A New Future for Icanhazip

980 点作者 nkcmr将近 4 年前

46 条评论

superasn将近 4 年前

Wow so this person has been running this site for so many years, paying bills, answering god knows how many idiots and even getting close to trouble with 3 letter agencies and senators for absolutely nothing.. hats off to you sir, any other person would have thrown in the towel a long time ago.Also i feel little bad you didn't get any money out of it whether the site was designed to make money or not. It would have been a wonderful end to the story if you got something back for all the years of hardwork you put into running it. You do have my appreciation if that means anything though.P.S. this story is very similar to rawgit which was a wonderful site but also fell prey to malware aholes.

评论 #27416729 未加载

评论 #27417508 未加载

Ayesh将近 4 年前

I was using icanhazip to check if my Tor circuit was complete, and probably made 50-100 requests per week. The site was getting slow, and I thought it is just a random site that the author didn't really care too much.I dropped my jaw when I read it was getting 30B req/day.Thank you for running this site for so long, and thank you for keeping it up for free, and deciding to not monetize it.

评论 #27416146 未加载

andrewmcwatters将近 4 年前

Reminds me of `echo $(dig @ns1.google.com o-o.myaddr.l.google.com TXT +short | tr -d \")`. I have no idea where this DNS query came from, because searching all of Google turns up nothing but <a href="https://github.com/GoogleCloudPlatform/cloud-self-test-kit/blob/master/tracerouter.py#L169" rel="nofollow">https://github.com/GoogleCloudPlatform/cloud-self-test-kit/b...</a>, which is never referenced by anyone. I had to track it down myself for a bootstrap.sh, but I don't like using undocumented sources for critical infrastructure.My use case was needing to set the result of `hostname -f` in /etc/hosts in an automated fashion if a VPS provider didn't already add a line for the public Internet address in that file. You need to do this so that sendmail doesn't fail on `apt install` when it attempts to read your FQDN. So I couldn't use the NGINX example posted elsewhere here.It seems like <a href="https://checkip.amazonaws.com/" rel="nofollow">https://checkip.amazonaws.com/</a> is much more "reliable" in that it is publicly documented at <a href="https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/security-groups.html" rel="nofollow">https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/s...</a>.To anyone who needs to read this: please don't use "services" like icanhazip for your provisioning. Even my examples above are bad.It does strike me as weird that there is seemingly no POSIX-compliant way to get your public Internet address, from my readings.Edit: Oh goodness... even Amazon's documentation recommends using Google's undocumented DNS query.[1][1]: <a href="https://aws.amazon.com/premiumsupport/knowledge-center/route-53-find-ecs-support-dns-resolver/" rel="nofollow">https://aws.amazon.com/premiumsupport/knowledge-center/route...</a>

评论 #27417302 未加载

评论 #27417564 未加载

评论 #27418333 未加载

评论 #27420016 未加载

评论 #27418679 未加载

评论 #27418095 未加载

toxik将近 4 年前

Chinese originated spam and abuse is so outrageously widespread, I don’t understand why there isn’t a conversation going on about cutting them off from the wider internet. They blocked most of it anyway.

评论 #27416937 未加载

评论 #27416273 未加载

评论 #27416773 未加载

评论 #27417395 未加载

评论 #27415770 未加载

评论 #27416375 未加载

评论 #27415801 未加载

评论 #27415797 未加载

madars将近 4 年前

Thanks for all your hard work! icanhazip.com / icanhazptr.com have been incredibly useful.Small feature request: back in the day {ipv4,ipv6}.{icanhazptr,icanhazip}.com only had A / AAAA records, but now it seems they have both and thus a simple "curl ipv4.icanhzptr.com" can also give me a v6 address (of course, "curl -4" works). Would Cloudfare be OK with separating them again?

评论 #27417984 未加载

评论 #27417303 未加载

OskarS将近 4 年前

I’ve seen packages that do ”internet-detection” by calling out to icanhazip.com, and I just thought that was so irresposnible. What if your package got popular, how much money are you costing the hoster? For services like this, people just don’t consider the fact that there’s someone on the other side.

评论 #27416090 未加载

评论 #27416037 未加载

评论 #27416043 未加载

ColdHeat将近 4 年前

I used to use this site until I found <a href="https://checkip.amazonaws.com/" rel="nofollow">https://checkip.amazonaws.com/</a>. Switched because I wasn't sure who was behind icanhazip.com and it's tough to beat AWS. Glad to hear that it will likely be maintained for awhile longer!

