Hello all! I currently have a Linux VPS with a web host which is intended to host a website that I am building for my business.

Because I have lots of extra space, I was hoping to set up a side area which I can use as a personal "Dropbox" when I need to share something with others. For instance, maybe I write some script to automate something on my server, and I wanted to share it with some of you to look at my code.

I am planning on spinning up a second instance of cPanel on my VPS and dedicating that for this temporary workspace.

My concern, however, is this...

I do NOT want someone to be able to go to this seperate website/IP address/cPanel account and then be able to link it back to my main cPanel account/website. Furthermore, I sure as hell don't want people to be able to link things back to my webhost or me personally in the physical world!!

Why the concern?

Because maybe I want to share some code or a content or audio or video with an acquaintence online temporarily so they can help me figure something out, but for privacy and security reasons, I want things to end there, and not having someone get a whole bunch of info on me that could put me at risk - at at the very least make me feel uncomfortable!

I guess I am naive enough to think that if I set up a separate cPanel account with a separate IP address that would be all I need to main anonymity.

But a tech at my web host makes it sound like it is much more difficult than that?!

I would tend to agree. Why not do what I do? Use a google drive, or a cloud drive from someone like mega.nz, pass links to what I want to share to who I want to share it with.

Hey there:

"Personal Dropbox"? Like Open or Next Cloud?

Your concerns...
Password Protect the asset using "basic authorization" available via Apache's htpasswd utility.
Code sharing sites are everywhere. (termbin.com, a slew of pastebins from every possible *Nix outfit.)
I'm a huge fan of
I implemented my own using the software from termbin.com.
It is text-only but someone can "send" stuff to me, but cannot view the URL from the submission directly.

Put your dropbox on a non-standard port. (Say 777 for this exercise)
csf deny (all to) 777
Allow an exception for IPs you want to allow, to port 777
htpasswd with Basic authorization

3 layers of Access Control for this "dropbox"-like solution
Everyone has to use (a, or the|their) password when accessing the site.
htpasswd can have a single entry for a password, or several (one per visitor)

Hope that clears things up a bit.

John out.

Thanks, but you missed 95% of my concerns...

Again, I do NOT want someone to be able to go to "my-temp-space.com" and be able to trace that back to my new IP address and then somehow link that back to my web host and my VPS and then to my primary IP and then to my primary domain and then to my business and then to me and my home!!

To me, if I buy "my-temp-space.com" and register using privacy mode, and then buy a 2nd IP for my VPS, then that should be enough to separate things from my primary IP address which hosts my business website on the same VPS.

Make sense?

This tech support guy was spouting off about how a 2nd IP address wouldn't give me anonymity and through a "reverse IP lookup" people could link things back to my primary ebsite and to me.

That is what I am concerned about - not about someone stealing my files. (An htaccess file with a password that I share with a select few will resolve that issue.)

And the reason I want to put my files on my own server and a 2nd instance of cPanel is because then I maintain control. (I have learned the hard way in the past that the minute you post "your" ideas/content/media on someone else's website then you are F***ED...)

Hope that helps explain things better!

A domain can always be resolved to an IP address. will yield the IP address of the domain. That's what DNS does. Resolve domain names to IP addresses. Yes, you'll need to use a privacy service to hide the domain owner contact information.

The IP address "owner" can then be identified by ...but that will be the ISP that you got the IP address from...not you.
Example: If your VPS is hosted at AWS, the whois will indicate that it is an AWS IP, but there should be nothing that indicates you're using it, or who you are.

Other than that both your IPs would be issued by the same ISP, there should be no connection between the second IP and the first, although they'd need to be on the same sub-net if they're on the same VPS, I'd think. I'd expect them to be adjacent, but you might be able to work something else out with your ISP.

If you're not running email on the "dropbox" server, there'd be no reason to even have a rDNS for the IP, 'tho even if you did, there's still nothing there to relate the two IPs to each other, or to you. rDNS only returns a domain name for the entered IP address (see man dig)

Does that clarify things any?

-----

Edit: An afterthought. I don't know from cPanel, but I'm wondering why you'd a separate instance of it. It's certainly possible to have two IP addresses on the same server and manage which service(s) use which IP address.

If you wanted to use a web server to provide your dropbox functionality, you'd configure the web server to listen on both addresses, and have your business website only respond on IP1 and the dropbox function only on IP2.

If you were going to use ftp, then the ftp server would be configured to only listen on IP2.

Same for sftp ('tho I think you'd need to run two instances of sshd, one for each IP...if you also wanted ssh/sftp on IP1...not sure about that).

Yeah, I guess I knew that much even if I didn't say it. My point was I don't want someone to be able to go from my temporary domain back to my server and then to my other domain and website and then to me.



Where does that go?

(Truth me told, I am on Windows right now and I run a Mac primarily, but my VPS is on a Linux box.)


