Assigning IPv6 IP addresses that don't belong to me.

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Hello,

Just curious if this is a bug or not. I guess I don't enough about how IP addresses are assigned to servers. I rent a VPS from GoDaddy and currently, I'm allowed 3 IPv4 addresses. They assign them to me. Right now, I'm using two. If I want another free one, I just click a button and I receive it. To my knowledge, I don't have any control over what IP address I receive.

How does this work? How does GoDaddy get these IP addresses? I understand they probably have something like a Class A network, but where do they get it from? Their ISP? And where does they're ISP get it from? I mean, I don't really want to know what company, I'm just asking if there's some main organization that hands out IP addresses to various people.

The reason I ask, I want an IPv6 address. I was messing around in cPanel, and I went to where I could add an IPv6 range. I pinged google from my LAN and saw what their IPv6 address was. I entered something very similar for a range....and this is where it gets weird, it actually worked. I was able to ping my domain using an IPv6 version of ping, and my domain responded with the IPv6 address I assigned to it, even though no one assigned me one. What's preventing me from just stealing someone else's IPv6 address? I would imagine I shouldn't be able to do this, that something's wrong somewheres. Shouldn't there be some sort of check or something that only lets me assign IPv6 addresses that have been assigned to me?

Thanks and sorry if this is a dumb question.
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
HelloSpork Schivago,

Check out this Wiki Link for info about who and how IP addresses are assigned.

Code:
https://en.wikipedia.org/wiki/IP_address
As far as using an unassigned IPv6 address, what you did was spoof an IP address. By sheer luck you happened to pick an IP that is not in use.

However if you continue to use an IP that is not assigned to your account by your host:

1. Sooner or later somebody will legitimately be assigned the IP and your site will be redirected to their site.

2. Your host will find out at some point and will remove the IP and possibly end your contract for breach of terms. Most hosts have a clause stating you may not knowingly use resources not assigned to you.

As far as you wondering if this was a dumb question: Its better to ask and learn than it is to not ask and fail.

Hope this helps you out.
danielpmc
 
  • Like
Reactions: Spork Schivago

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
HelloSpork Schivago,

Check out this Wiki Link for info about who and how IP addresses are assigned.

Code:
https://en.wikipedia.org/wiki/IP_address
Thank you! I found out who assigns the IP addresses and how they're assigned. I really appreciate the link!

As far as using an unassigned IPv6 address, what you did was spoof an IP address. By sheer luck you happened to pick an IP that is not in use.

However if you continue to use an IP that is not assigned to your account by your host:

1. Sooner or later somebody will legitimately be assigned the IP and your site will be redirected to their site.

2. Your host will find out at some point and will remove the IP and possibly end your contract for breach of terms. Most hosts have a clause stating you may not knowingly use resources not assigned to you.

As far as you wondering if this was a dumb question: Its better to ask and learn than it is to not ask and fail.

Hope this helps you out.
danielpmc
I would have thought it'd be much harder to spoof an IP address. I didn't realize I could just randomly pick up and configure it in cPanel. With my IPv4 IP addresses, I cannot do this. I have to pick one that's been assigned, and although, from the console, I'm sure I could manually set an IP address to one that I wasn't assigned, but I figured if I wasn't assigned it, traffic just wouldn't go to my server. I didn't realize I could just pick an IP address no one was using and (illegally) just configure my server to use it.

I wanted to add, as soon as I set it, I didn't expect cPanel to take it. So I pinged my server and right after seeing I got a response, I was like oh no! This isn't right!!! And I undid the changes. I was hoping no one else used it. I borrowed it from Google. I looked at their IPv6 address and entered it into cPanel, minus the last group there, where I just put :::'s.

A little off topic here now, but this really sucks. I contacted GoDaddy again and they said my VPS is a newer type of server and doesn't support IPv6 (I was able to assign an address, so I believe this statement is incorrect) and worse off, they cannot provide me with any type of server that accepts an IPv6 address because only their old servers support them and I cannot have an old server. The fact that the tech support person said stuff like, "When you say IPv6, are you talking about something like PHP4 or MySQL 6?" makes me think maybe he didn't know what he was talking about. But he actually went to an admin and asked them and they gave him the response. What sucks even more is their documents say VPSes have 16 IPv6 addresses by default and if we need more, just contact them. Their support forum says if I'm not assigned any, contact live support, they'll hook me up.

At this point, I have to find a new hosting provider but I'm a bit worried. I've been googling them, but everyone says their hosting service is the bomb, and I'm sure some are better than others. I like talking to real people and asking them for advice. I can't go to the GoDaddy forums and ask them to recommend a service. Not sure where I could talk to people and ask them who to go through. cPanel doesn't seem to have a sub-topic forum for this kind of stuff.

I'd hate to go for a hosting provider and rent a VPS for something like 2 years and find out it's really bad. You know?
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello Spork Schivago,

I do not think i can post suggestions about who and where to host in cPanel forums without getting in touble. But if you read this post i wrote introducing myself to cPanel forums you can see where i have hosted my VPs for quite a while with no issues.

P.S. I have no affiliation or monetizing enabled with them, so telling you this is not profit oriented.

