Tech i need help in finding ip of website - GoFuckYourself.com

freecartoonporn · 09-07-2018, 09:43 AM

ok some website is reverse proxying using nginx to my website.

how can i find its ip address ?

current servers setup is like this.

stealer -> my front end box -> my backend box

i tried accessing phpinfo (); from his website, and got bunch of ip addresses, but none of them is his server ip

what should i do ?

Thanks for your time.

is there some script/code if i put it on my backend box , and access it from stealer 's website, i will get his server's ip address ?

thanks

SIK · 09-07-2018, 09:48 AM

1. put up some shit html page only you know on your site like:
http://www.your site.com/ lets-see-the-hacker.html

2. access that html on copycat site www.copycatsite.com/lets-see-the-hacker.html

3. check IP in server logs

freecartoonporn · 09-07-2018, 09:51 AM

Quote:

Originally Posted by SIK

1. put up some shit html page only you know on your site like:
http://www.your site.com/ lets-see-the-hacker.html

2. access that html on copycat site www.copycatsite.com/lets-see-the-hacker.html

3. check IP in server logs

i have disabled access logs to lower the server load, i guess, its time to enable them.

thanks,

SIK · 09-07-2018, 10:04 AM

you can look around the forum (I wrote more on this issue..)

my problem is that a shitload of clone sites copy my shit and spoof shit around, and even though I'm pretty sure they are doing damage to me (google..) - there is no real way to combat it

problem being, by the time you figure out you've been copied, google has already indexed the shit out of it and it is pretty much stuck in their system as duplicate content and so on and so on......

tldr - no real way to combat it, it is up to google to finally decide to start rewarding ORIGINAL (first instance) content, instead of "strongest" (most backlinks and shit)

but anyway, good luck

freecartoonporn · 09-07-2018, 10:10 AM

Quote:

Originally Posted by SIK

1. put up some shit html page only you know on your site like:
http://www.your site.com/ lets-see-the-hacker.html

2. access that html on copycat site www.copycatsite.com/lets-see-the-hacker.html

3. check IP in server logs

all i am getting cloudflare ip addressess

SIK · 09-07-2018, 05:11 PM

Quote:

Originally Posted by freecartoonporn

all i am getting cloudflare ip addressess

1. if your site is using cloudflare - stop using it
2. blacklist all cloudflare ips on your server

freecartoonporn · 09-07-2018, 08:02 PM

Quote:

Originally Posted by SIK

1. if your site is using cloudflare - stop using it
2. blacklist all cloudflare ips on your server

my server is set up such a way if user does not comes from cloudflare then block that access.

what i need to do is install Module ngx_http_realip_module

then i can see real ips in my server logs instead of cloudflare ips .

freecartoonporn · 09-08-2018, 06:25 AM

okay, iset up custom log format in nginx and restarted nginx and boom, found his ip address

Code:

log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$host" "$request" '
            '$status $body_bytes_sent "$http_referer" '
            '"$http_user_agent" $request_time';

and then

Code:

access_log  /var/logs/nginx/access.log main;

freecartoonporn · 09-08-2018, 01:37 PM

motherfucker using 100+ ips to send curl requests.,

so far i have banned 90 ips , and found 100 new ips. looks like he is rotating 1k+ proxy ip addresss to scrape my site.

SIK · 09-09-2018, 08:56 AM

Quote:

Originally Posted by freecartoonporn

motherfucker using 100+ ips to send curl requests.,

so far i have banned 90 ips , and found 100 new ips. looks like he is rotating 1k+ proxy ip addresss to scrape my site.

yep..

like I said earlier, I'm having this problem for years and years now and I took a lot of fuckers down through various tricks but I am yet to discover a 100% solution to it

I even tried asking prominent googlers on twitter and such about that issue (10+ questions) and they ignored every single one of them.

THEY KNOW about that issue, they just can't fix it, not with current way google works

rowan · 09-09-2018, 09:15 AM

If you want to more aggressively block IPs, you can find a number of lists here:

FireHOL IP Lists | IP Blacklists | IP Blocklists | IP Reputation

Be aware that there's going to be some collateral damage - for example, it's going to catch legit surfers using a VPN that also funnels a lot of abuse - but if you block aggressively for a few days it may be enough to make the cloner decide to move on.

