Hey there.. I posted a website that is hosted on my server, and someone was able to tell me all other domains that are hosted on my server.

Im guessing they did a IP lookup for matching domains?? How would this be possible?

(im using cpanel7)

Remove the bandwidth alias in httpd.conf.

and how would they have acessed thiS?

CPanel sets it up for you. You can goto any CPanel server and put on /bandwidth/ to get that page.

thanks

here is something i got from support@cPlicensing.net

INSTRUCTIONS
1. log into your server as root.
2. cd /usr/local/bandmin/htdocs
3. edit .htaccess using what ever editor you like. I like VIM so i'm going to use that. vi .htaccess
4. Add the following lines to the .htaccess file
Example #1 (allows access only from localhost)
order deny,allow
allow from localhost
deny from all

Example #2 (allows access only from localhost and 2.2.2.2)
order deny,allow
allow from localhost, 2.2.2.2
deny from all

Example #3 (allows access only from localhost, 2.2.2.2 and every ip in the 3.3.3.* block)
order deny,allow
allow from localhost, 2.2.2.2, 3.3.3.
deny from all

There are 3 examples above. This should give you a basic example on how this works.
5. Save and exit the file.
6. Make sure the file has 0755 perms (ex: chmod 0755 .htaccess)
7. Test it out!



Let us know if you have any problems or questions. support@cPlicensing.net

I think that there's no way to hide info about domains hosted on a shared IP. There is at least one service to do lookups to see how many and which domains are hosted on one IP.

So tweaking your server will only make it harder but still will be relatively easy to find out domains hosted on any ip.

I think would not be good to post here the way to do it (not to give clues to spammers ) ... but PM me your ip/domain if you want me to tell you what domains are sharing that ip.

Only way to stop his is paying some $$ to hide info about your IP or pay more $$ to hide info on a whole Class-C subnet.

Except using webppliance pro with site previews disabled...

PM me your IP and I send back with all domains hosted on that ip.

IPdetective use to be my favorite website until it went down.
It did exactly what you are asking about. Supply a web address or IP and it would tell you all the domains on that same IP. This was a great tool in catching theives and cheaters who buy domains to steal from people with and throw them away in a week. This way you find one address and you can identify all other cheating address before you get hit until they change ips.
I know 1000's of webmasters that are very sorry to see this website go down.

Only way you can hide your website is NOT to use a DNS service.

There are reverse whois services that keep a database of CNames and the IP that they point to.

Some folks are outraged by this, but I could care less. I think it is a cool "networking" tool.

This is why you never see Corn's url anywhere here. I don't care to encourage currious people to have fun on my expense. I would advise anybody to keep their IP and any domain name off of this board.

I have seen companies use the IP-to-domain trick to get a list of domains and then do whois lookups to generate mailing lists. This is a common tatic these days in web hosting.

You are right