评论 #27415952 未加载

评论 #27416424 未加载

Ice_cream_suit将近 4 年前

Truly selfless service. It cost him many thousands in money and tens of thousands in time.And :"If you’re curious, Cloudflare did pay me for the site. We made a deal for them to pay me $8.03; the cost of the domain registration. The goal was never to make money from the site (although I did get about $75 in total donations from 2009 to 2021). The goal was to provide a service to the internet. Cloudflare has helped me do that and they will continue to do it as the new owners and operators of icanhazip.com."BTW, speaking as a nerd, he has the best formatted resume that I have ever seen !See: <a href="https://majorhayden.com/" rel="nofollow">https://majorhayden.com/</a>

mjsir911将近 4 年前

This kind of service is exactly what STUN servers are made for. Designed to be used with webrtc, but it works perfectly alright by itself.There are a plethora of unauthenticated STUN servers around, and while there's still room for abuse, the protocol is a bit more lightweight than full-blown http requests, and faster, too!I've dabbled with doing this on my own, but I've found `myip` to do the job nicely and without hassle:<a href="https://github.com/Snawoot/myip" rel="nofollow">https://github.com/Snawoot/myip</a>

评论 #27416400 未加载

yakubin将近 4 年前

There was a thread[1] a couple months ago where I discovered a method to get one's IP address relying only on DNS:<pre><code> nslookup myip.opendns.com resolver1.opendns.com </code></pre> I love it.[1]: <<a href="https://news.ycombinator.com/item?id=26634476" rel="nofollow">https://news.ycombinator.com/item?id=26634476</a>>

评论 #27416617 未加载

评论 #27416377 未加载

gamedna将近 4 年前

Had the pleasure of working with Major at Rackspace; his professionalism, ethics, and quality of person always impressed me and inspired me to be a better version of myself every day. This move is a very mature decision; one that was probably bittersweet. Kudos Major on taking a step forward and putting the stewardship where it belongs.

coderholic将近 4 年前

I'm glad icanhazip will live on! We also see a lot of malware and bot traffic to <a href="https://ipinfo.io" rel="nofollow">https://ipinfo.io</a>, but nowhere near these levels!

评论 #27416658 未加载

chrischen将近 4 年前

I feel like in theory google should be returning this site, instead of the ad-filled sites when one searches "my ip address." But it always seems like Google heavily over-values the domain name and search term matches.

评论 #27416135 未加载

评论 #27420865 未加载

KirillPanov将近 4 年前

Suggest retitle: "Cloudflare acquires Icanhazip".Glad it will live on!

评论 #27416476 未加载

leesalminen将近 4 年前

I run a very simple, completely free API service as well. Currently using Google Cloud Run, handling a constant 10 rps for ~$8/mo. Pretty happy with it. I could probably cost optimize more. I sure hope I never have to deal with 30 billion requests per day, though. I'm sure my patience would run thin as well. Thank you to the author for running this site for so many years!

Klasiaster将近 4 年前

For those behind a home router an alternative is to use UPNP, e.g., through the miniupnpc package on Debian which ships the `/usr/bin/external-ip` script that postprocesses the `upnpc -s` output.

zie将近 4 年前

You can implement this yourself in nginx like this:<pre><code> location /ip { add_header Content-Type "application/json"; return 200 '{"host":"$server_name","ip":"$remote_addr","port":"$remote_port","server_ip":"$server_addr","server_port":"$server_port"}\n'; } </code></pre> and you will get back a little JSON with everything you want.

评论 #27418135 未加载

delduca将近 4 年前

I use this <a href="https://cloudflare.com/cdn-cgi/trace" rel="nofollow">https://cloudflare.com/cdn-cgi/trace</a>

c7DJTLrn将近 4 年前

I often use whatismyip.akamai.com as a reliable "what's my IP" service but unfortunately it isn't configured correctly for HTTPS.

评论 #27416272 未加载

sneak将近 4 年前

This story is kind of sad. I wonder why the operator didn't blacklist certain netblocks/ASNs who were abusing the service.

评论 #27415833 未加载

评论 #27415700 未加载

zfxfr将近 4 年前

Wow ! I would never have guessed icanhazip.com got such an enormous amount of requests per day ! I wonder how this site/service achieved such a notoriety ? I am really not trying to diminish the author work but since it is something pretty simple to build and I know there are lots of others alternative I wonder what makes people choose this one over an other like let's say :<a href="http://ipinfo.io/ip" rel="nofollow">http://ipinfo.io/ip</a> <a href="https://test-ipv6.com/" rel="nofollow">https://test-ipv6.com/</a> checkip.amazon.com checkip.dyndns.com <a href="http://whatismyip.akamai.com/" rel="nofollow">http://whatismyip.akamai.com/</a> ifconfig.me ip.zfx.fr // I even have mine ^^ etc...

forrestthewoods将近 4 年前

> The site went from 1B requests per day to 30-35B requests per day over a weekend.This is absolutely mind blowing.

评论 #27416614 未加载

kissgyorgy将近 4 年前

I use this service in my Dynamic DNS script for Cloudflare too: <a href="https://github.com/kissgyorgy/cloudflare-dyndns" rel="nofollow">https://github.com/kissgyorgy/cloudflare-dyndns</a>It's time to put this service to the first place.

