Hacker News new | past | comments | ask | show | jobs | submit login
Ifconfig.co – Hacker-friendly “What is my IP address” (ifconfig.co)
224 points by gurjeet 18 days ago | hide | past | favorite | 131 comments



It's great to have services like this.

For the benefit of anyone interested: for a "self-hosted" solution, you can do this entirely within Nginx. Here's an example config:

    server {
      listen 80 default_server;
      listen [::]:80 default_server;

      listen 443 default_server;
      listen [::]:443 default_server;

      # Use Letsencrypt for SSL. This part will depend on your own setup.
      ssl_certificate /etc/letsencrypt/live/<my domain>/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/<my domain>/privkey.pem;

      server_name <my domain>;

      # Deny all access at all paths; useful if you're hosting other stuff behind
      # the same Nginx server (e.g. reverse proxy)
      location / {
        deny all;
      }

      # At /ip, return 200 with the client IP address in the body
      location = /ip {
        default_type text/plain;
        return 200 '$remote_addr';
      }
    }


It is even easier with Caddy's `respond` directive[0], placeholders[1], and automatic HTTPS.

Caddyfile:

  example.com {
      respond "{remote_host}"
  }
[0] https://caddyserver.com/docs/caddyfile/directives/respond

[1] https://caddyserver.com/docs/caddyfile/concepts#placeholders


One more reason to love that extraordinary web server. It is really wonderful, sad that it is not more used.

I work in IT (was a sysadmin for years, still administer my own servers) and I hated the configuration of the web servers (first Apache, then nginx) - mostly because I was too lazy to read the docs from beginning to end.

This changed with caddy. It is simple, fast, reliable, HTTPS first with LE. Great.


Along the same lines, if you want to make your own AWS Lambda /API Gateway version of this:

    def lambda_handler(event, context):
        return {
            'statusCode': '200',
            'headers': None,
            'body': event.get('requestContext', {}).get('identity', {}).get('sourceIp', 'unknown')
        }
I do this, though my lambda is a bit more complex in practice, since I have some triggers that say "if this thing reports a new IP, do something".

Of course, AWS provides this basic service as checkip.amazonaws.com


That's a brilliant way of adding and removing SSH security group rules for digital nomads


That's exactly what I use it for. I have a small program on my laptop that makes a request of my lambda every now and then (and if it senses a change of the network). It triggers a change in the firewall rules for a SSH server.

Between that and Mosh, I barely even notice when I change networks.


This can also be done with HAProxy

    listen whatismyip
        bind :::80 # listen on ipv4/ipv6
        bind :::443 ssl crt /etc/haproxy/ssl/fullchain.pem
        mode http

        http-request return status 200 content-type "text/plain" lf-string "%[src]" if { path /ip }
        http-request return status 200 content-type "application/json" lf-string "{\"ip\":\"%[src]\"}" if { path /json_ip }
        http-request deny


this service does a lot more than just return your remote_ip, which wont work behind a load-balancer or other proxy unless you configure realip module. and also need to add geoip module to do all the location stuff


Good points both.

That said, do you know of any software library that exposes the Geoip database (or at least Geoip Lite which you one easily obtain for free) in a nice API? Like how a lot of programming languages have tzinfo/tzdata libraries for querying the Tz database.


Maxmind do APIs for a bunch of language. I've used the python one and it works well (with Lite), but see here their list:

https://dev.maxmind.com/geoip/geoip2/web-services/


I should clarify that I was looking for an "offline" API/library that I can use against a local copy of the Lite database, but this is great stuff too.


Not sure what language you're looking for, but those exist too. Here's a Python one: https://maxminddb.readthedocs.io/en/latest/


If you click through one of the links (e.g. Python) you will see it does allow you to do so!

https://pypi.org/project/geoip2/


I thought maxmind has some kind of terms change that forced account signup and some other issues 'because of some privacy law' like gdpr - maybe the Cali one?

So it has ruined my second favorite wordpress security plugin - and MaxMind not really usable like it once was (?)