So short of hacking my web-host, knowing that "my-work-space.com" resolves to 111.222.333.444 which is located on a server at "ACME Web Hosting and Welding" is about all WhoIs would yield, right?

And unless someone hacked into ACME Web Hosting's servers, then their knowledge should also end their, right?



Since I bought my VPS two years ago, if I buy a 2nd IP address now, it should be significantly different from my primary IP. Although there may be a way to see that they both point to the same server?

And to dig a little farther on that...

If someone went to my-work-space.com and found it resolved to 111.222.333.444 on to a server at ACME Web Hosting.

And even if they somehow knew about my-real-business.com and that it resolved to 555.666.77.888 on a server at ACME Web Hosting, then would there be any possible way to link the two websites/IPs back to my web hosting account or me??

My guess is "No", but I am not an expert at networking, and thus is why I am here asking!!


I have set up my own DNS, but I don't understand what "rDNS" is.

Can you please explain a little more?


When I said "a 2nd instance of cPanel" I was referring to creating a 2nd cPanel account in WHM on my VPS. (I consider that a "2nd instance", however I was not implying that I have two separate installions of cPanel running!)



Are you saying have one IP address and then route accordingly?


If I have one IP address that maps to two domain names, then I would assume that it would be extremely easy for someone to link my two websites togther, right??

Yes, I got that.

whois accesses the Network Information Center that applies to the IP being queried. You can see what it does by going to whois.arin.net in a browser and entering a US IP address, if you can't run whois on the command line on the Mac...or you could ssh to your VPS and try the whois command.


Right.



It's not about time, it's about network interfaces (also NIC). Absent two network interfaces to two different routers (and two network cables), the IP addresses will need to be on the same subnet.
The size of that subnet is managed by the ISP/Hosting company.
No is correct.

Example: the whois of my home Cox IP address returns
which is some 16,320 IP addresses belonging to Cox. Pretty hard to say which one is mine.

The whois of one of the five IPs on my production server returns a /21 CIDR, which is more than 2,000 addresses, belonging to "ACME Web Hosting"

There's nothing there that says which five are mine.

rDNS = Reverse DNS. The PTR record that points an IP to a hostname.



No, the other way 'round. Two IP addresses on one server, and connect services (http, mail, ssh) by to an IP address.

If you have two IP addresses, you configure your web server to listen on both addresses, then set one VirtualHost (apache) for the business site on one IP, and another VirtualHost for the "dropbox" site on the other IP.

1 members found this post helpful.

Thank you for the responses. Lots of good information, but also a bit overwhelming!

Sorry if you said this above, but is it correct that for what I am trying to accomplish, I would be better off buying a 2nd dedicated IP address from my web host and installing/mapping it to my VPS, so that my primary IP would be for my main website, and the new 2nd IP address would be for this temporary work area?


Sorry, but you are losing me here...

I have a Linux VPS running WHM and cPanel. I would like to create a 2nd cPanel account under WHM on my VPS because I believe that would help segregate my two websites.

I understand what a webserver is, yet I guess maybe I don't on my VPS.

When I think of webservers I think of Apache, but for my main website I have never had to touch Apache except for a .htaccess file.

I *think* that cPanel takes care of setting up a websier (e.g. Apache) automatically for you, right?

So if I create a 2nd cPanel accoount, and map the 2nd IP address to it, and then I set up DNS to point "my-workspace.com" to this 2nd IP address, then what do I have to do as far as the "webserver" goes?

To be clear, on this workspace, I would just be dropping work files into the Web Root and then I would protect them with an htaccess password. So the workflow might be... I write an article or create an audio file or maybe a video, and then I use cPanel to upload these files to my WebRoot. They cannot be viewed without the htaccess password. I would then email the person he;ping critique my work and give him the (temporary) password. He could go to: my-workspace.com and would see links to the files which he could view or download after entering the correct password. After maybe a day, I would change the password adn remove the files. That is the workflow I was envisioning.

During all of this, going to or knowing about my-workspace.com should in no way enable this person to find out anything else about me other than I use ACME Web Hosting.

Unless this person hacked ACME Web Hosting, or somehow found out other information about me, he would have no practical way of ever knowing that my-workspace.com is sitting on my VPS which also hosts my-business.com, which by virtue of its name would basically tell you who I am and how to find me in real life!

So back to your webserver comments above which sound complicated...

Once I create that 2nd cPanel account and create the "DNS Zone" file which would map my domain to my 2nd IP, wouldn't that be all that I need to do??

There would be no email. And nothing fancy with ports or routing. Just a 2nd cPanel account mapped to my-workspace.com and an htaccess file, and maybe some files sitting in WebRoot and that's it.

Now, fwiw, on my primary cPanel account and primary IP, I do have a fairly elaborate setup. (Or more correctly, I have WHM set up pretty fancy. I have a Host Access Control set up, ports and IP's blocked in CSF, a services SSL and a domain SSL, and other "hardening" things to keep my VPS safe.

