Is it possible to hide list of domain names on shared IP?

5 posts / 0 new
Last post
#1 Wed, 06/08/2016 - 19:32
rulez22

Is it possible to hide list of domain names on shared IP?

Is it possible to hide list of domain names on shared IP? Also is it possible to to ban all crawlers that search for such stuff? (such as domaintools.com) I have many domain names and would like to hide the list of domain names or minimise when someone or something (crawler script) is digging what is on my host. For example - if there is a well established protected site and some hacker is to find a small site with a vulnerability so he can exploit it and then escalate privileges to get control of the system or the first valuable domain name.

Thu, 06/09/2016 - 01:56
cs10

I too would love to know if this possible so I await a response as eagerly as you do!

Thu, 06/09/2016 - 06:12
Diabolico
Diabolico's picture

Is it possible to hide list of domain names on shared IP?

No or i could say extremely hard. New crawlers pop every day and banning all of them it would be almost impossible or resource heavy. Maybe ipset could help to offload thousands of IP from iptables or htaccess but then again tomorrow you would have another X of them to add to the list.

if there is a well established protected site

You should keep separated from anything else to the point to have a dedicated server only to host that specific site. Here the situation is pretty clear and resource heavy website is not only reason why people go for dedicated servers.

and some hacker is to find a small site with a vulnerability so he can exploit it and then escalate privileges to get control of the system or the first valuable domain name

With everything updated, not EOL or nulled, right setup of iptables, f2b, csf, long and complicated passwords,etc... you should be pretty safe. If you dont have all websites under one user/virtualserver then a hacker would have even harder time to accomplish his intentions. If your fears are real then all shared hosting would stop long time ago.

In case you dont want others to see what sites are connected with same IP just buy more IPs and problem solved.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Thu, 06/09/2016 - 10:06 (Reply to #3)
rulez22

Thank you very much Diabolico for extensive answer, I do think that the only solution is to put something valuable on dedicated IP. In terms of banning the best way is to start banning them in IPTABLES I guess? (I do have some ranges of IPs in a list). Instead of htaccess as it will save resources and will work for entire server anyway not just particular host.

Thu, 06/09/2016 - 13:42
Diabolico
Diabolico's picture

When it comes to banning i know for 2 scripts what are good in doing this job, fail2ban and CSF and both of them rely on iptables. I know fail2ban support firewalld but anyway i find firewalld garbage and i hate it so doesnt matter in my case. Personally i use fail2ban as i have positive experience with this software and its capable to monitor even things not related directly to the server (like wordpress logins). If the software can support logging you have a way to implement fail2ban.

With iptables you only need to open needed ports and close the rest. Good start is to go on iptables in networking, click on reset and then select last option "Block all except ports used for virtual hosting, on interface:". This will give you good start and from there you can edit, close or open ports depending on your configuration and needs. For the sake of your nerves before you hit "Apply" check if all important ports match with the software, especially !!!SSH port!!! as anything else can be easy configured or entire iptables flushed.

IPset is an addition to iptables but the downside is you can run it only on dedicated server or full virtualization like KVM or Xen HVM (not sure for Xen PV). Good thing is you can offload banned or blocked IPs in thousands using IPset and it will have minimal impact on speed. On other hand implementing same amount of IPs in htaccess or iptables will slow down your websites, some people reported even 2-3 up to 5+ seconds just on TTFB. Iptables or htaccess are good for hundred or so IPs but when it comes to banning large amount of crawlers or entire countries then without IPset you have a problem. Using Apache (htaccess) is more or less on the same level as iptables in resource usage.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Topic locked