MaxMind offers a small version of their database API for free:

https://dev.maxmind.com/geoip/geoip2/geolite2/

In practice it's good enough for many purposes. It's actually the version of the database that ifconfig.co uses.


nginx with GeoIP2 module does exactly same for me for years by now.


You can even have the JSON version:

    location /json_ip {
        default_type application/json;
        return 200 "{\"ip\":\"$remote_addr\"}";
    }


been using this for few years. As far as I know, can't return IPv4/IPv6 only from nginx without using separate server block to enforce one of them


Looks great but these services have a tendency to come and go. Bad actors just end up hammering it. But I've been using icanhazip.com for years and it's still going strong.


I tend not to use these sort of services except for quick hack purposes, which I suppose this is exactly designed for. Unfortunately, those needs vary so widely I can't try to keep track of these sort of services and just Google/DDG for something similar when I need it. Unless this pops up on the first page of a Google/DDG search, it's unlikely I'll ever use it.

If the software behind the service is available and looks like it'll be easily usable for years because it has few to no dependancies that are likely to deprecated, I might actually commit the effort to memory and use it for all similar demands, similar to how I keep track of specific CLI *nix tools which I can rest assured, even if there are no updates and potential security issues, most are going to be usable at some future date in a pinch.


DDG will straight up tell you what your ip/geo location is, just search "ip address"


Same with Google “what is my ip”


Searching "ip" is enough on DDG. And for Google "my ip" works.


I've been using ipecho.net for a while as well. Just ipecho.net/plain to get your IP back in plaintext. Not affiliated, just what I've been using.


I've been using ifconfig.me for a decade or more.



http://icanhazip.com/ is my favourite one of these services, for simplicity and also as I can always remember the URL :)


I use https://wtfismyip.com/ for similar reasons :)


This one also shows both your IPv6 and your IPv4 at the same time, which none of the other ones linked in these comments seems to do


Pro of icanhazip.com is that you can curl it directly, it returns your address and nothing else; you don't have to parse the result to get the value, which is a big plus when used in a script:

    curl icanhazip.com
    curl ipv4.icanhazip.com
    curl ipv6.icanhazip.com


curl wtfismyip.com/text

curl wtfismyip.com/json


You can curl ifconfig.co as well, uses user agent sniffing to just return the IP


Yeah there are definitely different services for different use cases!


cURL has flags for this!

        curl -4 icanhazip.com
        curl -6 icanhazip.com


just went there.. Oh dear!


They keep with the theme even in API requests: https://wtfismyip.com/json


The first thing I read was "yourFuckingISP":"BSNL" and I was like yup that's right. :D


There are other services he runs as well: https://major.io/icanhazip-com-faq/


Curl icanhazip.com has become muscle memory for me.


I wonder how much more it will take before the answer to "What is my IP address?" will simply be "Look in the settings" or "Just type ip addr in the terminal".

We are so used to NAT that we don't realize how crazy it is that you essentially have to ask a stranger what's your address. It's really difficult to explain this to someone with no networking knowledge. Nothing else works this way: phone numbers, emails or postal addresses.


Phone numbers, emails, and postal addresses all still route through multiple mediaries between source and dest, and neither end ever know what path it took. In other words, they are MITMed by design. And for these mediums of communication, you want it this way for everyone's safety and sanity.

The only way this works securely with internet packets would be tor.


You don’t really have to ask a stranger - you can ask your router, in a similar way you can check the door number on your street.


Ask your router? Is there a generic way to do this, or do you mean "look into its vendor-specific management interface"?


NAT-PMP, UPnP-IGD or PCP can be used for that. Home routers usually support at least one of those, but you may have to explicitly enable it.


3 competing techs... Of course this doesn't suffice in a variety of situations which is why STUN is a thing: https://tools.ietf.org/html/rfc3489


I'm NAT'd, though with an external IP, so the IP my router sees is not the same as what the world sees--while my ISP did provide me this information in an email, it's much faster for me to ask Google or whatnot than to dig the email up.


If your ISP is doing a CGNAT, which are becoming more and more common, not even the router knows the public address.


Assumes:

* You have login access to the router * Your router is directly exposed to the internet * You're not using a VPN


Phone numbers do work that way.


