More than three domains hosted on the same IP addressCan address details be “googled” from the whois information, without knowing the domain name?Is pinging a website essentially the same as visiting the website through a browser?Is it possible to buy multiple hardware MFA devices with the same key?
Is Sanskrit really the mother of all languages?
Contractor cut joist hangers to make them fit
Statistical closeness implies computational indistinguishability
Are fast interviews red flags?
Project Euler problem #112
Compiler optimization of bitwise not operation
How is the phase of 120V AC established in a North American home?
Entering the US with dual citizenship but US passport is long expired?
Supervisor wants me to support a diploma-thesis SW tool after I graduated
Male viewpoint in an erotic novel
Filling attribute tables with values from the same attribute table
How strong is aircraft-grade spruce?
Owner keeps cutting corners and poaching workers for his other company
Why has Marx's "Das Kapital" been translated to "Capital" in English and not "The Capital"
Why did Tony's Arc Reactor do this?
Is it right to use the ideas of non-winning designers in a design contest?
Template default argument loses its reference type
Examples where "thin + thin = nice and thick"
What quests do you need to stop at before you make an enemy of a faction for each faction?
Can you pop microwave popcorn on a stove?
Dynamic Picklist Value Retrieval
Passport - tiny rip on the edge of my passport page
Leaving the USA
How to apply a register to a command
More than three domains hosted on the same IP address
Can address details be “googled” from the whois information, without knowing the domain name?Is pinging a website essentially the same as visiting the website through a browser?Is it possible to buy multiple hardware MFA devices with the same key?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.
My web is arturofm.com, and here is the lookup:
https://reverseip.domaintools.com/search/?q=arturofm.com
It says:
Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86
What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?
aws whois
add a comment |
Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.
My web is arturofm.com, and here is the lookup:
https://reverseip.domaintools.com/search/?q=arturofm.com
It says:
Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86
What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?
aws whois
PTR
records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.
– Patrick Mevzek
6 hours ago
add a comment |
Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.
My web is arturofm.com, and here is the lookup:
https://reverseip.domaintools.com/search/?q=arturofm.com
It says:
Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86
What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?
aws whois
Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.
My web is arturofm.com, and here is the lookup:
https://reverseip.domaintools.com/search/?q=arturofm.com
It says:
Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86
What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?
aws whois
aws whois
edited 43 mins ago
Peter Mortensen
7384 silver badges9 bronze badges
7384 silver badges9 bronze badges
asked yesterday
ArturoArturo
1557 bronze badges
1557 bronze badges
PTR
records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.
– Patrick Mevzek
6 hours ago
add a comment |
PTR
records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.
– Patrick Mevzek
6 hours ago
PTR
records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.– Patrick Mevzek
6 hours ago
PTR
records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.– Patrick Mevzek
6 hours ago
add a comment |
3 Answers
3
active
oldest
votes
This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.
A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.
AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.
It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.
In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.
New contributor
1
thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔
– Arturo
22 hours ago
1
There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.
– Conor Mancone
21 hours ago
3
VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.
– domen
18 hours ago
add a comment |
This is not a sign of a problem for your server. There's an important detail here, which is:
104.27.182.86 is not your server. That IP belongs to cloudflare.
Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.
Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:
Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says104.16.0.0/12
is of interest to you, as it includes all IPs from104.16.0.0
to104.31.255.255
.
AKA,104.27.182.86
is owned by Cloudflare, not AWS.- If you check your Elastic IP in AWS, you'll see that it is something other than
104.27.182.86
. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.
Additional Notes
The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:
- Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address
- Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.
- Fortunately,
104.27.182.86
is not the IP address of your server :)
add a comment |
Looks like you just found out how a Load Balancer inside a CDN with SNI works
You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:
echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
...or you can use your browser's certificate viewer:
New contributor
The content of the certificate is unrelated to the DNS PTR records.
– Patrick Mevzek
6 hours ago
The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)
– eckes
1 hour ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216640%2fmore-than-three-domains-hosted-on-the-same-ip-address%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.
A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.
AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.
It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.
In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.
New contributor
1
thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔
– Arturo
22 hours ago
1
There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.
– Conor Mancone
21 hours ago
3
VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.
– domen
18 hours ago
add a comment |
This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.
A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.
AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.
It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.
In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.
New contributor
1
thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔
– Arturo
22 hours ago
1
There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.
– Conor Mancone
21 hours ago
3
VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.
– domen
18 hours ago
add a comment |
This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.
A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.
AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.
It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.
In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.
New contributor
This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.
A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.
AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.
It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.
In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.
New contributor
edited 10 hours ago
Peter Mortensen
7384 silver badges9 bronze badges
7384 silver badges9 bronze badges
New contributor
answered 23 hours ago
manassehkatzmanassehkatz
2521 silver badge3 bronze badges
2521 silver badge3 bronze badges
New contributor
New contributor
1
thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔
– Arturo
22 hours ago
1
There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.
– Conor Mancone
21 hours ago
3
VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.
– domen
18 hours ago
add a comment |
1
thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔
– Arturo
22 hours ago
1
There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.
– Conor Mancone
21 hours ago
3
VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.
– domen
18 hours ago
1
1
thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔
– Arturo
22 hours ago
thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔
– Arturo
22 hours ago
1
1
There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.
– Conor Mancone
21 hours ago
There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.
– Conor Mancone
21 hours ago
3
3
VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.
– domen
18 hours ago
VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.
– domen
18 hours ago
add a comment |
This is not a sign of a problem for your server. There's an important detail here, which is:
104.27.182.86 is not your server. That IP belongs to cloudflare.
Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.
Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:
Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says104.16.0.0/12
is of interest to you, as it includes all IPs from104.16.0.0
to104.31.255.255
.
AKA,104.27.182.86
is owned by Cloudflare, not AWS.- If you check your Elastic IP in AWS, you'll see that it is something other than
104.27.182.86
. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.
Additional Notes
The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:
- Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address
- Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.
- Fortunately,
104.27.182.86
is not the IP address of your server :)
add a comment |
This is not a sign of a problem for your server. There's an important detail here, which is:
104.27.182.86 is not your server. That IP belongs to cloudflare.
Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.
Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:
Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says104.16.0.0/12
is of interest to you, as it includes all IPs from104.16.0.0
to104.31.255.255
.
AKA,104.27.182.86
is owned by Cloudflare, not AWS.- If you check your Elastic IP in AWS, you'll see that it is something other than
104.27.182.86
. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.
Additional Notes
The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:
- Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address
- Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.
- Fortunately,
104.27.182.86
is not the IP address of your server :)
add a comment |
This is not a sign of a problem for your server. There's an important detail here, which is:
104.27.182.86 is not your server. That IP belongs to cloudflare.
Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.
Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:
Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says104.16.0.0/12
is of interest to you, as it includes all IPs from104.16.0.0
to104.31.255.255
.
AKA,104.27.182.86
is owned by Cloudflare, not AWS.- If you check your Elastic IP in AWS, you'll see that it is something other than
104.27.182.86
. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.
Additional Notes
The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:
- Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address
- Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.
- Fortunately,
104.27.182.86
is not the IP address of your server :)
This is not a sign of a problem for your server. There's an important detail here, which is:
104.27.182.86 is not your server. That IP belongs to cloudflare.
Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.
Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:
Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says104.16.0.0/12
is of interest to you, as it includes all IPs from104.16.0.0
to104.31.255.255
.
AKA,104.27.182.86
is owned by Cloudflare, not AWS.- If you check your Elastic IP in AWS, you'll see that it is something other than
104.27.182.86
. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.
Additional Notes
The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:
- Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address
- Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.
- Fortunately,
104.27.182.86
is not the IP address of your server :)
edited 11 hours ago
answered 21 hours ago
Conor ManconeConor Mancone
14.9k6 gold badges44 silver badges63 bronze badges
14.9k6 gold badges44 silver badges63 bronze badges
add a comment |
add a comment |
Looks like you just found out how a Load Balancer inside a CDN with SNI works
You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:
echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
...or you can use your browser's certificate viewer:
New contributor
The content of the certificate is unrelated to the DNS PTR records.
– Patrick Mevzek
6 hours ago
The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)
– eckes
1 hour ago
add a comment |
Looks like you just found out how a Load Balancer inside a CDN with SNI works
You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:
echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
...or you can use your browser's certificate viewer:
New contributor
The content of the certificate is unrelated to the DNS PTR records.
– Patrick Mevzek
6 hours ago
The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)
– eckes
1 hour ago
add a comment |
Looks like you just found out how a Load Balancer inside a CDN with SNI works
You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:
echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
...or you can use your browser's certificate viewer:
New contributor
Looks like you just found out how a Load Balancer inside a CDN with SNI works
You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:
echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
...or you can use your browser's certificate viewer:
New contributor
New contributor
answered 12 hours ago
mjoaomjoao
211 bronze badge
211 bronze badge
New contributor
New contributor
The content of the certificate is unrelated to the DNS PTR records.
– Patrick Mevzek
6 hours ago
The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)
– eckes
1 hour ago
add a comment |
The content of the certificate is unrelated to the DNS PTR records.
– Patrick Mevzek
6 hours ago
The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)
– eckes
1 hour ago
The content of the certificate is unrelated to the DNS PTR records.
– Patrick Mevzek
6 hours ago
The content of the certificate is unrelated to the DNS PTR records.
– Patrick Mevzek
6 hours ago
The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)
– eckes
1 hour ago
The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)
– eckes
1 hour ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216640%2fmore-than-three-domains-hosted-on-the-same-ip-address%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
PTR
records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.– Patrick Mevzek
6 hours ago