Code:
https://forums.cpanel.net/threads/make-your-introduction-here.187781/page-128#post-2349011
danielpmc
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello Spork Schivago,

Do you have a specific need to use IPv6 addresses, or are you trying to teach yourself about IPv6? I think that cPanel users will need to become familiar about using them within the next couple years. Heres another Wiki link to look at. This is a very in-depth look at what makes up an IPv6 address.

Code:
Help: Range blocks/IPv6 - MediaWiki

https://www.mediawiki.org/wiki/Help:Range_blocks/IPv6
Hope this helps you out,
danielpmc
 
  • Like
Reactions: Spork Schivago

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Hi Daniel,

Right now, I'm trying to learn it and have a bit of a need. I switched over to PowerDNS and every time cPanel updates PowerDNS, the PowerDNS expects an IPv6 address and breaks. I have to log in via SSH using the IP address of my server, revert the config file, and then restart in order for people to visit my site.

My site is for an open source piece of software I've been working on. I don't have as much time as I had in the past, before our baby was born, to work on it, but I still work on it. It's a long term project and slowly, I'm getting there. My open source program, without going into to much detail, will have the ability to communicate with my domain, if the user decides they want to use certain features. My open source project is based off an old DOS program that became freeware years ago. The developer never released the source code. My open source program will be just like the old DOS program, but with many new features that just weren't in the old program. It'll have telnet support, SSH support, etc.

Because the IPv4 addresses are running out and IPv6 is the future, my program is going to support IPv6. Although I'm not at the point where I need to start worrying about implementing network functionality, sooner or later, I will. It might be a ways down the road, but there's no sense paying for a VPS that isn't going to be able to do what I need it to do. Hence the reason I'm going to make the switch to another provider.
 
  • Like
Reactions: danielpmc

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello Spork Schivago,

Smart thinking, especially since you are building open source to be available in the future. Sure enough IPv6 is upoun us. The way you present your questions and responses tells me you have a good mindset for your project. You seem to be very analytical as i am also. I approach coding like a game of chess, always trying to think about the what ifs.

Thanks for taking the time to respond to my question.
danielpmc
 
  • Like
Reactions: Spork Schivago

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Hello Spork Schivago,

Smart thinking, especially since you are building open source to be available in the future. Sure enough IPv6 is upoun us. The way you present your questions and responses tells me you have a good mindset for your project. You seem to be very analytical as i am also. I approach coding like a game of chess, always trying to think about the what ifs.

Thanks for taking the time to respond to my question.
danielpmc
Thinking of the what if's is the key! I always try to write my code in such away where it expects the wrong stuff. Let me give you an example. Let's say I have a simple program that justs ask for a name and then an age (in numbers). The program is expecting numbers for the age, but the user, they might try writing words. If my program doesn't specifically check to see if they actually entered a number, all kinds of bad things could happen.

When I worked at Deposit Computer Services, Inc as a system programmer, the Transmissions department had a VB program they ran. It'd connect to a remote server, download a database, and then process entries in the database. The database file was always there, but sometimes, it was empty. The previous programmer never checked to see if it was empty or not. His code worked like this:
Connect to the remote server
Download the database
Open the first entry and process it
Check to see if there's anymore entries, if so, process and repeat, if not, quit.

Every time their was an empty database, the program would error out with some message like Error (Null): -49715. The Transmission department would have to go in, create a database, add a fake entry, let the program run, delete what it processed, and hope the next day there was a database with entries or do the process all over again.

It took them time to do. I just changed the code a little to check first to see if the database had an entry, and if not, display a little message saying no entries. They absolutely loved that.
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello Spork Schivago,

The program is expecting numbers for the age, but the user, they might try writing words. If my program doesn't specifically check to see if they actually entered a number, all kinds of bad things could happen.
Source:
Code:
http://wiki.simplemachines.org/smf/Regular_expressions
Code:
Using Regular Expressions

When entering regular expressions (regex), you must surround them with delimiters such as tildes (~) or double quotes ("), otherwise they will not work and there will be no warning of this failure. Two examples of the correct way of entering regular expressions for SMF are: ~[12][0-9]{3}~ or "[12][0-9]{3}"
Examples

The following examples give an idea of what can be done with regular expressions:

    "[A-Za-z]+" - Match all upper and lower case alphabet characters.
    "[0-9]+" - Match all numeric characters.
    "[A-Za-z0-9]{7}" - Match all upper and lower case alphabet and numeric characters seven times.
    "[^0-9]?" - Forbid any number from being matched.
    "^([A-Fa-f0-9]{3}|[A-Fa-f0-9]{6})$" - Only allow 3 or 6 character hexcodes.

Meta-characters

In regular expressions you can use meta-characters to define the search for matches.

    ? - None or one match of the preceding expression.
    + - One or more matches of the preceding expression.
    * - None or more matches of the preceding expression.
    {n} - Matches the preceding expression exactly n times.
    {n,} - Matches the preceding expression at least n times.
    {,n} - Matches the preceding expression no more than n times.
    {n,m} - Matches the preceding expression at least n times, but no more than m times.
    ^ - When used outside square brackets, it marks the start of the string. When used inside square brackets it has the affect of negating the class, but only if it is the first character.
    $ - The end of the string.
    \ - Escapes the next character.
I know you are able to write Regex codes if you can write form entries but just thought id show this cool primer from SMF Forums.

danielpmc