RedBear
(Red Bear)
February 8, 2022, 1:52am
1
My forum has CloudFlare and when inserting a URL from this service, I can get the real IP of my server, this is a big gift for DDoS attacks.
I checked it on the Discourse Meta and this forum don’t have URL-filtration too.
Blocked domain by IPlogger can’t help because the attacker can use a custom domain using the script for logger ip address. I think need use whitelist to filter domain who can use onebox.
Example: if admin allow only url from Youtube, Twitter, Imgur, all other url will be blocked.
Maybe Discourse have this setting? I can’t found
Update
Setting blocked onebox domains
and allowed inline onebox domains
in this page /admin/site_settings/category/onebox
not work.
I create this rules:
Onebox show it:
2 Likes
supermathie
(Michael Brown)
February 8, 2022, 11:39pm
3
We don’t have a complete end-to-end guide on doing this, but here are other relevant topics:
While researching Cloudflare and best practices to use to protect my server I ran into an article by Cloudflare about protecting the origin IP (the IP where the website is actually being ran from) because you would be able to circumvent all of Cloudflares ddos protection if you had it.
What interested me was specifically this section:
Never initiate an outbound connection based on user action
If the attacker can get your web server to connect to an arbitrary address, they will reveal your …
I keep my forum’s server behind cloud flare due to a large amount of attacks against the site. The link previews and emails can leak the server’s backend IP Address. The email issue was resolved by setting up a SMTP relay that strips headers (if the user pulls email headers to get the IP, they get the relay and not the forum’s IP). Is there a way to make the link previews go through a proxy server?
3 Likes
RedBear
(Red Bear)
February 9, 2022, 12:20am
4
I think I found a solution with setting CSP. I managed to allow images only from my domain, need time for the dough and I will share the decision.
please share, i have change many time ip address coz the hacker get my ip from iplogger.