Are you referring to country code prefixes?

Their point is that you can always give your number to anyone and they can directly use it to contact you. It's never unclear what number to give someone so they can reach you. Yeah calls have to be routed, but routes are implicit, not something you have to worry about as src or dest.


No, your own phone number.

Say you're at home, you have a landline, and you don't know what your own phone number is. How do you get it? You call someone with caller ID, and ask them to tell you what number you called from.


There are numbers one can call for ANI / ANAC info from a landline. They vary by carrier and sometimes region. MCI has a well-known line that reads back your number.

Of course, I haven't had a land line in years and my cell phones tell me their numbers in the settings.


They don't always. Sometimes you have to use one of those pound sign codes, but even that sometimes comes up empty.

So like I said, you call someone to get your number. Like how you google what your ip address is.


Yeah that's exactly asking a stranger to tell you your address


I'm referring to the fact that people don't know their own phone numbers, and instead of reading it, they'll call you and the receiver sees the number.


If someone want non-rate-limted IP info here is:

https://lumtest.com/myip.json

https://lumtest.com/echo.json

It's powered by largest residential proxy network so they almost certainly never gonna ban your IP.


What is a residential proxy network?


A wretched hive of scum and villainy.

But seriously, it's basically a front end to a bunch of people who have been incentivized (or fooled) into installing a proxy server on their home computers. It's primarily of interest as a way to make certain types of fraud (like ad fraud and credit card fraud) much harder to detect.


  $ whois 52.202.152.73
  OrgName:        Amazon Technologies Inc.
I guess Amazon? Would be funny if this actually ran over Amazon Sidewalk but I doubt that.


You are looking at the IP of lumtest.com not the service behind it which is what the OP was referring to.



yeah that seems interesting


One note is that that one doesn't seem to support ipv6


I run eth0.me - a similar service. This might be the IP lookup service with the shortest URL, which is the reason why I run it.

Some anecdotes:

-At the moment the service has 10 GiB of traffic/day. In February, there were 295 476 879 requests.

-Because the service returns only the IP address and nothing else, the requests are larger than the replies.

-At some point a russian ISP began querying eth0.me from (apparently) all of their eyeball routers. Thousands of devices from their address space would query this service every second, which resulted in many Terabytes of traffic monthly. I decided to block their address space.

This service was run by somebody else up until a few years ago. It became more and more unreliable and went offline. At some point I noticed that the domain had expired. I decided to buy it and run it myself.


I have a similar domain with a 9 character URL that I have been running (wow - I had to look it up!) for 16 years for my own use and for my clients. I have some ddns clients that use it to update their DNS records when their IP changes.

I won't be advertising it here on HN any time soon, though, since it would probably fall over from the traffic. :)


neat, thank you for this service


I had some auto-tests for VPN app which were relying on similar web-service to check own IP address. One day service become unavailable and autotests got broken. IIRC it was (https://canihazip.com/s)

I decided to solve this task in a fast and reliable fashion, so I made a tool which discovers own IP address using major public STUN servers: https://github.com/Snawoot/myip

Program issues parallel queries to public STUN servers to determine public IP address and returns result as soon as quorum of matching responses reached.

Works fast and reliable, especially compared to services requiring HTTPS:

  user@dt1:~> time curl https://api.ipify.org
  45.152.165.44
  real 0m2,515s
  user 0m0,030s
  sys 0m0,019s
  
  
  user@dt1:~> time curl ifconfig.co/
  45.152.165.44
  
  real 0m0,131s
  user 0m0,011s
  sys 0m0,008s
  
  
  user@dt1:~> time myip
  45.152.165.44
  
  real 0m0,084s
  user 0m0,012s
  sys 0m0,012s


I prefer ipinfo.io

You can even lookup info for other up addresses. E.g. https://ipinfo.io/1.1.1.1


This one supports other IPs also: https://ifconfig.co/?ip=1.2.3.4

And JSON: https://ifconfig.co/json?ip=1.2.3.4


The URL is cleaner with ipinfo.io, don't have to specify GET parameters with it.


