Google Will Display HTTP websites As Insecure

[Tay]

In Google's continuous effort to push HTTPs - They're now moving faster on the Chrome side:

Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

[..]

Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as "not secure," given their particularly sensitive nature.

In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

Source: Moving Towards a More Secure Web
​

 

[Ryuzaki]

Team Google: Internet Police!

On one end, it's cool to see someone taking the helm and leading (coercing) the internet in a certain direction, but leaving it alone to grow organically has been working just fine. There's never any leading without agenda's involved.

The idea that a plain text, no CSS, no HTML tags, no Images page will need to be secure or get a WARNING is the height of absurdity.

All of the big publishers using a handful of advertising networks are going to find it impossible (and unnecessary) to make the switch. Even Amazon's CPM ads don't have all of their files being sent securely. You'll have off site resources you can't control screwing you over.

I can tell you two reasons they never got the mass adoption they wanted by BRIBING people to do it:

1. The ranking boost didn't outweigh the 301 loss
2. There's no simple, non-techie way of setting up SSL

They've fixed #1, but #2 is still a pain. It's not just a matter of generating a CSR and getting a certificate. You have to dig into .htaccess and write global redirects. You have to FTP and change all absolute file paths to HTTPS. You have to do a database search and replace. You have to fix your sitemap, your robots.txt, all of your accounts across the web for tracking and validation, etc.

Does this seem like anything anybody wants to do, let alone are capable of? 95% of webmasters online who are GOOD and making a good living couldn't even do it, let alone the Wordpress knuckleheads.

Not to mention you take the sitewide "handshake" speed hit.

Instead of BRIBING and FORCING, they could grease the wheel a little bit. At least then we can pretend shoving Google's Square Peg up our Round Hole is easy and comfortable.

Create a free cPanel plugin and WHM method that installs and re-certifies for us. Create a Wordpress plugin for us. Something. Almost nobody is willing and capable of opening up their command line terminal, installing python, cloning gits, ssh-ing into their server, etc.

( Huge Service or SaaS opportunity here ^ )​

It's madness.

Every new site we all make should start HTTPS on a managed server. Make the hosting company generate and keep up the certificate and use your secure URL from day 1. That's the only way around the headache for the foreseeable future.

 

[contract]

I'm technical enough, but this is going to a real pain in the ass to setup.

It's not like I can just install a cert and be on my way. Even WP doesn't have a default HTTPS option in the admin area. Which means rather than relying on yet, another plugin, I'll have to get one built.

I can understand https for eCommerce, login pages, etc, but not for everything else. There are millions and millions of older sites that have been online for ages. They don't ever update, I can't see this going well for them.

Then all the ad networks, which 50% or more don't even use compression or optimize their ad images, lol. Getting them all to do https... Hard to believe.

Of course, there's all the issues with the SSL cert providers themselves. Approving shady sites, not verifying things, etc. Anyone can start a company and pump them out.

 

[enslam]

The biggest challenge will be that even if you update your sites to use https the organic links that have been build up to your site will still be http links which will trigger the warning before the redirect can occur.

 

[MooFace]

As much as these are all valid arguments, from my selfish point of view, I think anything that penalizes "plain" http is fantastic.

It can be difficult to get https right and it can be a huge pain to set it up across multiple sites if you don't have a strong technical background - and that sucks for many people. The reason it doesn't give a huge rankings boost, though, is that it's pretty trivial to set up and automate with Let's Encrypt for anyone with basic sysadmin sk1770rz.

What's interesting is how many shared hosting providers have already figured out how to "sell" this as an included bonus in their plans. I know SiteGround and DreamHost already offer Let's Encrypt certs with one-click installers in cpanel. Plenty of others have it in their pipeline.

Realistically, long-term, the only people who're going to suffer are those who're up to no good and lack the learning ability to do anything about it.

 

[miketpowell]

In Google's view all those old plain sites that never get updated should die off from the internet.

What are all these major ad networks you guys are talking about that don't support HTTPS? Because all the big ones do as far as I know - Amazon is NOT a big ad network. Most sites/agencies/networks that I've bought millions in ads from have required secure ad tags for many years now, it was a thing back in 2010.

SSL introduces one key aspect beyond the technical part. No more anonymity as easily on a bunch of Spam sites. It makes it much more cumbersome to attempt to look like a bunch of different people at once with unrelated sites. Hmmm why would Google ever push for something like that?

 

[Phenom]

Yeah I want to see what this big SSL push is going to do to some of these people that have 2-3000 junk domains with scraped content and guest posts on them. I still see people in hard, high-dollar niches ranking with shit links, but I think this is a big step in the direction of trying to weed them out.

If I had 3k domains and had to SSL all of them I would probably just start slanging them, low quality sites are either going to become high quality or die. I think it will be a slow process, but I am for sure interested to see how this all pans out.

 

[CCarter]

IMO SSL has always been a push for more "transparency" since you have to give up more "identification" to providers - and that helps Google remove the anonymity of the internet. We'll see how places like LetsEncrypt fair after Jan 1st 2017 with the flood of "free" users that I expect. A user with 3K domains, we'll it's just making things more expensive for people to run websites.

 

[Phenom]

IMO SSL has always been a push for more "transparency" since you have to give up more "identification" to providers - and that helps Google remove the anonymity of the internet. We'll see how places like LetsEncrypt fair after Jan 1st 2017 with the flood of "free" users that I expect. A user with 3K domains, we'll it's just making things more expensive for people to run websites.

Totally agree, I am just thinking about all the shit pbns you see on BHW and things like that, I would imagine if it gets too spendy it will be a good time to get some domains people don't want to bother with for sure.

 

[ryandiscord]

I just made the switch with my new site. My host offers 1 click Let's Encrypt cert. Even with that you have to make sure your redirects are properly set up and that you aren't referencing anything non HTTPs. Amazon's related product image ads aren't secure, so those are gone.

This is my second site I've moved to HTTPs, still have yet to see the increase in rank for either. One is a small ecommerce site, the other a fully established company. The only thing I've noticed is maybe a slight increase in conversion rate due to the green lock.

If you can, start any new sites on HTTPs in the first place, save you yourself the pain in the ass and 2 week traffic loss.

 

[MooFace]

Totally agree, I am just thinking about all the shit pbns you see on BHW and things like that, I would imagine if it gets too spendy it will be a good time to get some domains people don't want to bother with for sure.

Once you've got your head around how it works, it's trivial to automate Let's Encrypt across large numbers of sites.

I think it's kinda be like people talking about CloudFlare being leaving a footprint* - sure, it's kinda suss that all of your sites are CloudFlare/Let's Encrypt and yet they're in widespread enough use that you only need a trivial number of non-CF/LE sites and you look golden to Googleboy.

* Just in case it's not obvious - try to use different CF accounts for each site, otherwise the DNS server names will stick out like a sore thumb. I've also seen some subtle footprints left in the SSL certs' "common names," should you share the same account.

 

[ryandiscord]

* Just in case it's not obvious - try to use different CF accounts for each site, otherwise the DNS server names will stick out like a sore thumb. I've also seen some subtle footprints left in the SSL certs' "common names," should you share the same account.

Is Cloudflare enough to hide the hosting? Or do you have separate IP address or hosting accounts?

 

[CCarter]

Is Cloudflare enough to hide the hosting?

No. Cloudflare doesn't advertise it hides hosts. You can look up a domain's mailserver for example and work your way back, if you are on linux or Mac OSX you use certain commandline commands to find more details about a domain and the real server it's located on. There are a ton of ways to find the exact IP of a domain and therefore the hosting.

 

[ryandiscord]

There are a ton of ways to find the exact IP of a domain and therefore the hosting.

Thanks, I've heard people claiming it was enough, knew it sounded too easy.

 

[MooFace]

There are a ton of ways to find the exact IP of a domain and therefore the hosting.

Other than mistakes (e.g. referencing a common Piwik server, embedding an IP address), what other ways are there to passively find out the IP and/or hosting?

(for avoidance of doubt: I'm aware that every CF account has a nearly-unique combination of nameservers - terrible footprint if you put everything behind a single account.)

If you only have 2 A records for www and the naked domain, and MX records for Gmail, other than social engineering and active semi-attacks (e.g. testing contact form -> IP in the resulting email headers if they're not careful - hell, with the right message you can get the email routed to *your* email address if aren't sanitising inputs), I don't think it's as easy as you make it out to be.

(not trying to start an argument FWIW - I want to learn more! :-))

 

[CCarter]

I don't think it's as easy as you make it out to be.

I never said it was easy. Try nmap and dig - those two commands should start you on your way.

 

[MooFace]

I never said it was easy. Try nmap and dig - those two commands should start you on your way.

I'm aware of both :-)

Dig's not going to tell you anything.

Nmap's not going to tell you anything, as the hostnames resolve to CF's server IPs, and they don't forward on e.g. requests to port 22 or 25 that might get you a helpful banner in return.

 

[CCarter]

Nmap's not going to tell you anything, as the hostnames resolve to CF's server IPs, and they don't forward on e.g. requests to port 22 or 25 that might get you a helpful banner in return.

Give me a domain.

 

[MooFace]

http://trends.builtwith.com/websitelist/CloudFlare

 

[CCarter]

http://trends.builtwith.com/websitelist/CloudFlare

First one I tried, isn't even hosted at cloudflare (found out afterwards) - that's why I asked for a specific domain, but I went through all that so here are the results:

domain: betcheslovethis.com

IP Address: 96.127.139.45

---

2nd one AFLCIO.org:

IP Address: 12.4.17.35

what appears to be an old web development server IP: 209.29.149.45

Their servers are located at this address:

815 16TH ST NW
WASHINGTON DC - 20006-4101

^^ Their webservers are hosting at HQ. From their contact us page:

---

3rd one Bamason.com:

IP Address: 38.107.102.206

Companies is owned by www.masoncompaniesinc.com (and www.masoncompanies.com) - who's IPs aren't even behind any CDN for some odd reason.

--

As you can see locating IPs in 5 mins is rather easy. IF I wanted to really "FIND" a "hidden" domain's IP, I could dedicate serious time with other tools and scripts. Perhaps @MooFace you actually got the perfect setup - but there is always a leak somewhere just the nature of securing interconnected boxes.

I think I've proven point that Cloudflare doesn't advertise it hides hosts, since I've literally answered @ryandiscord's question of "is it enough to hide hosting". NO - I found 3 of 3's IPs with a single script. Maybe @MooFace you can help some of these guys out and write a guide on how to completely become un-detected. I'd also be up to the challenge of finding cracks in those potential theories.

--

FYI - Last two weren't even hosted at cloudflare like the first one, and things started getting long winded - and I'll just post the info:

barna.org is hosted at wpengine.com (who may have USED to be at rackspace.com or the IP was transferred) - but it's actually the staging server for barna.com

|   DNS Brute-force hostnames:
|     stats.barna.org - 104.239.173.118
|     admin.barna.org - 104.239.173.118
|     devel.barna.org - 104.239.173.118
|     mx.barna.org - 104.239.173.118
|     host.barna.org - 104.239.173.118
|     stats.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     stats.barna.org - 2620:108:700f:0:0:0:3644:2194
|     admin.barna.org - 2620:108:700f:0:0:0:3644:2194
|     admin.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     devel.barna.org - 2620:108:700f:0:0:0:3644:2194
|     devel.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mx.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mx.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     host.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     host.barna.org - 2620:108:700f:0:0:0:3644:2194
|     svn.barna.org - 104.239.173.118
|     administration.barna.org - 104.239.173.118
|     development.barna.org - 104.239.173.118
|     mx0.barna.org - 104.239.173.118
|     http.barna.org - 104.239.173.118
|     svn.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     svn.barna.org - 2620:108:700f:0:0:0:3644:2194
|     administration.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     administration.barna.org - 2620:108:700f:0:0:0:3644:2194
|     development.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     development.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mx0.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mx0.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     http.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     http.barna.org - 2620:108:700f:0:0:0:3644:2194
|     syslog.barna.org - 104.239.173.118
|     devsql.barna.org - 104.239.173.118
|     mx1.barna.org - 104.239.173.118
|     ads.barna.org - 104.239.173.118
|     id.barna.org - 104.239.173.118
|     syslog.barna.org - 2620:108:700f:0:0:0:3644:2194
|     syslog.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     devsql.barna.org - 2620:108:700f:0:0:0:3644:2194
|     devsql.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mx1.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mx1.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ads.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ads.barna.org - 2620:108:700f:0:0:0:3644:2194
|     id.barna.org - 2620:108:700f:0:0:0:3644:2194
|     id.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     test.barna.org - 104.239.173.118
|     devtest.barna.org - 104.239.173.118
|     mysql.barna.org - 104.239.173.118
|     adserver.barna.org - 104.239.173.118
|     images.barna.org - 104.239.173.118
|     test.barna.org - 2620:108:700f:0:0:0:3644:2194
|     test.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     devtest.barna.org - 2620:108:700f:0:0:0:3644:2194
|     devtest.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mysql.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mysql.barna.org - 2620:108:700f:0:0:0:3644:2194
|     adserver.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     adserver.barna.org - 2620:108:700f:0:0:0:3644:2194
|     images.barna.org - 2620:108:700f:0:0:0:3644:2194
|     images.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     test1.barna.org - 104.239.173.118
|     dhcp.barna.org - 104.239.173.118
|     news.barna.org - 104.239.173.118
|     alerts.barna.org - 104.239.173.118
|     info.barna.org - 104.239.173.118
|     test1.barna.org - 2620:108:700f:0:0:0:3644:2194
|     test1.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dhcp.barna.org - 2620:108:700f:0:0:0:3644:2194
|     dhcp.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     news.barna.org - 2620:108:700f:0:0:0:3644:2194
|     news.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     alerts.barna.org - 2620:108:700f:0:0:0:3644:2194
|     alerts.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     info.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     info.barna.org - 2620:108:700f:0:0:0:3644:2194
|     test2.barna.org - 104.239.173.118
|     direct.barna.org - 104.239.173.118
|     noc.barna.org - 104.239.173.118
|     alpha.barna.org - 104.239.173.118
|     internal.barna.org - 104.239.173.118
|     test2.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     test2.barna.org - 2620:108:700f:0:0:0:3644:2194
|     direct.barna.org - 2620:108:700f:0:0:0:3644:2194
|     direct.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     noc.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     noc.barna.org - 2620:108:700f:0:0:0:3644:2194
|     alpha.barna.org - 2620:108:700f:0:0:0:3644:2194
|     alpha.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     internal.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     internal.barna.org - 2620:108:700f:0:0:0:3644:2194
|     testing.barna.org - 104.239.173.118
|     ns.barna.org - 104.239.173.118
|     ap.barna.org - 104.239.173.118
|     dmz.barna.org - 104.239.173.118
|     internet.barna.org - 104.239.173.118
|     testing.barna.org - 2620:108:700f:0:0:0:3644:2194
|     testing.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ns.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ns.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ap.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ap.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     internet.barna.org - 2620:108:700f:0:0:0:3644:2194
|     internet.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dmz.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dmz.barna.org - 2620:108:700f:0:0:0:3644:2194
|     upload.barna.org - 104.239.173.118
|     ns0.barna.org - 104.239.173.118
|     apache.barna.org - 104.239.173.118
|     intra.barna.org - 104.239.173.118
|     dns.barna.org - 104.239.173.118
|     upload.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     upload.barna.org - 2620:108:700f:0:0:0:3644:2194
|     apache.barna.org - 2620:108:700f:0:0:0:3644:2194
|     apache.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ns0.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ns0.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     intra.barna.org - 2620:108:700f:0:0:0:3644:2194
|     intra.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dns.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dns.barna.org - 2620:108:700f:0:0:0:3644:2194
|     vm.barna.org - 104.239.173.118
|     app.barna.org - 104.239.173.118
|     ns1.barna.org - 104.239.173.118
|     intranet.barna.org - 104.239.173.118
|     dns0.barna.org - 104.239.173.118
|     vm.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     vm.barna.org - 2620:108:700f:0:0:0:3644:2194
|     app.barna.org - 2620:108:700f:0:0:0:3644:2194
|     app.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     intranet.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     intranet.barna.org - 2620:108:700f:0:0:0:3644:2194
|     dns0.barna.org - 2620:108:700f:0:0:0:3644:2194
|     dns0.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ns1.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ns1.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     vnc.barna.org - 104.239.173.118
|     apps.barna.org - 104.239.173.118
|     ipv6.barna.org - 104.239.173.118
|     dns1.barna.org - 104.239.173.118
|     vnc.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     vnc.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ns2.barna.org - 104.239.173.118
|     apps.barna.org - 2620:108:700f:0:0:0:3644:2194
|     apps.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dns1.barna.org - 2620:108:700f:0:0:0:3644:2194
|     dns1.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ipv6.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ipv6.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     voip.barna.org - 104.239.173.118
|     ns2.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ns2.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     appserver.barna.org - 104.239.173.118
|     voip.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     voip.barna.org - 2620:108:700f:0:0:0:3644:2194
|     dns2.barna.org - 104.239.173.118
|     ns3.barna.org - 104.239.173.118
|     lab.barna.org - 104.239.173.118
|     appserver.barna.org - 2620:108:700f:0:0:0:3644:2194
|     appserver.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dns2.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dns2.barna.org - 2620:108:700f:0:0:0:3644:2194
|     lab.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     lab.barna.org - 2620:108:700f:0:0:0:3644:2194
|     vpn.barna.org - 104.239.173.118
|     aptest.barna.org - 104.239.173.118
|     ns3.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ns3.barna.org - 2620:108:700f:0:0:0:3644:2194
|     vpn.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     vpn.barna.org - 2620:108:700f:0:0:0:3644:2194
|     aptest.barna.org - 2620:108:700f:0:0:0:3644:2194
|     aptest.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     download.barna.org - 104.239.173.118
|     ntp.barna.org - 104.239.173.118
|     ldap.barna.org - 104.239.173.118
|     web.barna.org - 104.239.173.118
|     download.barna.org - 2620:108:700f:0:0:0:3644:2194
|     download.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ldap.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ldap.barna.org - 2620:108:700f:0:0:0:3644:2194
|     auth.barna.org - 104.239.173.118
|     ntp.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ntp.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     web.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     web.barna.org - 2620:108:700f:0:0:0:3644:2194
|     linux.barna.org - 104.239.173.118
|     auth.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     auth.barna.org - 2620:108:700f:0:0:0:3644:2194
|     en.barna.org - 104.239.173.118
|     ops.barna.org - 104.239.173.118
|     web2test.barna.org - 104.239.173.118
|     linux.barna.org - 2620:108:700f:0:0:0:3644:2194
|     linux.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     backup.barna.org - 104.239.173.118
|     en.barna.org - 2620:108:700f:0:0:0:3644:2194
|     en.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ops.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ops.barna.org - 2620:108:700f:0:0:0:3644:2194
|     web2test.barna.org - 2620:108:700f:0:0:0:3644:2194
|     web2test.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     backup.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     backup.barna.org - 2620:108:700f:0:0:0:3644:2194
|     erp.barna.org - 104.239.173.118
|     oracle.barna.org - 104.239.173.118
|     local.barna.org - 104.239.173.118
|     beta.barna.org - 104.239.173.118
|     erp.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     erp.barna.org - 2620:108:700f:0:0:0:3644:2194
|     local.barna.org - 2620:108:700f:0:0:0:3644:2194
|     local.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     whois.barna.org - 104.239.173.118
|     oracle.barna.org - 2620:108:700f:0:0:0:3644:2194
|     oracle.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     eshop.barna.org - 104.239.173.118
|     log.barna.org - 104.239.173.118
|     whois.barna.org - 2620:108:700f:0:0:0:3644:2194
|     whois.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     beta.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     beta.barna.org - 2620:108:700f:0:0:0:3644:2194
|     owa.barna.org - 104.239.173.118
|     eshop.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     eshop.barna.org - 2620:108:700f:0:0:0:3644:2194
|     wiki.barna.org - 104.239.173.118
|     blog.barna.org - 104.239.173.118
|     owa.barna.org - 2620:108:700f:0:0:0:3644:2194
|     owa.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     log.barna.org - 2620:108:700f:0:0:0:3644:2194
|     log.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     wiki.barna.org - 2620:108:700f:0:0:0:3644:2194
|     wiki.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     blog.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     blog.barna.org - 2620:108:700f:0:0:0:3644:2194
|     exchange.barna.org - 104.239.173.118
|     pbx.barna.org - 104.239.173.118
|     mail.barna.org - 173.194.213.121
|     www.barna.org - 104.239.173.118
|     exchange.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     exchange.barna.org - 2620:108:700f:0:0:0:3644:2194
|     pbx.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     pbx.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mail.barna.org - 2607:f8b0:400c:c0a:0:0:0:79
|     www.barna.org - 2620:108:700f:0:0:0:3644:2194
|     www.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     f5.barna.org - 104.239.173.118
|     s3.barna.org - 104.239.173.118
|     mail2.barna.org - 104.239.173.118
|     www2.barna.org - 104.239.173.118
|     f5.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     f5.barna.org - 2620:108:700f:0:0:0:3644:2194
|     chat.barna.org - 104.239.173.118
|     s3.barna.org - 2620:108:700f:0:0:0:3644:2194
|     s3.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mail2.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mail2.barna.org - 2620:108:700f:0:0:0:3644:2194
|     www2.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     www2.barna.org - 2620:108:700f:0:0:0:3644:2194
|     chat.barna.org - 2620:108:700f:0:0:0:3644:2194
|     chat.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     fileserver.barna.org - 104.239.173.118
|     secure.barna.org - 104.239.173.118
|     mail3.barna.org - 104.239.173.118
|     xml.barna.org - 104.239.173.118
|     citrix.barna.org - 104.239.173.118
|     fileserver.barna.org - 2620:108:700f:0:0:0:3644:2194
|     fileserver.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     secure.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     secure.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mail3.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mail3.barna.org - 2620:108:700f:0:0:0:3644:2194
|     firewall.barna.org - 104.239.173.118
|     xml.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     xml.barna.org - 2620:108:700f:0:0:0:3644:2194
|     citrix.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     citrix.barna.org - 2620:108:700f:0:0:0:3644:2194
|     server.barna.org - 104.239.173.118
|     mailgate.barna.org - 104.239.173.118
|     cms.barna.org - 104.239.173.118
|     firewall.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     firewall.barna.org - 2620:108:700f:0:0:0:3644:2194
|     server.barna.org - 2620:108:700f:0:0:0:3644:2194
|     server.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mailgate.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mailgate.barna.org - 2620:108:700f:0:0:0:3644:2194
|     forum.barna.org - 104.239.173.118
|     main.barna.org - 104.239.173.118
|     cms.barna.org - 2620:108:700f:0:0:0:3644:2194
|     cms.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     shop.barna.org - 104.239.173.118
|     main.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     main.barna.org - 2620:108:700f:0:0:0:3644:2194
|     corp.barna.org - 104.239.173.118
|     forum.barna.org - 2620:108:700f:0:0:0:3644:2194
|     forum.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     shop.barna.org - 2620:108:700f:0:0:0:3644:2194
|     shop.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     corp.barna.org - 2620:108:700f:0:0:0:3644:2194
|     corp.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ftp.barna.org - 104.239.173.118
|     sip.barna.org - 104.239.173.118
|     manage.barna.org - 104.239.173.118
|     manage.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     manage.barna.org - 2620:108:700f:0:0:0:3644:2194
|     crs.barna.org - 104.239.173.118
|     ftp.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ftp.barna.org - 2620:108:700f:0:0:0:3644:2194
|     sip.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     sip.barna.org - 2620:108:700f:0:0:0:3644:2194
|     crs.barna.org - 2620:108:700f:0:0:0:3644:2194
|     crs.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ftp0.barna.org - 104.239.173.118
|     smtp.barna.org - 104.239.173.118
|     mgmt.barna.org - 104.239.173.118
|     cvs.barna.org - 104.239.173.118
|     ftp0.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ftp0.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     smtp.barna.org - 2620:108:700f:0:0:0:3644:2194
|     smtp.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mgmt.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mgmt.barna.org - 2620:108:700f:0:0:0:3644:2194
|     git.barna.org - 104.239.173.118
|     sql.barna.org - 104.239.173.118
|     cvs.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     cvs.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mirror.barna.org - 104.239.173.118
|     sql.barna.org - 2620:108:700f:0:0:0:3644:2194
|     sql.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     database.barna.org - 104.239.173.118
|     git.barna.org - 2620:108:700f:0:0:0:3644:2194
|     git.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mirror.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mirror.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     database.barna.org - 2620:108:700f:0:0:0:3644:2194
|     database.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     gw.barna.org - 104.239.173.118
|     squid.barna.org - 104.239.173.118
|     mobile.barna.org - 104.239.173.118
|     mobile.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mobile.barna.org - 2620:108:700f:0:0:0:3644:2194
|     db.barna.org - 104.239.173.118
|     squid.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     squid.barna.org - 2620:108:700f:0:0:0:3644:2194
|     monitor.barna.org - 104.239.173.118
|     db.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     db.barna.org - 2620:108:700f:0:0:0:3644:2194
|     help.barna.org - 104.239.173.118
|     ssh.barna.org - 104.239.173.118
|     demo.barna.org - 104.239.173.118
|     help.barna.org - 2620:108:700f:0:0:0:3644:2194
|     help.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     ssh.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ssh.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     monitor.barna.org - 2620:108:700f:0:0:0:3644:2194
|     monitor.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     demo.barna.org - 2620:108:700f:0:0:0:3644:2194
|     demo.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     helpdesk.barna.org - 104.239.173.118
|     ssl.barna.org - 104.239.173.118
|     mssql.barna.org - 104.239.173.118
|     dev.barna.org - 104.239.173.118
|     helpdesk.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     helpdesk.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ssl.barna.org - 2620:108:700f:0:0:0:3644:2194
|     ssl.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     mssql.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mssql.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dev.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     dev.barna.org - 2620:108:700f:0:0:0:3644:2194
|     home.barna.org - 104.239.173.118
|     stage.barna.org - 104.239.173.118
|     mta.barna.org - 104.239.173.118
|     home.barna.org - 2620:108:700f:0:0:0:3644:2194
|     home.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     stage.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|     stage.barna.org - 2620:108:700f:0:0:0:3644:2194
|     mta.barna.org - 2620:108:700f:0:0:0:3270:9ff9
|_    mta.barna.org - 2620:108:700f:0:0:0:3644:2194

foodsaver.com is at Internap.com
IP Address I suspect is "74.201.171.198"
Their production server is = production.web.jarden.demandware.net

DNS Brute-force hostnames:
|     mx.foodsaver.com - 74.201.171.198
|     host.foodsaver.com - 74.201.171.198
|     admin.foodsaver.com - 74.201.171.198
|     devel.foodsaver.com - 74.201.171.198
|     stats.foodsaver.com - 74.201.171.198
|     mx0.foodsaver.com - 74.201.171.198
|     http.foodsaver.com - 74.201.171.198
|     administration.foodsaver.com - 74.201.171.198
|     svn.foodsaver.com - 74.201.171.198
|     mx1.foodsaver.com - 74.201.171.198
|     id.foodsaver.com - 74.201.171.198
|     ads.foodsaver.com - 74.201.171.198
|     syslog.foodsaver.com - 74.201.171.198
|     mysql.foodsaver.com - 74.201.171.198
|     adserver.foodsaver.com - 74.201.171.198
|     images.foodsaver.com - 74.201.171.198
|     test.foodsaver.com - 74.201.171.198
|     news.foodsaver.com - 74.201.171.198
|     alerts.foodsaver.com - 74.201.171.198
|     info.foodsaver.com - 74.201.171.198
|     test1.foodsaver.com - 74.201.171.198
|     noc.foodsaver.com - 74.201.171.198
|     internal.foodsaver.com - 74.201.171.198
|     test2.foodsaver.com - 74.201.171.198
|     ns.foodsaver.com - 74.201.171.198
|     internet.foodsaver.com - 74.201.171.198
|     ns0.foodsaver.com - 74.201.171.198
|     intra.foodsaver.com - 74.201.171.198
|     intranet.foodsaver.com - 74.201.171.198
|     ipv6.foodsaver.com - 74.201.171.198
|     testing.foodsaver.com - 74.201.171.198
|     lab.foodsaver.com - 74.201.171.198
|     upload.foodsaver.com - 74.201.171.198
|     ntp.foodsaver.com - 74.201.171.198
|     ldap.foodsaver.com - 74.201.171.198
|     vm.foodsaver.com - 74.201.171.198
|     ops.foodsaver.com - 74.201.171.198
|     linux.foodsaver.com - 74.201.171.198
|     oracle.foodsaver.com - 74.201.171.198
|     vnc.foodsaver.com - 74.201.171.198
|     local.foodsaver.com - 74.201.171.198
|     development.foodsaver.com - 74.201.171.198
|     owa.foodsaver.com - 74.201.171.198
|     log.foodsaver.com - 74.201.171.198
|     voip.foodsaver.com - 74.201.171.198
|     devsql.foodsaver.com - 74.201.171.198
|     pbx.foodsaver.com - 74.201.171.198
|     mail.foodsaver.com - 74.201.171.198
|     vpn.foodsaver.com - 74.201.171.198
|     devtest.foodsaver.com - 74.201.171.198
|     s3.foodsaver.com - 74.201.171.198
|     mail2.foodsaver.com - 74.201.171.198
|     web.foodsaver.com - 74.201.171.198
|     dhcp.foodsaver.com - 74.201.171.198
|     secure.foodsaver.com - 104.16.142.62
|     secure.foodsaver.com - 104.16.138.62
|     secure.foodsaver.com - 104.16.140.62
|     secure.foodsaver.com - 104.16.141.62
|     secure.foodsaver.com - 104.16.139.62
|     alpha.foodsaver.com - 74.201.171.198
|     web2test.foodsaver.com - 74.201.171.198
|     direct.foodsaver.com - 74.201.171.198
|     mail3.foodsaver.com - 74.201.171.198
|     server.foodsaver.com - 74.201.171.198
|     ap.foodsaver.com - 74.201.171.198
|     whois.foodsaver.com - 74.201.171.198
|     mailgate.foodsaver.com - 74.201.171.198
|     dmz.foodsaver.com - 74.201.171.198
|     apache.foodsaver.com - 74.201.171.198
|     wiki.foodsaver.com - 74.201.171.198
|     shop.foodsaver.com - 74.201.171.198
|     main.foodsaver.com - 74.201.171.198
|     dns.foodsaver.com - 74.201.171.198
|     www.foodsaver.com - 104.16.140.136
|     www.foodsaver.com - 104.16.141.136
|     sip.foodsaver.com - 74.201.171.198
|     app.foodsaver.com - 74.201.171.198
|     manage.foodsaver.com - 74.201.171.198
|     dns0.foodsaver.com - 74.201.171.198
|     smtp.foodsaver.com - 74.201.171.198
|     apps.foodsaver.com - 74.201.171.198
|     www2.foodsaver.com - 74.201.171.198
|     mgmt.foodsaver.com - 74.201.171.198
|     dns1.foodsaver.com - 74.201.171.198
|     sql.foodsaver.com - 74.201.171.198
|     appserver.foodsaver.com - 74.201.171.198
|     xml.foodsaver.com - 74.201.171.198
|     mirror.foodsaver.com - 74.201.171.198
|     dns2.foodsaver.com - 74.201.171.198
|     squid.foodsaver.com - 74.201.171.198
|     mobile.foodsaver.com - 104.16.142.62
|     mobile.foodsaver.com - 104.16.139.62
|     mobile.foodsaver.com - 104.16.140.62
|     mobile.foodsaver.com - 104.16.138.62
|     mobile.foodsaver.com - 104.16.141.62
|     aptest.foodsaver.com - 74.201.171.198
|     download.foodsaver.com - 74.201.171.198
|     ssh.foodsaver.com - 74.201.171.198
|     auth.foodsaver.com - 74.201.171.198
|     monitor.foodsaver.com - 74.201.171.198
|     en.foodsaver.com - 74.201.171.198
|     ssl.foodsaver.com - 74.201.171.198
|     mssql.foodsaver.com - 74.201.171.198
|     backup.foodsaver.com - 74.201.171.198
|     mta.foodsaver.com - 74.201.171.198
|     stage.foodsaver.com - 74.201.171.198
|     beta.foodsaver.com - 74.201.171.198
|     erp.foodsaver.com - 74.201.171.198
|     blog.foodsaver.com - 74.201.171.198
|     eshop.foodsaver.com - 74.201.171.198
|     cdn.foodsaver.com - 74.201.171.198
|     exchange.foodsaver.com - 74.201.171.198
|     chat.foodsaver.com - 74.201.171.198
|     f5.foodsaver.com - 74.201.171.198
|     citrix.foodsaver.com - 74.201.171.198
|     fileserver.foodsaver.com - 74.201.171.198
|     cms.foodsaver.com - 74.201.171.198
|     firewall.foodsaver.com - 74.201.171.198
|     corp.foodsaver.com - 74.201.171.198
|     forum.foodsaver.com - 74.201.171.198
|     crs.foodsaver.com - 74.201.171.198
|     ftp.foodsaver.com - 74.201.171.198
|     cvs.foodsaver.com - 74.201.171.198
|     ftp0.foodsaver.com - 74.201.171.198
|     database.foodsaver.com - 74.201.171.198
|     git.foodsaver.com - 74.201.171.198
|     db.foodsaver.com - 74.201.171.198
|     gw.foodsaver.com - 74.201.171.198
|     demo.foodsaver.com - 74.201.171.198
|     help.foodsaver.com - 74.201.171.198
|     dev.foodsaver.com - 74.201.171.200
|     helpdesk.foodsaver.com - 74.201.171.198
|_    home.foodsaver.com - 74.201.171.198

 

[MooFace]

First one I tried, isn't even hosted at cloudflare (found out afterwards) - that's why I asked for a specific domain, but I went through all that so here are the results:

Hahaha, great work! That'll teach me to be so petulant

Because I'm so awesome, the idea of brute-forcing DNS hadn't even occurred to me. I was obsessing with banner ID fun from SSH connects and the like.

Anyway - nothing for my sites, but since I don't even share those niches with my wife, trying to move on to other lists. From http://trends.builtwith.com/websitelist/CloudFlare-DNS (I know, I know...):

fivecentnickel.com looks trickier at a glance - the others leak IPs

I could contribute to a guide - all it'd be is flashing out the rules above, i.e. only have two A records - one for WWW, one for naked domain - use the domain for nothing else, and never reference anything other than the same domain names in your code. No IPs or cutesy convenient names for DB servers and the like. If you must use email, use a provider like Google apps, fastmail etc. etc.

The flip side of this is that one shouldn't rely on buying IPs for sites either; getting IPs that don't have the same (or related) info in e.g. RIPE is not an easy task. Well - unless someone's made it easier recently.

 

[CCarter]

Google apps

But if someone is using Google Apps - it sort-of defeats the purpose of... hiding your IPs from Google. I guess the real question is "WHO" are you hiding from. My understanding is most people using cloudflare are trying to hide their IP addresses so they can host 1 to 100 domains on a single IP and Google can't see it. So who's the intended "finder" that is suppose to be dupped?

BTW fivecentnickel.com's IP address is 70.42.23.124

 

[chanilla]

As a general rule, if you're spamming or churning and burning in mass and trying to hide behind cloudflare, you never want more than two dns records. Ever. (1 A record and www cname)

Not foolproof, but for the average competitive intelligence it's enough. (we can't all be Carter brah!! ) Incapsula, Cloudfront, Akamai, Torbit, etc..

 

[MooFace]

But if someone is using Google Apps - it sort-of defeats the purpose of... hiding your IPs from Google. I guess the real question is "WHO" are you hiding from. My understanding is most people using cloudflare are trying to hide their IP addresses so they can host 1 to 100 domains on a single IP and Google can't see it. So who's the intended "finder" that is suppose to be dupped?

BTW fivecentnickel.com's IP address is 70.42.23.124

Haha, skills!

Re gapps, it depends on your level of tibfoilhattery. Using for all sites probably isn't a good idea. Some subset of that though? Meh. I mean, I know enough peeps who use search console for everything - god only knows. That's the one that'd set off my radar waaaay sooner.

cname

I don't know why I take such exception to cname records. It's like my mistrust of horses and dolphins. Some things in the world are just wrong.

 

[Ryuzaki]

Why would you go through all of this sophisticated effort to hide yourself and then use Cloudflare as a layer when it's transparent?

And then worse, get to 99% hidden and then feed the data straight to Google with Apps, Docs, Sheets, Gmail, Fonts, etc.?

There is literally nobody else worth hiding from.

If you're not tinkering around with PBNs and spam, and instead build real businesses (this is not aimed at anyone in particular or even in this thread, of course, I'm speaking generally) then instead of hiding you can actually take pride in putting your name on a business.

And then you're sending trust signals instead of dis-trust signals and might even rank higher than you would have otherwise.

Otherwise, if you want a large blackhat operation, it costs a LOT of overhead in hosting, and you're going to lose a network or two finding a lot of these hidden footprints you don't realize exist on the backend and on the server and in the records.

And then it's just a matter of time, because you don't build a PBN to not use it. And if you use it, you're building a footprint. If you don't use it enough it's not worth the cash.

It's not a question of permanency. Nobody wants to lose an investment of time and cash. That's why you use it and use it hard and turn it profitable before it tanks.

And if you have a brain it doesn't take a money site with it.

Because you didn't use it on a money site. You spammed, made cash, had no attachments, and when it tanked you looked at your margins and smiled, and then realized it still wasn't worth the headache.