Another option is to look at a much lower level to find patterns in the request headers. Most scrapers don't bother to perfectly mimic a browser, so they stand out like a sore thumb when you view the complete HTTP request.

iceboi · 09-09-2018, 10:16 AM

Since you are using cloudflare, you should enable "I'm under attack" mode, which will show a captcha for proxy/VPN ips and all other unusual requests.

rowan · 09-09-2018, 05:04 PM

One other tip regarding HTTP headers. If the scraper is using assorted open proxies, some of those proxies will leak the real IP of the server via headers such as X-Forwarded-For, X-Real-IP, Client-IP, etc. Since the IP of the server is unique the presence of this can be used to automatically ban proxies.

freecartoonporn · 09-09-2018, 06:39 PM

Quote:

Originally Posted by iceboi

Since you are using cloudflare, you should enable "I'm under attack" mode, which will show a captcha for proxy/VPN ips and all other unusual requests.

ill try it.

thanks.

09-07-2018, 09:43 AM	#1
freecartoonporn Confirmed User Industry Role: Join Date: Jan 2012 Location: NC Posts: 7,683	i need help in finding ip of website ok some website is reverse proxying using nginx to my website. how can i find its ip address ? current servers setup is like this. stealer -> my front end box -> my backend box i tried accessing phpinfo (); from his website, and got bunch of ip addresses, but none of them is his server ip what should i do ? Thanks for your time. is there some script/code if i put it on my backend box , and access it from stealer 's website, i will get his server's ip address ? thanks __________________ SSD Cloud Server, VPS Server, Simple Cloud Hosting \| DigitalOcean

09-07-2018, 09:48 AM	#2
SIK Confirmed User Join Date: Dec 2006 Posts: 1,497	1. put up some shit html page only you know on your site like: http://www.your site.com/ lets-see-the-hacker.html 2. access that html on copycat site www.copycatsite.com/lets-see-the-hacker.html 3. check IP in server logs __________________ ¤´¨) ¸.•´¸.•´¨) ¸.•¨) (¸.•´ (¸.•`¤ICQ:491 496 482

09-07-2018, 10:04 AM	#4
SIK Confirmed User Join Date: Dec 2006 Posts: 1,497	you can look around the forum (I wrote more on this issue..) my problem is that a shitload of clone sites copy my shit and spoof shit around, and even though I'm pretty sure they are doing damage to me (google..) - there is no real way to combat it problem being, by the time you figure out you've been copied, google has already indexed the shit out of it and it is pretty much stuck in their system as duplicate content and so on and so on...... tldr - no real way to combat it, it is up to google to finally decide to start rewarding ORIGINAL (first instance) content, instead of "strongest" (most backlinks and shit) but anyway, good luck __________________ ¤´¨) ¸.•´¸.•´¨) ¸.•¨) (¸.•´ (¸.•`¤ICQ:491 496 482

09-08-2018, 06:25 AM	#8
freecartoonporn Confirmed User Industry Role: Join Date: Jan 2012 Location: NC Posts: 7,683	okay, iset up custom log format in nginx and restarted nginx and boom, found his ip address Code: log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$host" "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $request_time'; and then Code: access_log /var/logs/nginx/access.log main; __________________ SSD Cloud Server, VPS Server, Simple Cloud Hosting \| DigitalOcean

09-08-2018, 01:37 PM	#9
freecartoonporn Confirmed User Industry Role: Join Date: Jan 2012 Location: NC Posts: 7,683	motherfucker using 100+ ips to send curl requests., so far i have banned 90 ips , and found 100 new ips. looks like he is rotating 1k+ proxy ip addresss to scrape my site. __________________ SSD Cloud Server, VPS Server, Simple Cloud Hosting \| DigitalOcean

09-09-2018, 09:15 AM	#11
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	If you want to more aggressively block IPs, you can find a number of lists here: FireHOL IP Lists \| IP Blacklists \| IP Blocklists \| IP Reputation Be aware that there's going to be some collateral damage - for example, it's going to catch legit surfers using a VPN that also funnels a lot of abuse - but if you block aggressively for a few days it may be enough to make the cloner decide to move on. Another option is to look at a much lower level to find patterns in the request headers. Most scrapers don't bother to perfectly mimic a browser, so they stand out like a sore thumb when you view the complete HTTP request.

09-09-2018, 10:16 AM	#12
iceboi Confirmed User Industry Role: Join Date: Oct 2017 Posts: 302	Since you are using cloudflare, you should enable "I'm under attack" mode, which will show a captcha for proxy/VPN ips and all other unusual requests. __________________ Highest CPM pop-under \| Best Converting Modern Cam Site

09-09-2018, 05:04 PM	#13
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	One other tip regarding HTTP headers. If the scraper is using assorted open proxies, some of those proxies will leak the real IP of the server via headers such as X-Forwarded-For, X-Real-IP, Client-IP, etc. Since the IP of the server is unique the presence of this can be used to automatically ban proxies.