Plus if you use curl, it will return JSON instead of HtML


If you use powershell / invoke-restmethod it will return json and get deserialised into a structured object, too.

    PS C:\> irm ipinfo.io

    PS C:\> $x = irm ipinfo.io
    PS C:\> $x.timezone
    Europe/London
Personally, I use http://checkip.dyndns.org/ by habit, with its one-line return.


No it wont, server need to return JSON format itself.

Your example doesn't work. It needs to be:

    irm ipinfo.io/json
Your other example can be get like this:

    irm http://checkip.dyndns.org | % HTML | % body


It will work. The server will return JSON. The URL http://ipinfo.io/ returns HTML if the Accept header indicates that you want HTML, and JSON if there is no header, a wildcard header, or a header that requests JSON. As far as I can see, irm doesn’t add an Accept header, so the command jodrellblank provided will fetch JSON and work correctly.


Doesnt work on Windows 10 using latest pwsh


Works on Windows 10 using Windows PowerShell. In Pwsh it does seem to need /json


curl ifconfig.co/json


Here is my favorite. only using DNS:

$ nslookup myip.opendns.com resolver1.opendns.com


Wow. That's a great idea! nslookup is available on more devices than curl/wget.


Put it another way, if you cannot lookup dns, odds are curl won't work. Of course, some nets might require the use of internal dns servers and block outbound traffic to dns.


I always like to learn new trick. I'm definitely adding this nslookup trick to my IT swiss army knife kit. Thanks


With dig:

$ dig +short @resolver1.opendns.com myip.opendns.com


I don't know where this is pulling data from, but:

> Country United Kingdom

> Country (ISO code) GB

> In EU? true

Well, that's inaccurate for a start.


> I don't know where this is pulling data from

Free version of MaxMind's GeoIP - a lot of services use them but the free version is the most inaccurate. That being said, not sure it's a mistake on the EU thing?


The UK has unquestionably left the EU.


Thought the underlying API may mean something else more generic, but no - just running an outdated version https://dev.maxmind.com/release-note/united-kingdom-will-no-...

The free DB has to be re-downloaded monthly IIRC.


Still uses GDPR though, so perhaps the label really refers to using EU data law save and they've not updated it to reflect this technicality.


Presuming that the "in-EU" is actually meant to refer to "subject to most EU legislation, and in particular the GDPR", then it's incorrect in the opposite way for Norway: it shows false.


I presume the reason is GDPR checking.

Has the UK data protection law deviated significantly from GDPR?


If that is the case, then it's incorrectly showing false for Norway, who as an EEA member is subject to the GDPR.


It is a GitHub project, there's already an issue for the UK:

https://github.com/mpolden/echoip/issues/130

Perhaps you ought to open one for Norway? (I don't think it would be appropriate for me to do it because I am not seeing the issue, not being in Norway.)


Done, thanks


AFAIK data protection law has not (yet, at least) deviated significantly in the UK vs GDPR.

But if that's the reason, it should be labelled as such: "GDPR applies" or something.


Nice, I'm gonna miss the chicken [0] though... or not, the IP chicken is very easy to remember.

[0] https://ipchicken.com/


I prefer the kitten: https://ipkitten.com

(And this ifconfig.co doesn't seem to actually, you know, work which is a big hindrance)


Held my breath and refreshed in the hope that the gif changed with every load. Was not disappointed.


My 2cents:

  http://checkip.amazonaws.com/

  http://whatismyip.akamai.com/

  dig +short myip.opendns.com @resolver1.opendns.com


Both good options but neither does IPv6 AFAIK.

There used to be one at ifconfig.dev but I don’t know what happened to it


IPv6: curl http://ipv6.whatismyip.akamai.com curl http://ipv6.whatismyip.akamai.com/advanced

IPv4: curl http://whatismyip.akamai.com curl http://whatismyip.akamai.com/advanced

Both hosts are distributed around the world using the Akamai platform and should be fast for everyone.


For what it is worth, I have found that the STUN protocol is also an option for discovering this sort of information. There are lists of public stun servers out there [0]. Finding a client is a little more difficult than just using curl, I grant, but not impossible.

