Disclosure: This site may contain affiliate links. If you make a purchase through these links, I may receive a commission at no additional cost to you. However, all opinions are my own.
Hiding information about a server’s real location is not only a matter of privacy but also a critical element of security. In an era of active use of OSINT tools, cyberattacks, and legal pressure, the ability to “cover the tracks” of infrastructure is becoming an essential skill for website owners who value freedom of speech.
Full anonymity on the web is difficult to achieve, but you can make the task of finding your hosting as difficult as possible by using multi-layered protection.
How to Launch a Truly Anonymous Website?
The first step is choosing offshore hosting. Offshore hosting does not mean illegality. It is a choice of jurisdiction that guarantees strict confidentiality and protects the right to freedom of information.
Such providers (for example, in Moldova or certain European countries) do not hand over data upon the first request and allow the hosting of content that might be subject to censorship in your country. However, hosting alone is not enough — the server’s IP can still be calculated. But the question is not that, but what to do to hide information about your hosting? To do this, you need to follow these few steps:
1. Using a CDN (Content Delivery Network)
A CDN acts as a “shield” between the user and your server.
- How it works: Instead of your server’s IP, the IP addresses of the content delivery network are displayed in the DNS records.
- Tools: Cloudflare: The most popular option with a powerful free plan.
- DDoS-Guard: An excellent alternative for those who want to avoid dependence on American services.
- Gcore: A good choice for high speeds in the CIS and Europe.
2. Setting up a Reverse Proxy
This is one of the most reliable and effective ways to hide the real location of your hosting. In this setup, all incoming traffic first reaches an intermediate server (the reverse proxy), which then forwards the requests to your main “secret” server.
How it works
The outside world sees only the IP address of the proxy server. Information about your main hosting provider remains hidden, as requests come from the proxy’s internal IP address. This creates the illusion that the site is hosted by provider X, while in reality, the data is located on server Y.
Key Advantages
- Confidentiality: The direct IP address of your main server is protected from public access.
- Security: By default, hosting providers cannot access your server without special permission.
- Flexibility: You can rent an inexpensive VPS in any location to receive traffic, while keeping the main server in a maximum security location.
Technical Stack and Implementation
You can create your own reverse proxy using a regular VPS or a dedicated server. The following are most commonly used for this:
- Nginx: The most popular and easy-to-configure web server for proxying.
- HAProxy: A high-performance solution for load balancing.
- Apache/Tomcat: Traditional server solutions that support proxy functions.
- Varnish: Excellent if additional data caching is required.
Tip for advanced users: Although a reverse proxy is effective, there are methods to track the real IP address (for example, through header leaks or configuration errors). For maximum anonymity, it is recommended to use protocols with traffic masking (e.g., XRay/VLESS) to hide the very fact of data transfer between servers.
3. Combined Method: CDN + Reverse Proxy
Using a combination of a CDN (e.g., Cloudflare) and your own reverse proxy is considered the “gold standard” for ensuring server anonymity. This multi-layered defense practically eliminates the possibility of direct discovery of your real IP address.
What the traffic chain looks like
Instead of a direct request to the server, the request passes through several nodes: User → CDN (Cloudflare/DDoS-Guard) → Reverse Proxy (VPS) → Main Server (Origin).
Why is this effective?
- Double Masking: Even if an attacker manages to “bypass” the CDN protection, they will only discover the IP address of your intermediate proxy server, not the main server with the data.
- Leak Protection: Such a scheme minimizes the risks of deanonymization through server configuration errors or specific HTTP headers that might accidentally reveal the real IP.
- Availability and Cost: You can use Cloudflare’s free plan or alternatives like DDoS-Guard. This makes the method accessible without massive investments.
Features and Optimization
- Load Balancing: If you use multiple reverse proxies, it will not only increase fault tolerance but also help avoid drops in loading speed.
- Latency: Remember that each additional node in the chain can slightly increase the site’s response time. To minimize this effect, it is recommended to carefully configure balancing and choose fast VPS for proxying.
- Flexibility: You are not limited to one provider — the scheme works with any DDoS protection service that can act as an external shield.
4. Using Private and Secure DNS
Standard DNS servers provided by your domain registrar by default often transmit redundant information and are poorly protected. Switching to specialized third-party solutions is a necessary step to ensure resilience, fast site loading worldwide, and protection against deanonymization.
Why you should opt out of the registrar’s DNS?
- Additional Functionality: Access to tools like WAF (Web Application Firewall) for filtering malicious traffic.
- Infrastructure Hiding: Custom DNS solutions allow you to hide your internal IP address more effectively.
- Protection against Attacks: Many services include built-in DDoS protection at the DNS request level.
