Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 09-07-2018, 09:43 AM   #1
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
i need help in finding ip of website

ok some website is reverse proxying using nginx to my website.

how can i find its ip address ?

current servers setup is like this.


stealer -> my front end box -> my backend box

i tried accessing phpinfo (); from his website, and got bunch of ip addresses, but none of them is his server ip

what should i do ?

Thanks for your time.

is there some script/code if i put it on my backend box , and access it from stealer 's website, i will get his server's ip address ?

thanks
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-07-2018, 09:48 AM   #2
SIK
Confirmed User
 
SIK's Avatar
 
Join Date: Dec 2006
Posts: 1,497
1. put up some shit html page only you know on your site like:
http://www.your site.com/ lets-see-the-hacker.html

2. access that html on copycat site www.copycatsite.com/lets-see-the-hacker.html

3. check IP in server logs
__________________
¤´¨)
¸.•´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•`¤ICQ:491 496 482
SIK is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-07-2018, 09:51 AM   #3
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
Quote:
Originally Posted by SIK View Post
1. put up some shit html page only you know on your site like:
http://www.your site.com/ lets-see-the-hacker.html

2. access that html on copycat site www.copycatsite.com/lets-see-the-hacker.html

3. check IP in server logs
i have disabled access logs to lower the server load, i guess, its time to enable them.

thanks,
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-07-2018, 10:04 AM   #4
SIK
Confirmed User
 
SIK's Avatar
 
Join Date: Dec 2006
Posts: 1,497
you can look around the forum (I wrote more on this issue..)

my problem is that a shitload of clone sites copy my shit and spoof shit around, and even though I'm pretty sure they are doing damage to me (google..) - there is no real way to combat it

problem being, by the time you figure out you've been copied, google has already indexed the shit out of it and it is pretty much stuck in their system as duplicate content and so on and so on......

tldr - no real way to combat it, it is up to google to finally decide to start rewarding ORIGINAL (first instance) content, instead of "strongest" (most backlinks and shit)

but anyway, good luck
__________________
¤´¨)
¸.•´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•`¤ICQ:491 496 482
SIK is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-07-2018, 10:10 AM   #5
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
Quote:
Originally Posted by SIK View Post
1. put up some shit html page only you know on your site like:
http://www.your site.com/ lets-see-the-hacker.html

2. access that html on copycat site www.copycatsite.com/lets-see-the-hacker.html

3. check IP in server logs
all i am getting cloudflare ip addressess
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-07-2018, 05:11 PM   #6
SIK
Confirmed User
 
SIK's Avatar
 
Join Date: Dec 2006
Posts: 1,497
Quote:
Originally Posted by freecartoonporn View Post
all i am getting cloudflare ip addressess
1. if your site is using cloudflare - stop using it
2. blacklist all cloudflare ips on your server
__________________
¤´¨)
¸.•´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•`¤ICQ:491 496 482
SIK is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-07-2018, 08:02 PM   #7
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
Quote:
Originally Posted by SIK View Post
1. if your site is using cloudflare - stop using it
2. blacklist all cloudflare ips on your server
my server is set up such a way if user does not comes from cloudflare then block that access.

what i need to do is install Module ngx_http_realip_module

then i can see real ips in my server logs instead of cloudflare ips .
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-08-2018, 06:25 AM   #8
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
okay, iset up custom log format in nginx and restarted nginx and boom, found his ip address

Code:
log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$host" "$request" '
            '$status $body_bytes_sent "$http_referer" '
            '"$http_user_agent" $request_time';
and then

Code:
access_log  /var/logs/nginx/access.log main;
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-08-2018, 01:37 PM   #9
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
motherfucker using 100+ ips to send curl requests.,

so far i have banned 90 ips , and found 100 new ips. looks like he is rotating 1k+ proxy ip addresss to scrape my site.
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-09-2018, 08:56 AM   #10
SIK
Confirmed User
 
SIK's Avatar
 
Join Date: Dec 2006
Posts: 1,497
Quote:
Originally Posted by freecartoonporn View Post
motherfucker using 100+ ips to send curl requests.,

so far i have banned 90 ips , and found 100 new ips. looks like he is rotating 1k+ proxy ip addresss to scrape my site.
yep..

like I said earlier, I'm having this problem for years and years now and I took a lot of fuckers down through various tricks but I am yet to discover a 100% solution to it

I even tried asking prominent googlers on twitter and such about that issue (10+ questions) and they ignored every single one of them.

THEY KNOW about that issue, they just can't fix it, not with current way google works
__________________
¤´¨)
¸.•´¸.•*´¨) ¸.•*¨)
(¸.•´ (¸.•`¤ICQ:491 496 482
SIK is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-09-2018, 09:15 AM   #11
rowan
Too lazy to set a custom title
 
Join Date: Mar 2002
Location: Australia
Posts: 17,394
If you want to more aggressively block IPs, you can find a number of lists here:

FireHOL IP Lists | IP Blacklists | IP Blocklists | IP Reputation

Be aware that there's going to be some collateral damage - for example, it's going to catch legit surfers using a VPN that also funnels a lot of abuse - but if you block aggressively for a few days it may be enough to make the cloner decide to move on.

Another option is to look at a much lower level to find patterns in the request headers. Most scrapers don't bother to perfectly mimic a browser, so they stand out like a sore thumb when you view the complete HTTP request.
rowan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-09-2018, 10:16 AM   #12
iceboi
Confirmed User
 
Industry Role:
Join Date: Oct 2017
Posts: 302
Since you are using cloudflare, you should enable "I'm under attack" mode, which will show a captcha for proxy/VPN ips and all other unusual requests.
iceboi is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-09-2018, 05:04 PM   #13
rowan
Too lazy to set a custom title
 
Join Date: Mar 2002
Location: Australia
Posts: 17,394
One other tip regarding HTTP headers. If the scraper is using assorted open proxies, some of those proxies will leak the real IP of the server via headers such as X-Forwarded-For, X-Real-IP, Client-IP, etc. Since the IP of the server is unique the presence of this can be used to automatically ban proxies.
rowan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-09-2018, 06:39 PM   #14
freecartoonporn
Confirmed User
 
freecartoonporn's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
Quote:
Originally Posted by iceboi View Post
Since you are using cloudflare, you should enable "I'm under attack" mode, which will show a captcha for proxy/VPN ips and all other unusual requests.
ill try it.

thanks.
freecartoonporn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
website, box, stealer, backend, address, servers, server, bunch, addresses, time, script/code, access, phpinfo, nginx, finding, reverse, proxying, accessing, front, current, setup



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.