances for $5/month. Vultr even has a $2.50/month “droplet” in some of their East Coast datacenters. This may lower the cost of your hosting if you need a second server. These “droplets” even support internal private networks if you do need to connect between your webserver and app server.


#6

Hello Sir,

Thanks for taking the time to respond.

All of your Assumptions are correct except 5. I AM worried about hackers on both the app service and the web server actually, because they can easily get my servers IP address from looking at the IP that the app connects to.

Yes, my app needs connectivity to the website data (MySql database) in that the users login and passwords etc are on that same machine the app service needs access to it to operate plus other data related to users.

I guess i could run the app service on a different server, but that may slow database accesses and app performance, and that would also open the database socket to hackers also. But seems my only choice.

Yes I will definitely firewall it so that only cloudflare IP can hit the website, good idea, thanks!! But, since the app uses raw TCP/IP, cloud flare cant help me there (its the reason why i wanted to hide the servers IP address). The server is actually on amazon ec2, so i will have to figure out which IP cloud flare will be using to hit my website so i can configure the AWS firewall, and figure out how to configure ec2 to know when its a proxied connection to let only that in.

I will definitely check out those hosting options you mentioned for the second server.

Thanks so much for your intelligent comment, it really helped.


#7

#5) Aside from exposing your IP address, my hope was that your app is pretty secure against direct attacks against the app server on port 8-thousand-whatever.

Proxy Anything (I believe it uses HAProxy) is a straight-through proxy. As far as I know, it has no way to inspect encrypted packets for hostile commands, etc. It’s just a proxy with Cloudflare’s DDoS protection and general bad-guy blocking features. (Again, this is my assumption based upon my limited experience and reading of features).

So its main advantage for you will to be to just hide the IP address.

If your servers are co-located, the database connection shouldn’t be horrifically slow unless you’re on a database-intensive app. Just my optimistic hope.

Your firewall will need to have the following IP ranges open:


#8

Regarding the code injection:

You can firewall the server so it only accepts connections from the CloudFlare networks. This helps to keep them away from your machine using the origin IP. What I’m not sure about is, if CloudFlare can prevent code injection which possibly happened due to a flaw in your app or code :thinking:

Were you able to find out how the code was added?

Running the database on a second server should not have an big impact to the performance. Most big websites are set up that way. Firewall -> (Load Balancer ->) Frontends -> Backends (DBs). As long as you don’t host them in different locations far away from each other :wink:


#9

Hello again,

Thanks for your comment, im sure the injection didn’t happen through the app but through the webserver and wordpress somehow since back then it was out in the open with no security or SSL etc. The current site is a lot different, but I don’t want it to happen again.

I thought maybe set up my own proxy server using another machine or maybe use Amazon cloudfront.

Do you know how to prevent code injection?


#10

Hard to say since there are a lot of ways

Hacked accounts
Vulnerable PHP versions
Flaws in the code base itself
Wrong file permissions
Since you mentioned WordPress: it’s also possible that the WP version was vulnerable or a plug-in.

And. So. On. Too many to list them all.

Just the basics:
Use strong passwords, keep your software up to date, check file or folder permissions twice, zero trust when installing stuff from the web. Even there’s a large community.

Regarding WordPress: have a deep look to the plug-ins you want to install. Ratings? Are they frequently updated? And so on.

As usual :wink:

A bit advanced:
Protect your (system) accounts with a 2nd factor wherever it is possible.

Duo Security is an enterprise class provider for 2FA. It’s free for personal use.
For example: You can protect your SSH server with a PAM module provided by Duo. Once installed, you must approve the SSH login via push message, with a code (generated with their app), SMS, or phone call.
The hard(ware) way: combine it with a Yubikey.


#11

If you’re running WordPress, I very strongly recommend that you install the Wordfence plugin. It does a super job of protecting your site and scanning for vulnerabilities and malware.


#12

This topic was automatically closed after 14 days. New replies are no longer allowed.