(Un)connecting Domains
August 20, 2008 11:37 AM   Subscribe

If I host 2 domains (for example, www.work.com and www.family.com) on the same basic Dreamhost hosting package, is there any way for someone -- other than Dreamhost -- to associate the two domains?
posted by probablysteve to Computers & Internet (18 answers total) 4 users marked this as a favorite
They will both have the same IP address, so if someone suspects that they're related, it is pretty easy to confirm. There are also tools that can reveal which sites are hosted on the same address based on Web crawls. Of course, with shared hosting, you are sharing a box with dozens or even hundreds of sites, so they can't be 100% sure they are controlled by the same person even then.
posted by kindall at 11:47 AM on August 20, 2008

They could compare the creation dates from the whois records, which might confirm a suspicion, but only if both domains were created on the same day.
posted by jedicus at 11:49 AM on August 20, 2008

Depending on how you've registered the domains, a paid-for search such as that available here can turn up a list of other domains you've registered.
posted by le morte de bea arthur at 11:54 AM on August 20, 2008

Actually, I've got several domains hosted at Dreamhost, and none resolve to the same IP number. So that's out. There are tools that let you search for all the domains owned by a given person, so if they did a WHOIS on one domain, anyone could maybe use that info to find your other. But when I tried that using my own name, the results were pretty far off the mark.
posted by adamrice at 11:55 AM on August 20, 2008

Will you be providing FTP access? I believe, but am not certain, DH's ftp setup will reveal the path. So lets say I have ftp access to www.work.com. My client says the path is /joe/www.work.com/uploads. Now lets say you give FTP acces to www.home.com then it will be /joe/www.home.com/uploads. Now I know the same guy owns both accounts.

Lets say I'm wrong about that, but you host some scripts. Depending on the configuration I might be able to cause that script to time out or crash and the output sometimes reveals the path. If I can do that to both domains then the results are the same as above.

If both sites are hosted on the same sql server under the same account, a malicious user might be able to read the path also.

I'd be more worried about WHOIS data.
posted by damn dirty ape at 12:07 PM on August 20, 2008

adamrice: "Actually, I've got several domains hosted at Dreamhost, and none resolve to the same IP number."

If you have a single dreamhost account, your domains all resolve to the same host, but use different IP's.

apache2-dap.hornet.dreamhost.com []
apache2-cabo.hornet.dreamhost.com []
apache2-bongo.hornet.dreamhost.com []

While not a "OMG SAME OWNER", its clear they are hosted on the same machine (to anyone with a basic knowledge of Dreamhost's hosting policies). Not that it is entirely clear its same owner from any of this information -- just
posted by SirStan at 12:10 PM on August 20, 2008

I host two domains with DH and they both ping with the same IP address.
posted by daveleck at 12:33 PM on August 20, 2008

Best answer: Short version: Could someone with only a little knowledge see that work.com and family.com are both at Dreamhost? Easily. Could someone visiting work.com 'find' family.com and see that it's hosted on the same account? Not easily, if at all.

I'm struggling to think of a way that anyone would find one domain from the other: someone visiting work.com would have no real way to 'find' family.com as being related, short of, of course, having links between them or the sort. (Short of the tools mentioned above, but if the domains are registered under separate names / separate addresses, it'd be a no-go on a name match, and if you're like me, there are hundreds of domains owned by people who have the same name as you anyway... Comparing IPs can reveal domains sharing IPs or nameservers... If you operate your own server as Metafilter does, it's telling. But when you're hosted at one of the biggest companies out there, it's not terribly revealing. They could search for work.com and family.com might come up among with 250,000 other domains, but I wouldn't consider that terribly revealing.

The one thing I can think of that would allow 'proving' the domains shared an account would be if someone could find out what username owned them. The most likely way this would happen would be if you had PHP scripts spewing errors like, "Can't connect to the database when called on line 127 in /home/probablysteve/htdocs/work.com/something.php," which implies that 'probablysteve' is probably your username. This would, of course, require that they also knew to visit family.com, which also happened to be displaying an error revealing file paths. (Of course, you should disable those errors anyway...)
posted by fogster at 12:35 PM on August 20, 2008

Response by poster: Could someone visiting work.com 'find' family.com and see that it's hosted on the same account? Not easily, if at all.

