Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-25-2008, 06:57 PM
|
#1
|
Member
Registered: Mar 2006
Posts: 187
Rep:
|
Keeping shared domains private
Is there some way of keeping shared domains on a virtual server private?
In other words, in DNS records, the same IP shows up for domains which are using a shared host so a remote user can very easily find out what someone is hosting.
How can these records be protected so that it is not that easy to find out?
Thanks.
|
|
|
10-27-2008, 09:06 AM
|
#2
|
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Rep:
|
They need to be public otherwise people couldn't get to the hosted websites.
|
|
|
10-27-2008, 09:47 AM
|
#3
|
Member
Registered: Mar 2006
Posts: 187
Original Poster
Rep:
|
Quote:
Originally Posted by estabroo
They need to be public otherwise people couldn't get to the hosted websites.
|
Yes, I know that, my question is about privacy and shared IPs .
While being public, owners want a certain amount of privacy for various reasons but using dns tools, it's easy to look up which hosts are being hosted on a network based on shared IP's.
My question is, how could this be prevented from showing up so easily. I am sure I read a few accounts of this by others wanting to do the same.
|
|
|
10-27-2008, 02:03 PM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
Once you get the hang of how the IP protocol and higher lever ones like DNS work you'll see the answer remains the same: no.
On a completely different level, and in this case of website owners, I'd almost say that what's mistaken for "privacy" is a *bad* thing: if there's no publicly accessable owner WHOIS info, or if it is done by proxy, what compelling reasons are left for me or any website visitor to trust any services, products or ecommerce from that domain?...
|
|
|
10-27-2008, 02:21 PM
|
#5
|
Member
Registered: Mar 2006
Posts: 187
Original Poster
Rep:
|
>Once you get the hang of how the IP protocol and higher >lever ones like DNS work you'll see the answer remains the >same: no.
<cough>
Anyhow...
>On a completely different level, and in this case of >website owners, I'd almost say that what's mistaken for >"privacy" is a *bad* thing: if there's no publicly >accessable owner WHOIS info, or if it is done by proxy, >what compelling reasons are left for me or any website >visitor to trust any services, products or ecommerce from >that domain?
Let's try this yet again. While understanding that sites obviously need to be public in order to be accessed, what creative methods are there, other than individual IPs for each site, to prevent someone from seeing all of the sites on a shared virtual hosting server.
I'm pretty sure I've come across articles that talked about this and methods by which it could be done. The idea being that if a customer owns a virtual server and doesn't want all of the sites on that server easily listed, is there some way of preventing this.
I already know that the answer is no in terms of using traditional methods but also know that I've found an awful lot of solutions to bigger problems over the years by digging deeper than the obvious answers.
Last edited by mlewis; 10-27-2008 at 02:24 PM.
|
|
|
10-27-2008, 02:42 PM
|
#6
|
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Rep:
|
Well you could do something bizarre like have a bunch of squid servers out there with different ips, their ips would be used for the various domains and they'd contact the virtual server at the real ip. This would let you group certain domains together and separate others, has the advantage of different ips without having to have a separate ip for each domain.
|
|
|
10-27-2008, 02:56 PM
|
#7
|
LQ Newbie
Registered: Aug 2006
Location: Chesapeake, VA
Distribution: Solaris, HP-UX, RedHat, Fedora
Posts: 15
Rep:
|
Quote:
Originally Posted by mlewis
In other words, in DNS records, the same IP shows up for domains which are using a shared host so a remote user can very easily find out what someone is hosting.
|
Out of curiosity, how would you go about listing all the domains for shared host if you had the IP address? I'm not aware of any nslookup, dig, or host command options for this. Thanks,
Answered my own question: webhosting.info has a power DNS tool
Last edited by Autocross.US; 10-27-2008 at 03:20 PM.
Reason: found the answer
|
|
|
10-27-2008, 02:59 PM
|
#8
|
Member
Registered: Mar 2006
Posts: 187
Original Poster
Rep:
|
Quote:
Originally Posted by estabroo
Well you could do something bizarre like have a bunch of squid servers out there with different ips, their ips would be used for the various domains and they'd contact the virtual server at the real ip. This would let you group certain domains together and separate others, has the advantage of different ips without having to have a separate ip for each domain.
|
Ah, Thanks for the input! The post is pretty much about curiosity, how such a thing could be achieved, if possible, in some simple ways.
I wondered if it might be an industry method perhaps, something which is done regularly but perhaps not well known.
I've come across so many cool ways of doing things by asking around for ideas. I've been asked this before but didn't really have much of an answer.
True, using proxy server/s would accomplish that to some extent but it always comes back to DNS records right. The point is not to get into deep privacy, having to hide records or anything like that but just something which simply makes it a bit harder to know what's being hosted on any one server but any one ISP.
I recall when I had my ISP business, being scanned all the time by competitors who wanted to find out what we were hosting so they could try to go after our customers with lower prices .
Mike
|
|
|
10-27-2008, 03:10 PM
|
#9
|
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Rep:
|
Mike, that's when you get a fairly cheaply priced unlimited server package from a competitor and host the squid server on it, so when the ips get scanned it looks like they are hosting the website.
|
|
|
10-27-2008, 03:12 PM
|
#10
|
Member
Registered: Mar 2006
Posts: 187
Original Poster
Rep:
|
Quote:
Originally Posted by estabroo
Mike, that's when you get a fairly cheaply priced unlimited server package from a competitor and host the squid server on it, so when the ips get scanned it looks like they are hosting the website.
|
We blocked scanning early on but of course nothing could stop folks from looking up DNS records. I just wondered if there were new tricks these days to that sort of issue since it comes up now and then.
Mike
|
|
|
10-27-2008, 05:31 PM
|
#11
|
Moderator
Registered: May 2001
Posts: 29,415
|
Since this clearly isn't a Linux Security issue the thread will be moved to Linux General.
|
|
|
All times are GMT -5. The time now is 10:46 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|