评论 #27416690 未加载

hyperion2010将近 4 年前

This is a perfect illustration of why the DNS system is fundamentally broken. There is zero reason why icanhazip.com needs to or should resolve to a single host or even a single virtual host managed by some SDN operated by a corp that controls thousands of machines.These queries could load balanced across the whole internet, the code is small enough that you could just whitelist the code by checksum and then compare results from multiple underlying hosts. The fact that you need a giant corporation to be able to practically run the backend for what is essentially urn:asker.public.ip is absurd beyond belief.The big players aren't going to fix this because the broken protocols give them a major competitive advantage.

评论 #27417217 未加载

Jamie9912将近 4 年前

There is a weird quirk with icanhazip. It will return an internal cloudflare ip address when using their WARP service with http/3 enabled

swlkr将近 4 年前

That’s $8.03 per year right?

Kaze404将近 4 年前

Reading the title I expected the article to be about a zipping tool called Icanha Zip. Pleasantly surprised by the great article.

devwastaken将近 4 年前

Cloudflare has an official method to get external IP that uses chaosnet records. I found a little script for it a while ago. In python: <a href="https://gist.github.com/czaux/b729a5de8d1334afbbe147a6bcee55e1" rel="nofollow">https://gist.github.com/czaux/b729a5de8d1334afbbe147a6bcee55...</a>

soheil将近 4 年前

I read it as "I can has zip" all the while trying to figure out what this has to do with compression.

zzo38computer将近 4 年前

It is pretty good; no HTML or anything else like that is needed. I sometimes use it (not very often, but occasionally it is useful); I have a shell script that calls curl to access it.As long as it is continuing working, OK. (I can verify that the returned data is correct without too much difficulty)

eruci将近 4 年前

I used it for a while, then after a couple of failures decided to whip up my own at <a href="https://geocode.xyz/myip" rel="nofollow">https://geocode.xyz/myip</a>Took me 5 minutes of work and exactly one line of code.

评论 #27416227 未加载

dheera将近 4 年前

> We made a deal for them to pay me $8.03I seriously can't imagine NOT negotiating with a company like CloudFlare for a decent chunk of money. As a multi-billion dollar corporation, I wouldn't leave money on the table.

anonytrary将近 4 年前

> If you’re curious, Cloudflare did pay me for the site. We made a deal for them to pay me $8.03; the cost of the domain registration. The goal was never to make money from the site (although I did get about $75 in total donations from 2009 to 2021). The goal was to provide a service to the internet. Cloudflare has helped me do that and they will continue to do it as the new owners and operators of icanhazip.com.Damn, I'm almost mad at you for not hustling. Could have left with a few million easily over that entire time period, including charging Cloudfare a small fortune for the site! But hats off to you for being a true altruist. Too many paper altruists these days.

评论 #27419857 未加载

tofukid将近 4 年前

What qualifies as “abuse” for a website that simply returns your IP? I don’t get it.You made a free service, and then lots of people started abusing it by... using the service?

评论 #27419180 未加载

nitwit005将近 4 年前

With that kind of traffic I'd be tempted to take the site offline for a few days to see if some prominent services had an outage due to relying on it.

pytlicek将近 4 年前

WOW! Nice story. I’m running very similar project for free and for fun. Also this is usually happening to me every day. Besides other things I’m providing also website checks, so almost every second registration is used to wake up bots like repl.co or minecraft bots hosted on such sites. Life isn’t easy, right? :D anyway it is still the fun to run such service and I understand why author want it alive for a such long time :) when you want to try something similar with few more features, give a try to hostbeat.info

TazeTSchnitzel将近 4 年前

I admire the fact the author didn't snap at some point and start returning 0.0.0.0 or 127.0.0.1 to some or all queries.

评论 #27417085 未加载

cymon将近 4 年前

I wonder why he did not try to return empty responses to confirmed malware sources, to discourage them from using the site.

slowmovintarget将近 4 年前

I appreciate the x-otter header, and I think I should now have my team add x-rtfm headers to all of our services and apps.

867-5309将近 4 年前

stopped using them a few years ago when they started blocking my VPN. I set up is.gd/icanhazip which points to <a href="https://dynupdate.no-ip.com/ip.php" rel="nofollow">https://dynupdate.no-ip.com/ip.php</a> who since the switch have been a great substitute

barosl将近 4 年前

Thanks for your service. Now it will get even more traffic as I realized the existence of the site!

xbar将近 4 年前

May the great bird of the galaxy roost upon your home planet, Major.

codezero将近 4 年前

So it’s a honey pot now? What a lifecycle.

KaiserPro将近 4 年前

icanhazip.com is firmly in my debug tool box, I am really grateful that it continues to exist!

simonjgreen将近 4 年前

I have admired Major for a long time, however I'm disappointed to see further defacto consolidation of widely used Internet infrastructure (regardless of if it should be getting used this way).

评论 #27445965 未加载

Cloudef将近 4 年前

I wonder how much it would've helped if the site was not python. The same thing can be replicated with just nginx something like this:<pre><code> location /remote_addr { default_type text/plain; return 200 "$remote_addr\n"; } </code></pre> It's possible to add rate limit there too to control some of the abuse, of course you could even go further and develop native program that's optimized just for this use case (as well as being a simple HTTP server).

评论 #27418580 未加载