- Performance: Global Anycast networks speed up DNS resolution, which reduces Time to First Byte (TTFB) for users in different parts of the world.
| Service | Type / Features | Best Suited For |
| Cloudflare | Free/Paid. Includes CDN and basic WAF. | A universal solution; best price-to-quality ratio. |
| CloudDNS | Paid. Huge selection of geo-locations and powerful attack protection. | Those constantly under DDoS attacks who need stability. |
| Njalla | Private. A project from the creators of Pirate Bay. | Users focused on radical privacy. |
| DDoS-Guard | Paid. Has its own WAF protection and CDN. | An excellent alternative to Cloudflare with an emphasis on protecting the internal IP. |
| Imperva | Enterprise level. Hides IP and ensures maximum security. | Large businesses and projects with high security requirements. |
Blocking Scanners (Censys, Shodan) via Firewall
Even if a domain is protected by Cloudflare, scanner bots constantly probe the entire IPv4 range. If your server responds to a direct request by IP (for example, by showing a default Nginx page or an SSL certificate), your real location will end up in the Censys database within seconds.
Technical solution: Configure your Firewall so that the server “drops” all packets that do not come from the trusted IPs of your CDN or proxy.
- For Cloudflare: Create a script that downloads the current list of Cloudflare IPs and allows only them.
- Example for iptables:
# Allow traffic only from a specific proxy/CDN
iptables -A INPUT -p tcp -s [PROXY_IP] --dport 443 -j ACCEPT
# Block everything else on ports 80 and 443
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROPFor Shodan, your server will look like a “dead” IP address. It won’t respond to requests, won’t show software versions, and won’t give out an SSL certificate.
Crypto-payments: Financial Invisibility
Any payment via bank or PayPal is a direct link between your real name (KYC) and the rented server. For true anonymity, you need to use currencies that are impossible to track.
Technical solution:
- Monero (XMR): This is the “gold standard.” Unlike Bitcoin, Monero transactions are confidential by default (sender, receiver, and amount are hidden). Even if the hoster provides payment logs, it will be impossible to link them to your wallet.
- Bitcoin via mixers (CoinJoin): If the hoster only accepts BTC, use mixers or wallets like Wasabi/Samourai. They mix your coins with those of hundreds of other users, breaking the link between your identity on an exchange and the final payment to the hoster.
- Important: Never pay a hoster directly from an exchange account (Binance, Coinbase). First, withdraw the funds to your private “cold” wallet, and only then make the transfer.
Blocking Leaks via Mail Servers (MX Records)
One of the most common and dangerous mistakes when configuring anonymity is “forgotten” mail records. You can perfectly hide the main IP address of the site behind a CDN and proxy, but leave the server open to deanonymization through mail settings.
What is the risk?
When you set up email on a domain, an MX record (Mail Exchanger) is created in the DNS settings. If your mail server is located on the same VPS as the website itself, all an attacker needs to do is:
- Check your domain’s MX records.
- Send you a test email and view the technical response headers.
- See the real (“internal”) IP address of your server, which is not hidden by protective filters.
How to avoid IP address disclosure
1. Using external secure services
The easiest and most reliable way is to delegate email processing to third-party providers. In this case, MX records will point to the servers of large corporations, not to your hosting.
- ProtonMail/Tutanota: Services with a focus on privacy and encryption.
- Google Workspace (Gmail): A reliable business solution with powerful filters.
2. Dedicated server for mail
If you need to use your own mail server, never host it on the same VPS where the website is located. Rent a separate inexpensive server in a different location specifically for mail needs. This way, a leak of the mail server’s IP will not lead to the disclosure of the main server containing the data.
3. Disabling the mail server on the domain
If the @your-site.com email functionality is not critical, it is better to delete MX records entirely.
- Replace email with a contact form on the site (a script that sends data via an external API).
- Use links to secure messengers (Telegram, Signal) or simply list a third-party address in the text (e.g., @proton.me).
Important: Remember that anonymity is a comprehensive set of measures. A single unprotected DNS record can invalidate all the work done to set up reverse proxies and CDNs.
How to Check Yourself for Leaks?
Before considering your site secure, check it using these tools:
- DNSDumpster: Deep analysis of all subdomains and records. If your real IP is visible there — you are vulnerable.
- Crimeflare/Cloudflare Resolver: Specialized services that attempt to find the real IP behind Cloudflare protection.
- Robtex: Allows you to view the history of IP addresses. Remember: if you initially launched the site without protection and then enabled a CDN, the old IP will remain in the history
Terminal check:
- Windows:
nslookup example.com - Linux/Mac:
dig example.com ANYorhost -a example.com
Conclusion
We have covered the main methods and strategies that allow you to effectively hide hosting information and secure your project from deanonymization. There are still many highly specialized tools and techniques that remained outside the scope of this review; however, the solutions described above are the foundation of your digital security.
Now, understanding the principle of chains consisting of CDNs, reverse proxies, and secure DNS, you can independently build an architecture that reliably hides your main server from prying eyes. Remember that anonymity is not a one-time action, but a process that requires attention to detail and regular audits of configurations for leaks.
