icanhazip.com broken on ipv4 IP updates

[reaperhulk]

It appears that Cloudflare (who hosts icanhazip.com) recently updated their Set-Cookie headers to include a substring that matches the IPv4 regex. This is not always present as of this writing, but the vast majority of responses include it.

Example response:

RECEIVE:  Set-Cookie: __cf_bm=2xnVOVFwaGV_.05NtWe659KpXPz8R5ZvmGa5wjiWX_U-1709330132-1.0.1.1-cXaXzBbLD.ZvArvSQmhhU3Z3cH_Fss4F..Yy3Kp1tkUXG0Kcql5NZTELMCYc0yKsCaoZ7rbRZr3e7.0zcgwOXw; path=/; expires=Fri, 01-Mar-24 22:25:32 GMT; domain=.icanhazip.com; HttpOnly; SameSite=None

Since the extract_ipv4 function searches for the "first valid IPv4 address in the given string" and the string includes the headers, this causes it to set the IP to 1.0.1.1 rather than the returned value in the body of the HTTP response.

IPv6 is unaffected since the regex doesn't match, but the same potential for future issues is present.

[LenardHess]

One way to work around this is using the web-skip parameter to skip part of the reply. I tried setting it to \n\n to skip the HTTP headers and it worked for me:

$ ddclient -query -web ipv4.icanhazip.com -web-skip='\n\n'
----- Test_possible_ip with 'get_ip' -----
...
use=web, web=ipv4.icanhazip.com address is 84.xxx.xxx.xxx
...

It might make sense to change the default skip value to that. I'd assume most IP querying sites will return the IP in the HTTP body, not the headers - and IPs in headers could always happen.

[taumataa]

Thank you for that @LenardHess
Would I need to modify the /etc/ddclient.conf file to apply this solution and if so, what would I need to modify?
I've added web-skip to the following line to no avail:
use=web, web=https://ipv4.icanhazip.com, web-skip='\n\n'

[mattlunn]

Thank you for that @LenardHess Would I need to modify the /etc/ddclient.conf file to apply this solution and if so, what would I need to modify? I've added web-skip to the following line to no avail: use=web, web=https://ipv4.icanhazip.com, web-skip='\n\n'

I couldn't get this to work with the ddclient.conf file, so ended up swapping to use https://api.ipify.org/ instead;

use=web, web=api.ipify.org

[spencerhughes]

I just wanted to chime in and say that I also experienced this issue; it gave me a tiny heart attack because 1.0.1.1 seems to be a Chinese IP and I'd thought my security had been compromised.

[DMBuce]

Would I need to modify the /etc/ddclient.conf file to apply this solution and if so, what would I need to modify?

I was able to add web-skip to ddclient.conf by escaping the backslashes:

use=web
web=https://icanhazip.com
web-skip='\\n\\n'

[jpsimard-nyx]

I prefer handling the content directly rather than relying on potentially volatile patterns in this scenario :

use=cmd, cmd='curl -fs https://ipv4.icanhazip.com'

[spencerhughes]

I recently also just had this happen using api.ipify.org. I think that @jpsimard-nyx likely has the right approach here. Does anyone know what response ddclient expects from the API server, or if that's documented anywhere? It might be worth me just rolling my own and throwing it on a free cloud VPS.

[Martomate]

This just happened to me as well in version 3.9.1 when using dynamicdns.park-your-domain.com/getip. The API response contains a cookie called __cf_bm which contained the 1.0.1.1 IP. It was solved by adding web-skip='\\n\\n' to the config as suggested above.

Is this issue solved in a more recent version of ddclient, or should everyone add this extra config now?

[CyborgRider]

@jpsimard-nyx you are my hero. I updated from use=web, to use=cmd:

use=cmd, cmd='curl -fs https://dynamicdns.park-your-domain.com/getip' \

It started working within seconds. I was SOL for a minute there. Thought my servers wouldn't be back up in time to use them for my games tomorrow! You're a true hero.

[idcrook]

i noticed the 1.0.1.1 in the cookie too in the debug
both adding the web-skip='\\n\\n' or replacing with use=cmd, cmd='curl -fs https://dynamicdns.park-your-domain.com/getip' \ worked for me.

after editing ddclient.conf be sure to delete cache (in case it has the bad value)

sudo rm /var/cache/ddclient/ddclient.cache
sudo ddclient -daemon=0 -verbose -noquiet

[scarolan]

i noticed the 1.0.1.1 in the cookie too in the debug both adding the web-skip='\\n\\n' or replacing with use=cmd, cmd='curl -fs https://dynamicdns.park-your-domain.com/getip' \ worked for me.

after editing ddclient.conf be sure to delete cache (in case it has the bad value)

sudo rm /var/cache/ddclient/ddclient.cache
sudo ddclient -daemon=0 -verbose -noquiet

I'm also having a panic attack over here wondering who hacked my ddclient...thank you for this

[kobayashimaru1701]

Thanks so much for this!

I went with the use=cmd, cmd='curl -fs https://ipv4.icanhazip.com' approach and it worked like a charm =)

[Andrew-T-Smith]

As others have rushed in here to point out, yes. This is happening again. I will be using use=cmd but this should be looked into (if it hasnt). Or debian needs to update their repos

[TaakoMagnusen]

also hit this issue and used use=cmd, cmd='curl -fs https://ipv4.icanhazip.com' to get around it. It definitely should be looked into