Keeping original IP exposed makes attacker life easier to prepare for an attack directly on the server.
You might be using cloud-based security, but if you haven’t taken the necessary action to hide the actual server IP, then most probably hackers will find that and turn your website down and hurt the business and reputation. DDoS is dangerous for online businesses.
A recent study by CloudPiercer shows over 70% of cloud-based security protected websites is exposing their real IP address.
Let’s take a look at online tools, which will help you to test origin IP vulnerability.
CloudPiercer scans your website to discover the original IP using a various, methods including.
- IP history database
- DNS Records
- Sensitive files
To protect privacy, you need to verify the domain ownership by adding a TXT record, Uploading HTML file, or adding a <meta> tag on your homepage.
So go ahead and give a try! Scan results may take a few minutes. I got my report in 10 minutes.
Censys search engine helps you to find how websites are deployed and reveal the origin-IP (if found) of URL.
How to possibly fix the “Origin IP” vulnerability?
There is no real answer, but one of the essential things you could do is to change the IP address once the CDN/Security/DNS provider protects the URL.
To make it simple, let’s say you have example.com hosted on XYZ Hosting. And you decide to protect with some DNS/Security Provider.
What you could do in this scenario is – Get your website protected by DNS/Security provider, and once you are all done with configuration. You need to request your hosting provider to provide a new IP so you can update the new IP in DNS/Security provider directly. By doing this, your new IP is not exposed to the Internet and potentially safe.
You may also check out Incapsula or Cloudflare’s article, which explains this.
If you are using Cloudflare, then you may try their Argo Tunnel to protect the origin server.
I hope this helps you to find if your website origin IP is exposed or not. You may also consider implementing cloud-based DDoS protection from Cloudflare or SUCURI.