Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to hide DNS records from Cloudflare Resolvers?
#17
(2013-08-14, 07:35 PM)damoncloudflare Wrote: The Website Security Guidelines post we have will greatly reduce the probability of someone finding your IP address easily.

yes but what about the above post?

(2013-01-14, 04:53 AM)Adobe Wrote:
(2013-01-14, 01:40 AM)norradjer99 Wrote: Cloudflare actually stopped giving out IPs, mainly the host now with the range of the dedicated server.

But, still you can get the IP easily enough with that.


With cloudflare, it is fine to me.


@ Jesse, any example scripts of that around to block the avatar IP thing?

HF still does not have this patched i don't think.



In inc/functions.php, around line 5584 (unmodified, may be different if using google seo urls plugin), you'll find a function called fetch_remote_file. This function allows for an attacker to get the real IP address of the website. This piece of code eliminates this vulnerability.

This is within the section that says if(function_exists("curl_init")) for those who have modified their functions.php file. Insert the following at or near the beginning of this block.

        curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1");
        curl_setopt($ch, CURLOPT_PROXYPORT, "8080");
        curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);

Replace the IP address and port with the corresponding ones of your proxy. If it's an HTTP proxy, replace CURLPROXY_SOCKS5 with CURLPROXY_HTTP .

Credits: Don't remember, this was in my notepad.

P.S: I never tried this even though I had this for over a month.


Messages In This Thread
RE: How to hide DNS records from Cloudflare Resolvers? - by sn4g - 2013-08-14, 08:07 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)