What Is CloudFlare and How To Bypass It?

What Is CloudFlare and How To Bypass It?

What Is CloudFlare and How To Bypass It?

What Is CloudFlare and How To Bypass It?

For today’s Website Owner, security and Speed of website loading are the two important aspects that should be taken into consideration. And here we surely have a better solution to make it possible by using cloudflare service.  The company offers both free as well as paid services and surprisingly even the free service works as a charm.

What it offers is:

  • Content Delivery Content
  • Optimizer
  • Security
  • Analytics

On average, websites that uses Cloudflare will experience:

  • loads twice as fast
  • uses 60% less bandwidth
  • has 65% lesser request
  • increase of security

So here is the first question,

How Does CloudFlare Works?

Cloudflare works on its ‘Cloudflares Globally Distributed Network’ Known as CDN which works as a reverse proxy for the ones website. Once you are part of Cloudflares network, your whole traffic gets routed through it.

This is what happens when you are not using cloudflare

And after you start using it

So once you have configured with globally distributed DNS servers and with the use of CISCO technology anycast, your whole traffic gets transferred through the nearest DNS server containing many programs like caching systems etc. It makes sure by masking the real ip of the web server that the main server stays safe. Also it has a system to avoid a malicious user and allowing only genuine visitors so thus making the website safe from the intruders. All the crawlers from Search engines are directly allowed also the speed of loading gets increased due to caching services thus Site is well search engine optimized.

 

So now we have another Question.

What is CDN (Content Delivery Network)?

As from the words of cloudflare society, “a content delivery network (CDN) is a system of computers containing copies of data, placed at various points in a network to maximize bandwidth for access to the data from clients throughout the network.

CDN system solves two important issues for bloggers and website owners, slower loading of websites and outage of server problems. Both the issues are harmful, as if not handled properly the search index ratings will get harmed. So for this you need to pay more for better servers. Also to make the website hackproof there is necessity of a better firewall which also requires a large amount of money. So to avoid costly server and complex firewalls, CDN is the solution for all problems.

So when we took a survey of a paid service of cloudflare users, here are the results we obtained.

  • Total request used: 288
  • Total request without Cloudflare service: 574 (saving 49.82%)
  • Total bandwidth used: 249.3 KB
  • Total bandwidth used without Cloudflare service: 417.6 KB (saving of 40.3%)

Those who don’t like website to get down because of Dos (Ddos) attacks can consider Cloudflare as the ultimate solution to your problem.  Two things which protect cloudflare powered websites from a Ddos attack, first thing is that the IP address is masked and secondly it uses a captcha method. So it provides a total security against any kind of DOS attack.

Really good isn’t it?

So the real threat from this service is faced by the Intruders (Hacker5). The problem is that they are not able to identify the IP of the server, as it is well masked by the CDN and without identify the real IP address of the server it is not possible for a Hacker to get into that server or even to take down the server. SO we have got the final question here.

How to bypass the Cloudflare?

There are two decent ways to identify the real IP address of the website.

Both of these methods are based on bad admin configurations, but still are quite common

If you are a user of Cloudflare, you will find problems getting into the cpanel or the ftp of the website. I don’t know why it occurs but it must be occurring because cloudflare is not parsing them properly. Bad for them, but good for the hackers.  We can obviously use it to bypass it. In this condition, to access cpanel or ftp we have to go in real_ip_address:2082. This means cpanel or ftp services are accessible only from the main IP address. Thus a simple solution to this is finding the IP for ftp.domain-name.tld or cpanel.domain-name.tld.

So just do the ping ftp.domain-name.tld or ping cpanel.domain-name.tld and you will be having the real IP of it. Cheers.

Another way to it is, when the server is using its own mail server not the other one. In this way, we use the mail server to identify the IP address of it. So to make it use, we need an automatic answering service of a website. Here we will use sign up services of a target website.

When you have successfully signed up, you do receive an email from the website.

So Open this Email, look for the headers, there you will find the IP address of the mail server, thus it is the most probably same one for the website.

You got the IP, Now go and play with the cloudflare protected servers.

Author: Aditya Thakur

  • Pingback: How Businesses Can Use Promotional Models To Increase Brand Awareness

  • CloudflareHackerWannabe

    Very decent tutorial, but the last part is from Aug 2012
    My question is, will the methods still work? I mean, C/F may find a solution for the 1st method, but will the second mail-server-IP method work ‘forever’? As stupid as it sounds, I’m asking if the mail server IP will always be the same as the admin-server’s IP.
    What’s the % possibility?

    Thank you.

  • chaosclown

    No, the likelihood of the email IP being the same is maybe somewhere around 50%, if that. I am the systems administrator of a web hosting datacenter, and our mail comes from a completely separate datacenter. A lot of servers, you will find that this is true.

    It is possible, though, for the mail to come from the same exact box as the web application. In this case, you would have the IP address of the web server.

  • http://www.google.com/ Lnxr00t

    or there is other ways
    like
    ping direct.domain-name.tld
    ping direct-connect.domain-name.tld
    and registering on forum/site and resetting password and via mail header getting mail server ip/same as server ip
    and method is so on.
    social engineering cloudflare via abuse or some report and then getting ip ;)
    :)