[0]: https://gist.github.com/mondain/b0ec1cf5f60ae726202e


https://ifconfig.me/

$ curl ifconfig.me

129.6.255.60

$ curl ifconfig.me/all

ip_addr: 129.6.255.60

remote_host: unavailable

user_agent: curl/7.68.0

port: 52332


Biggest gripe with ifconfig.me is the default cURL response does not include a newline.


It's very good that it doesn't redirect to HTTPS. I frequently work with little devices which have a curl/wget version that only supports very basic HTTP, but no HTTPS. It's always a pain to find a website which will work with that.


There are a billion hacker-friendly ways to do this: https://unix.stackexchange.com/q/22615/14305


Similar service but with a frontend web development focus: https://whatsmybrowser.info/


I mean, if you really really want my IP, you need to at least be asking for microphone or video permissions... otherwise, you are only going to get my default route! I work on a VPN product, and threw this together to get all my IP addresses, VPN be damned ;P. https://rv.saurik.com/wtfip/


http://f3.to/ip/ https://f3.to/ip/

in case you just want to import a string. No headers either. (I'm lazy, so this is what I use to get an external IP for my robots)


I just use the maxmind API directly, which is super cheap and has no rate limit to my knowledge. This site is using the maxmind dataset anyways.

https://dev.maxmind.com/geoip/geoip2/web-services/


I wish sites would prefer browser-provided location to services like these. I'm constantly being placed in some random city five or six hundred km away, where my ISP also happens to have customers, even though I have Firefox configured to report accurately (geo.provider.network.url = data:application/json,{"location":{"lat":43.5,"lng":-80.5},"accuracy":1000}).


https://httpstat.us/ and https://readme.localtest.me/ are similarly useful, trivially simple websites that are hacker-friendly.


I'm happy with https://www.ipify.org/ - supports plaintext and JSON, v4 or v6, etc. via changes to the URL, so it works without having to set custom headers or telling your client to use one or the other.


Slightly OT: Some similar services also expose useful data like if IP is a VPN, a threat/bot, hosting provider or ISP, or a proxy.

I always wondered where this info comes from, looking at the similar pattern I presume from the same provider. Is it a premium service from MaxMind or what?


Try to look at IP2Proxy proxy detection API. It has the VPN, threat etc.


I miss being able to type “IP” into google and have it just tell you your IP address above the first result.

Now, all you get is a bunch of spammy sites that block you with a captcha then fill the page with ads.

Hopefully his thing rises to the top of the results.


I know a guy who owns the domain ipa.sh that he intended to use as a replacement for ifconfig.me because it was slow and unavailable a lot.

Referring of course to the new Linux commands "ip a sh". :)

I hope he gets around to deploying it properly some day.


Very sad to say, there is a massive hole in its upkeep with recent events.

In EU? true Region England


I made something similar but simpler which just returns the IP address. It also supports formats like json https://ipcheck.fun/


handy thing yeah - I used this like 6 years ago to write some quick bash scripts that would grab dynamic IP changes and send them to cloudflare to update a DNS record and create our own dynamic DNS service!


and this is why no one will use this substantially EVER: it's down already.

Error 1020 - Access denied

What happened? This website is using a security service to protect itself from online attacks.


You can also hit v4.ifconfig.co to force ipv4


curl v4.ifconfig.co gives me an ipv6 address


it does for me too... maybe they've changed it or maybe we just don't have a v4 equivalency?


is the "Is EU?" flag up-to-date? a UK Ip address yields true, Switzerland one yields false


> Country: United Kingdom

> In EU?: true

How very 2019.


It incorrectly reports the UK is in the EU!


Just duck it

https//ddg.gg?q=my+ip



Not sure I'd trust the expertise of someone who doesn't know how to redirect to https...


For a service like this one, it is essential not to automatically redirect to https, because many simple and/or command line clients do not automatically follow (resolve) a HTTP redirect answer.

This service also works perfectly fine with https://ifconfig.co/


It's not as if your IP address is private information, it's right there in the headers...


Isn't it the user agent's job to support your preferences?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: