Protect yourself from Cloudflare resolvers

All tutorials we have thought to write or that have been compiled that do not explicitly belong in another category.
Post Reply
Hatemind
n00b
Posts: 5
Joined: Fri May 30, 2014 1:14 pm

Protect yourself from Cloudflare resolvers

Post by Hatemind » Fri May 30, 2014 1:27 pm

This tutorial teaches you how to bypass http://cloudflare-watch.org/cfs.html and skiddy cloudflare resolvers. My first post here, which will hopefully wipe the dust from this forum. I could swear I hear a creaking sound when I clicked the new thread button...
Cloudflare-watch is a group of security researchers that defeat cloudflare protection rather often by exposing the IP addresses of said sites.
Not 100% sure how they go about it, but they scan the internet for sites that are cloudflared to find IP's, checking each one with the cURL host option. it works very well, except for one thing. You can add subdomains that bypass cloudflare, for direct access.
The way cloudflare resolvers work is they check prefixes and sometimes suffixes in order to find direct connect addresses, which makes it sound like that's a bad thing and they should never be used. However, you can point these to any address you'd like. It stops not only skids, but cloudflare watch, too, because it saves them server resources.
Step 1:
Login to cloudflare. Manage the DNS entries for your site.
Step 2:
Add a subdomain named direct or ftp. Point it to any address, cloudflare-watch give you page titles upon requesting info about a site, but if you have access to hosting somewhere separate you can add your domain there and upload a duplicate of your site, if you'd like to go that far.
Step 3:
Wait for cloudflare-watch to crawl your shit, they'll get the IP for the subdomain.
Step 4:
f***ing profit. Bonus points if you used hackforums' IP, or a governement IP address so fuckheads get V&. :mrgreen:

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Protect yourself from Cloudflare resolvers

Post by Cool_Fire » Thu Jun 05, 2014 4:23 am

Moved from submissions to general.

Thanks, interesting stuff. I had no idea people were scanning for bypasses on such a large scale.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Hatemind
n00b
Posts: 5
Joined: Fri May 30, 2014 1:14 pm

Re: Protect yourself from Cloudflare resolvers

Post by Hatemind » Fri Jun 06, 2014 9:45 pm

Cool_Fire wrote:Moved from submissions to general.

Thanks, interesting stuff. I had no idea people were scanning for bypasses on such a large scale.
I didn't either. They have the most effective way of doing it though, at least that that I've seen. Their downfall is looking for the easy way before using resources, they could at least compare page titles between the cloudflare protected and non-cloudflare protected results before letting the wrong IP go down.

Post Reply