Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 03 Jul 2014, 21:05
g00gl3r g00gl3r is offline
 
Join Date: Sep 2005
Getting DDOSSED via Server IP - How to hide IP in notification email headers etc?

Hi,

I'm getting DDOSSED to the hilt. Now using cloudflare and have a new IP for the forums. It appears the IP can be revealed still as it's in the email headers.

How can I mask this or prevent this from happening?

As at the moment I have had to disable all email features including email to friend, contact us forms, notification emails and even human verification for new users.

Can't leave busy forums (x4) like that for long.

Can anybody help? Ever had this before?
Reply With Quote
  #2  
Old 03 Jul 2014, 21:09
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
http://www.vbulletin.org/forum/showt...light=Firewall
Or get in touch with your host they will be able to help better than this plugin
Reply With Quote
  #3  
Old 03 Jul 2014, 21:11
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
You can't really prevent this from happening if you send the emails from your own server, it will always contain the originating IP in the email headers as far as I know. I make use of http://www.critsend.com/ to hide my server IP, a (paid) SMTP relay.

Note that you can also easily grab the server IP using the remote image uploading feature @avatar and signature upload.
Reply With Quote
  #4  
Old 03 Jul 2014, 21:53
g00gl3r g00gl3r is offline
 
Join Date: Sep 2005
Okay I'll disable those features now too.

And I'll take a look at critsend.

Will Google Apps / Gmail SMTP service (which you pay for) not do it?

Is there a way to get around the uploading feature showing the IP?
Reply With Quote
  #5  
Old 03 Jul 2014, 22:02
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Originally Posted by g00gl3r View Post
Okay I'll disable those features now too.

And I'll take a look at critsend.

Will Google Apps / Gmail SMTP service (which you pay for) not do it?

Is there a way to get around the uploading feature showing the IP?
The only option would be deleting that functionality, the remote upload basically makes your server contact the URL they enter. Whoever has their own server could easily check their logs for your server IP.

Any SMTP relay server should hide your server IP, I have no experience with Google Apps though. I tried Gmail SMTP service a long time ago and my account got blocked in no-time.
Reply With Quote
  #6  
Old 04 Jul 2014, 10:13
g00gl3r g00gl3r is offline
 
Join Date: Sep 2005
I've disabled any uploading for newer usergroups. Only established members have the option now.

I'll need to get my head around this SMTP and see what leaves the IP in the headers.

--------------- Added 04 Jul 2014 at 10:39 ---------------

Originally Posted by Dave View Post
The only option would be deleting that functionality, the remote upload basically makes your server contact the URL they enter. Whoever has their own server could easily check their logs for your server IP.

Any SMTP relay server should hide your server IP, I have no experience with Google Apps though. I tried Gmail SMTP service a long time ago and my account got blocked in no-time.
Do you mean when we link to an image and then allow remote hosting of it?
Does that need removing?
Reply With Quote
  #7  
Old 04 Jul 2014, 19:47
vbresults vbresults is offline
 
Join Date: Apr 2009
Get Google Apps for Business. It's $5/mo and solves your IP problem.
Reply With Quote
  #8  
Old 04 Jul 2014, 19:50
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Originally Posted by g00gl3r View Post
I've disabled any uploading for newer usergroups. Only established members have the option now.

I'll need to get my head around this SMTP and see what leaves the IP in the headers.

--------------- Added 04 Jul 2014 at 10:39 ---------------



Do you mean when we link to an image and then allow remote hosting of it?
Does that need removing?
I'm talking about this feature: "Option 1 - Enter the URL to the Image on Another Website".
That function may leak your server IP.
Reply With Quote
  #9  
Old 04 Jul 2014, 23:46
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Originally Posted by g00gl3r View Post
Hi,

I'm getting DDOSSED to the hilt. Now using cloudflare and have a new IP for the forums. It appears the IP can be revealed still as it's in the email headers.

How can I mask this or prevent this from happening?

As at the moment I have had to disable all email features including email to friend, contact us forms, notification emails and even human verification for new users.

Can't leave busy forums (x4) like that for long.

Can anybody help? Ever had this before?
All someone has to do is get a dns check or a whois check to reveal the sites ip address. Doing a simple ping via the windows command console also reveals the site's ip. At this point you need to look into ddos protection services or get a stronger server and configure a firewall addon for it.
Reply With Quote
  #10  
Old 04 Jul 2014, 23:53
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
How exactly are you getting a ddos attack? How many ip's are showing up in your server security log? Which port are they attacking?
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.

Reply With Quote
  #11  
Old 05 Jul 2014, 07:58
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Originally Posted by final kaoss View Post
All someone has to do is get a dns check or a whois check to reveal the sites ip address. Doing a simple ping via the windows command console also reveals the site's ip. At this point you need to look into ddos protection services or get a stronger server and configure a firewall addon for it.
That's not completely true when using Cloudflare, they mask your server's IP address.
Unless, of course, you have DNS records active which still resolve to your server's IP address.
Reply With Quote
  #12  
Old 05 Jul 2014, 16:06
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Originally Posted by final kaoss View Post
Watch, let me show you an example.
Yes, but if you resolve that IP address, it resolves to Cloudflare.
http://www.ip-adress.com/ip_tracer/108.162.199.26
Reply With Quote
  #13  
Old 14 Aug 2014, 12:16
MentaL's Avatar
MentaL MentaL is offline
 
Join Date: Jan 2003
Use a third party server, like a cheap VPS to send your mail from and then just modify the mail headers of exim to hide the sender ip, that the only IP being shared is that of the vps and not the actual source server (vbulletin) that hosts the mail sending script.

Double up with this www.vbulletin.org/forum/showthread.php?t=313353
__________________
RaGEZONE
Reply With Quote
  #14  
Old 15 Aug 2014, 01:41
thetechgenius's Avatar
thetechgenius thetechgenius is offline
 
Join Date: Jun 2014
If they are getting your Server IP through Email (Email Headers), why not buy an Email Subscription? Will that work? Because then the attacker will get the Email Service provider IP, correct? Or am I wrong?

If you want to get an Email Subscription, Namecheap's OX Private Mail service is really good. I only have my Domain and Email hosted with Namecheap, and they have a REALLY good Email Service. I have the second package, which costs me about $29 per year, and it comes with One Mail Box, I think 10 Alias's, 10GB Mail Storage, 10GB File Storage, Full Mobile Support, and the server runs on HTTPS/SSL. I use Namecheap's OX Private Mail for my vBulletin forum too, and its great, its a really great service.
Reply With Quote
  #15  
Old 15 Aug 2014, 01:49
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
How do you know they are getting your ip from your email? That does not make much sense to me really.
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.

Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 03:28.

Layout Options | Width: Wide Color: