Wow so this person has been running this site for so many years, paying bills, answering god knows how many idiots and even getting close to trouble with 3 letter agencies and senators for absolutely nothing.. hats off to you sir, any other person would have thrown in the towel a long time ago.<p>Also i feel little bad you didn't get any money out of it whether the site was designed to make money or not. It would have been a wonderful end to the story if you got something back for all the years of hardwork you put into running it. You do have my appreciation if that means anything though.<p>P.S. this story is very similar to rawgit which was a wonderful site but also fell prey to malware aholes.
I was using icanhazip to check if my Tor circuit was complete, and probably made 50-100 requests per week. The site was getting slow, and I thought it is just a random site that the author didn't really care too much.<p>I dropped my jaw when I read it was getting 30B req/day.<p>Thank you for running this site for so long, and thank you for keeping it up for free, and deciding to not monetize it.
Reminds me of `echo $(dig @ns1.google.com o-o.myaddr.l.google.com TXT +short | tr -d \")`. I have no idea where this DNS query came from, because searching all of Google turns up nothing but <a href="https://github.com/GoogleCloudPlatform/cloud-self-test-kit/blob/master/tracerouter.py#L169" rel="nofollow">https://github.com/GoogleCloudPlatform/cloud-self-test-kit/b...</a>, which is never referenced by anyone. I had to track it down myself for a bootstrap.sh, but I don't like using undocumented sources for critical infrastructure.<p>My use case was needing to set the result of `hostname -f` in /etc/hosts in an automated fashion if a VPS provider didn't already add a line for the public Internet address in that file. You need to do this so that sendmail doesn't fail on `apt install` when it attempts to read your FQDN. So I couldn't use the NGINX example posted elsewhere here.<p>It seems like <a href="https://checkip.amazonaws.com/" rel="nofollow">https://checkip.amazonaws.com/</a> is much more "reliable" in that it is publicly documented at <a href="https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/security-groups.html" rel="nofollow">https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/s...</a>.<p>To anyone who needs to read this: please don't use "services" like icanhazip for your provisioning. Even my examples above are bad.<p>It does strike me as weird that there is seemingly no POSIX-compliant way to get your public Internet address, from my readings.<p>Edit: Oh goodness... even Amazon's documentation recommends using Google's undocumented DNS query.[1]<p>[1]: <a href="https://aws.amazon.com/premiumsupport/knowledge-center/route-53-find-ecs-support-dns-resolver/" rel="nofollow">https://aws.amazon.com/premiumsupport/knowledge-center/route...</a>
Chinese originated spam and abuse is so outrageously widespread, I don’t understand why there isn’t a conversation going on about cutting them off from the wider internet. They blocked most of it anyway.
Thanks for all your hard work! icanhazip.com / icanhazptr.com have been incredibly useful.<p>Small feature request: back in the day {ipv4,ipv6}.{icanhazptr,icanhazip}.com only had A / AAAA records, but now it seems they have both and thus a simple "curl ipv4.icanhzptr.com" can also give me a v6 address (of course, "curl -4" works). Would Cloudfare be OK with separating them again?
I’ve seen packages that do ”internet-detection” by calling out to icanhazip.com, and I just thought that was so irresposnible. What if your package got popular, how much money are you costing the hoster? For services like this, people just don’t consider the fact that there’s someone on the other side.
I used to use this site until I found <a href="https://checkip.amazonaws.com/" rel="nofollow">https://checkip.amazonaws.com/</a>. Switched because I wasn't sure who was behind icanhazip.com and it's tough to beat AWS. Glad to hear that it will likely be maintained for awhile longer!
Truly selfless service.
It cost him many thousands in money and tens of thousands in time.<p>And :<p>"If you’re curious, Cloudflare did pay me for the site. We made a deal for them to pay me $8.03; the cost of the domain registration. The goal was never to make money from the site (although I did get about $75 in total donations from 2009 to 2021). The goal was to provide a service to the internet. Cloudflare has helped me do that and they will continue to do it as the new owners and operators of icanhazip.com."<p>BTW, speaking as a nerd, he has the best formatted resume that I have ever seen !<p>See: <a href="https://majorhayden.com/" rel="nofollow">https://majorhayden.com/</a>
This kind of service is exactly what STUN servers are made for. Designed to be used with webrtc, but it works perfectly alright by itself.<p>There are a plethora of unauthenticated STUN servers around, and while there's still room for abuse, the protocol is a bit more lightweight than full-blown http requests, and faster, too!<p>I've dabbled with doing this on my own, but I've found `myip` to do the job nicely and without hassle:<p><a href="https://github.com/Snawoot/myip" rel="nofollow">https://github.com/Snawoot/myip</a>
There was a thread[1] a couple months ago where I discovered a method to get one's IP address relying only on DNS:<p><pre><code> nslookup myip.opendns.com resolver1.opendns.com
</code></pre>
I love it.<p>[1]: <<a href="https://news.ycombinator.com/item?id=26634476" rel="nofollow">https://news.ycombinator.com/item?id=26634476</a>>
Had the pleasure of working with Major at Rackspace; his professionalism, ethics, and quality of person always impressed me and inspired me to be a better version of myself every day. This move is a very mature decision; one that was probably bittersweet. Kudos Major on taking a step forward and putting the stewardship where it belongs.
I'm glad icanhazip will live on! We also see a lot of malware and bot traffic to <a href="https://ipinfo.io" rel="nofollow">https://ipinfo.io</a>, but nowhere near these levels!