That's my concern, that someone using one of the domains will be able to dig around and determine that there is another domain hosted on the same account and associate the two. I'm not concerned with anyone suspecting the two are related and then going about trying to confirm it.

Although my name is very rare (e.g., the www.family.com will be my last name and I only recently re-registered it after letting it lapse years ago), the WHOIS personal details of both domains are masked by whatever service Namecheap offers to do this. And the domains were registered years apart.

I won't be offereing FTP access to anyone else.
posted by probablysteve at 12:49 PM on August 20, 2008

I think the way to proceed is to assume that someone out there could conceivably link the two domains, and could conceivably make that information public.

So just bear that in mind when adding content to www.family.com. The world won't care that company x is run by person y, who takes cute snapshots of their kids and publishes a few pie recipes or whatever. But if one site is a reputable business and the other is a donkey-sex site, then yes, you might want to take a more cautious approach to setting them up.
posted by le morte de bea arthur at 12:55 PM on August 20, 2008

whois records are going to be your biggest link between the two. Dreamhost offers anonymous domain registrations.

Domain Name: hypergumbo.com

Registrant Contact:
hypergumbo.com Private Registrant hypergumbo.com@proxy.dreamhost.com
DreamHost Web Hosting
417 Associated Rd #324
Brea, CA 92821
posted by nomisxid at 12:56 PM on August 20, 2008

With Dreamhost I don't think the file paths include your main DH username, just the hosting user the site has been created within. You can create separate user accounts for each site so they have their own file paths.

If the domains have dissimilar WHOIS details, are on different IPs and created under different users then that leaves the server name (as pointed out by SirStan). That's a much more specific connection than just knowing they're both on DreamHost, and so might help confirm a suspected association, but may not make it significantly easier to initially discover.
posted by malevolent at 1:03 PM on August 20, 2008

Check the WHOIS, as people have suggested..


For each domain.

Whois for Metafilter shows:

"MetaFilter Network LLC" owns about 6 other domains
Matt@Metafilter.com is associated with about 7 domains
2 other sites hosted on this server.
posted by SirStan at 1:19 PM on August 20, 2008

posted by [@I][:+:][@I] at 1:35 PM on August 20, 2008

If you don't take precautions and one of the scripts on your site ends up throwing an error, you could end up revealing your Dreamhost username. It will look something like this:

Warning: Cannot modify header information - headers already sent by (output started at /home/.servername/DREAMHOSTUSERNAME/family.com/file.php:1) in /home/.servername/DREAMHOSTUSERNAME/family.com/file.php on line 7

If this happens on both of your sites, it will be easy to put 2+2 together.
posted by qvtqht at 2:36 PM on August 20, 2008

FYI: Using the tool linked by [@I][:+:][@I] above (from YouGetSignal.com), I found 13 domains hosted on the same Dreamhost server as one of my domains. But I own none of these 13, and none of my other domains show up on that list. YMMV.
posted by arco at 3:04 PM on August 20, 2008

Why not password protect the one that you are concerned about them finding? Say if family.com is the one you only want family to see, password protect that one. That way even if they do somehow find it, they won't be able to see what's on it.
posted by GlowWyrm at 3:19 PM on August 20, 2008

FYI: Using the tool linked by [@I][:+:][@I] above (from YouGetSignal.com), I found 13 domains hosted on the same Dreamhost server as one of my domains. But I own none of these 13, and none of my other domains show up on that list. YMMV.

I got 267 on the same server as me, none related to me in any way. Just because someone can figure out the other domains hosted on a shared server, they don't have any reason or evidence to connect the ones owned by the same person (if any)
posted by drjimmy11 at 6:05 PM on August 20, 2008

« Older CSV Help!   |   What happened to HSM? No, not High School Musical.... Newer »
This thread is closed to new comments.