- Aug. 8th, 2006
- 2 comments
I was playing around with the What is Hosted on that IP? tool I just published, and some of what I found is a bit scary. I see cases where there are a few relatively legitimate sites nestled on the same IP with hundreds of spammy sites. Needless to say, this is a liability.
Suppose I am a devious SEO who does not like my competitor very much. My competitor is also a big cheapskate. He uses the "Beginner Hosting" package from some fly-by-night web hosting company that, like everyone else these days, oversells. He pays $2.95 USD per month. That's the web hosting business these days.
But this type of hosting also attracts spammers en masse, since they are looking for a cheap home for disposable Viagra MFA sites. I discover that my competitor is on the same IP as 200 of these sites. Then I proceed to report all of those Viagra spam sites anonymously over time, and from various IPs.
I suppose he might end up penalized as well. But it's just a thought — and it's all hypothetical at this point.
Even scarier, ha.ckers.org reports that the very same information can be used by hackers for penetration testing. Suppose PHP is being run as a module, not a CGI. One of the other virtual hosts on your server is running an old exploitable version of PHPbb — a notoriously insecure web application; its historical vulnerabilities are listed here. This is great information, as a hacker could compromise the PHPbb installation and gain access to your data by extension.
So, having different IPs — even within the same range, makes it much harder to form any conclusions from the available information. Two sites on consecutive IPs may be related, but they also may not be. They may be on the same machine, but they also may not be. That's one of the reasons why I prefer having my own dedicated IPs. I'd also avoid any shared hosting that runs PHP as a module
"2 Wise Comments Banged Out Somewhere On The Internet ..."