Would any of this interfere with, or exposure me, as far as this 2nd cPanel account, 2nd IP address, and 2nd domain name go??

Hope all of that makes sense?!

And hopefully I am getting closer to getting this done??

(I would *really* like to have this set up by Sunday night, so I can get bac to uploading some files and get help on some things I am doing from some kind "experts" online!!

Thanks!!

To do what you described; have a second domain that is not connected in any way with your primary domain, yes, you'd need a 2nd IP address at a minimum.

Sorry, I can't help you with how to configure anything using cPanel. I don't use cPanel. I configure my webserver (yes apache) in my favorite text editor.
Yes. Note that the "web root" will be different for the second IP

If web space is at /var/www/html, you'd configure domain1/IP1 to serve from /var/www/html/domain1 and
domain2/IP2 from /var/www/html/domain2. Neither would be able to see or serve the other. This is done with VirtualHosts in apache.

No, you'd also need to set up the VirtualHosts in apache.
I'm not sure what WHM is, or CSF, but you'd need to apply whatever security you want if you set up a new cPanel account. Again, I don't speak cPanel, so I'm not sure exactly what you're thinking.

To do what you've described, you need a 2nd IP and VirtualHosts in your apache configuration.

Note: You can do what you want (two separate, non-related domains) on a single IP. We host websites. There are about 70 domains on our web IP address, belonging to several different customers. All anyone can find out about any of them is the hosting IP address. There are some search engines that will show all of the domains at a given IP address, but there is no other 'relationship' between them.

There is no rDNS for that IP (we host email on a different IP address on that server), so there is nothing pointing from the IP to any of those domains/websites.

You're welcome. You're going to have to learn how to create VirtualHosts (there may be a cPanel tab/page to do that, IDK).

1 members found this post helpful.

This is incorrect.
What will be returned will depend on the IP address delegation. Some ISP / Hosting companies can require that the the users of static IP addresses have them fully delegated, although this is generally only the case when you "buy" a range of IP Addresses. In which case a whois lookup will return that delegation information.

As for the OP's original request;

Get a totally separate VPS from a totally different ISP, the more separation you have between your business interests and your "private interests" the better!

1 members found this post helpful.

Re #10
Not arguing. I’m sure that’s true in some cases, but I use whois extensively. It seldom resolves to a /32, and even when it does, it still reports the ISP, not the end user. Whois is querying the NIC, not the ISP.

The OP can run whois on his IP to see what comes back, of course.

I agree with the your recommendation. To get total separation, separate totally.

I also think they should just use Dropbox, iCloud or some other sharing service instead of reinventing the wheel.

1 members found this post helpful.

I've had to fill in delegation requests for companies I've worked with extensively.
Depends on how the ISP works. I'd agree it's unlikely for a /32 but if the OP orders another IP address it's possible his provider will delegate a block, even if it's a block of just 2.

This is, of course, the best course of action to see what is actually returned.

1 members found this post helpful.

Okay.


I am pretty sure this is why people use WHM and cPanel - because it takes care of all of that for you.

I will have to check with some cPanel experts on this.


[QUOTE=scasey;5916616]
Note: You can do what you want (two separate, non-related domains) on a single IP. We host websites. There are about 70 domains on our web IP address, belonging to several different customers. All anyone can find out about any of them is the hosting IP address. There are some search engines that will show all of the domains at a given IP address, but there is no other 'relationship'
between them.
[quote]

True, although if one website was my-worspace.com then you would know that that "anonymous" ultimately is related to one of the other 69 "real" websites, and so I suppose someone might be able to connect the dots as to my temporary website to my real site based on other social engineering things, but I think that would be enough "separation" for my needs.



So at the end of the day, what damage exactly can "reverse DNS" do?

my-workspace.com maps to 111.222.333.444

Okay, then what??



I am thinking that cPanel does that and that things are siloed, because think about it...

MOST web hosts in the world use WHM and cPanel. So if you were hosting 70 websites on your server, you would have 70 cpanel accounts. And who would use WHM and cPanel if people could easily jump between cpanel accounts or even link website-A to website-B??

Then again, I am asking and double-checking to cover my a**! :-)

So what does that mean to me in practical terms?

My webhost told me that when I "buy" a 2nd dedicated IP that I am basically "leasing" it and that the webhost owns it and so presumably all of their info is associated with the 2nd dedicated IP as with my primary VPS IP.



I don't diagree with this, but the whole reason I am asking for help, is that I don't want to pay an extra $70/month for this side project...

So please explain again how I would do that...

Can I effectively do that from a web browser?

Or must I SSH in to my VPS? If so, then what?


But a secondary concern of mine is that once I put my content on another person's site or service I technically lose control of it.

Sure, I doubt that Dropbox is caching or stealing people's info, but I would feel better uploading it and deleting it on my own server instead.