I feel like in theory google should be returning this site, instead of the ad-filled sites when one searches "my ip address." But it always seems like Google heavily over-values the domain name and search term matches.
I run a very simple, completely free API service as well. Currently using Google Cloud Run, handling a constant 10 rps for ~$8/mo. Pretty happy with it. I could probably cost optimize more. I sure hope I never have to deal with 30 billion requests per day, though. I'm sure my patience would run thin as well. Thank you to the author for running this site for so many years!
For those behind a home router an alternative is to use UPNP, e.g., through the miniupnpc package on Debian which ships the `/usr/bin/external-ip` script that postprocesses the `upnpc -s` output.
You can implement this yourself in nginx like this:<p><pre><code> location /ip {
add_header Content-Type "application/json";
return 200 '{"host":"$server_name","ip":"$remote_addr","port":"$remote_port","server_ip":"$server_addr","server_port":"$server_port"}\n';
}
</code></pre>
and you will get back a little JSON with everything you want.
I use this <a href="https://cloudflare.com/cdn-cgi/trace" rel="nofollow">https://cloudflare.com/cdn-cgi/trace</a>
Wow ! I would never have guessed icanhazip.com got such an enormous amount of requests per day ! I wonder how this site/service achieved such a notoriety ? I am really not trying to diminish the author work but since it is something pretty simple to build and I know there are lots of others alternative I wonder what makes people choose this one over an other like let's say :<p><a href="http://ipinfo.io/ip" rel="nofollow">http://ipinfo.io/ip</a>
<a href="https://test-ipv6.com/" rel="nofollow">https://test-ipv6.com/</a>
checkip.amazon.com
checkip.dyndns.com
<a href="http://whatismyip.akamai.com/" rel="nofollow">http://whatismyip.akamai.com/</a>
ifconfig.me
ip.zfx.fr // I even have mine ^^
etc...
I use this service in my Dynamic DNS script for Cloudflare too: <a href="https://github.com/kissgyorgy/cloudflare-dyndns" rel="nofollow">https://github.com/kissgyorgy/cloudflare-dyndns</a><p>It's time to put this service to the first place.
This is a perfect illustration of why the DNS system is fundamentally broken. There is zero reason why icanhazip.com needs to or should resolve to a single host or even a single virtual host managed by some SDN operated by a corp that controls thousands of machines.<p>These queries could load balanced across the whole internet, the code is small enough that you could just whitelist the code by checksum and then compare results from multiple underlying hosts. The fact that you need a giant corporation to be able to practically run the backend for what is essentially urn:asker.public.ip is absurd beyond belief.<p>The big players aren't going to fix this because the broken protocols give them a major competitive advantage.
Cloudflare has an official method to get external IP that uses chaosnet records.
I found a little script for it a while ago.
In python:
<a href="https://gist.github.com/czaux/b729a5de8d1334afbbe147a6bcee55e1" rel="nofollow">https://gist.github.com/czaux/b729a5de8d1334afbbe147a6bcee55...</a>
It is pretty good; no HTML or anything else like that is needed. I sometimes use it (not very often, but occasionally it is useful); I have a shell script that calls curl to access it.<p>As long as it is continuing working, OK. (I can verify that the returned data is correct without too much difficulty)
I used it for a while, then after a couple of failures decided to whip up my own at <a href="https://geocode.xyz/myip" rel="nofollow">https://geocode.xyz/myip</a><p>Took me 5 minutes of work and exactly one line of code.
> We made a deal for them to pay me $8.03<p>I seriously can't imagine NOT negotiating with a company like CloudFlare for a decent chunk of money. As a multi-billion dollar corporation, I wouldn't leave money on the table.
> If you’re curious, Cloudflare did pay me for the site. We made a deal for them to pay me $8.03; the cost of the domain registration. The goal was never to make money from the site (although I did get about $75 in total donations from 2009 to 2021). The goal was to provide a service to the internet. Cloudflare has helped me do that and they will continue to do it as the new owners and operators of icanhazip.com.<p>Damn, I'm almost mad at you for not hustling. Could have left with a few million easily over that entire time period, including charging Cloudfare a small fortune for the site! But hats off to you for being a <i>true</i> altruist. Too many paper altruists these days.
What qualifies as “abuse” for a website that simply returns your IP? I don’t get it.<p>You made a free service, and then lots of people started abusing it by... using the service?
With that kind of traffic I'd be tempted to take the site offline for a few days to see if some prominent services had an outage due to relying on it.
WOW! Nice story. I’m running very similar project for free and for fun. Also this is usually happening to me every day. Besides other things I’m providing also website checks, so almost every second registration is used to wake up bots like repl.co or minecraft bots hosted on such sites. Life isn’t easy, right? :D anyway it is still the fun to run such service and I understand why author want it alive for a such long time :) when you want to try something similar with few more features, give a try to hostbeat.info
stopped using them a few years ago when they started blocking my VPN. I set up is.gd/icanhazip which points to <a href="https://dynupdate.no-ip.com/ip.php" rel="nofollow">https://dynupdate.no-ip.com/ip.php</a> who since the switch have been a great substitute
I have admired Major for a long time, however I'm disappointed to see further defacto consolidation of widely used Internet infrastructure (regardless of if it should be getting used this way).
I wonder how much it would've helped if the site was not python. The same thing can be replicated with just nginx something like this:<p><pre><code> location /remote_addr {
default_type text/plain;
return 200 "$remote_addr\n";
}
</code></pre>
It's possible to add rate limit there too to control some of the abuse, of course you could even go further and develop native program that's optimized just for this use case (as well as being a simple HTTP server).