I have 5 usable IP's on my server. WHM puts all my sites on one shared IP and then lets me give out the other 4 to only single sites. Is there a way I can change this default behavior so that I can put say 5 sites on each IP?
Ok - let me clarify. This is the way my installation of WHM works:
xxx.xxx.xxx.001 <<-- shared
xxx.xxx.xxx.002
xxx.xxx.xxx.003
xxx.xxx.xxx.004
If 002-004 already have one site each WHM will not let me move another site from shared to 002-004 (the pull down IP list just appears blank). I have to first move one of the non-shared sites to the shared IP first.
I'd like to be able to mix and match however I like. So that I cold have multiple sites on each IP.
xxx.xxx.xxx.001 <<-- shared
xxx.xxx.xxx.002
xxx.xxx.xxx.003
xxx.xxx.xxx.004
If 002-004 already have one site each WHM will not let me move another site from shared to 002-004 (the pull down IP list just appears blank). I have to first move one of the non-shared sites to the shared IP first.
I'd like to be able to mix and match however I like. So that I cold have multiple sites on each IP.
Setup "reseller accounts" and assign a different "Main shared IP" to each reseller account. You can then setup your domains under the appropriate reseller IP to have several accounts on each IP.
Ron
Ron
There shouldnt be any reason to have multiple shared ips but if you wanted to do it the only way i know how to do it is the way cpanelinfoseeker said.
Can you tell us why then? I would be interested in knowing 
As for tracking abuse/spam, it wont help, exim send mail out the primary ip regardless of what you tell apache to do, even if a account is ip based, mail goes out the base ip. Even if the site is exploited and the "script kiddie" starts a flooder or somthing, unless in his code he specifically changes the source ip/interface all that traffic is going to go out the base ip.
As for tracking abuse/spam, it wont help, exim send mail out the primary ip regardless of what you tell apache to do, even if a account is ip based, mail goes out the base ip. Even if the site is exploited and the "script kiddie" starts a flooder or somthing, unless in his code he specifically changes the source ip/interface all that traffic is going to go out the base ip.
Sure - with domaintools.com (whois.sc) you can see every site on a given IP. I've have good business reason to separate some sites from other ones. The IPs are on seperate 24/s as well so the competition can't just guess the next IP number.Can you tell us why then? I would be interested in knowing
ok, i can see some reasoning behind this, i guess it could be useful the case were you have a site that is aimed at children and a adult website on the same ip, it would be useful to not put those two types of sites on the same ip... but then again adult content related sites should be on a separate server IMO.
As for the competition grabbing a list of sites on your server, moving them around isn't going to help, heck i can pull a list of all domains using your name servers quiet easily. Also competition isnt going to just scan you, if somebody is doing this type of scan they are going to be running through ip after ip after ip... sooner or later they are going to get to that next /24.
If you really want to see this feature added you can open a feature request at http://bugzilla.cpanel.net but i dont really think they are going to add this feature.
As for the competition grabbing a list of sites on your server, moving them around isn't going to help, heck i can pull a list of all domains using your name servers quiet easily. Also competition isnt going to just scan you, if somebody is doing this type of scan they are going to be running through ip after ip after ip... sooner or later they are going to get to that next /24.
If you really want to see this feature added you can open a feature request at http://bugzilla.cpanel.net but i dont really think they are going to add this feature.
Actually there is another reason for putting sites on another IP. I do this for many of my sites so I can have all of a reseller's sites running under one IP. This is useful to lower DDOS risk for instance, if baddies DDOS that IP and we have to null-route it only that reseller is affected. It is actually also possible to setup exim so that email for a particular domain, or group of domains, goes out on a different IP, although you'd have to do so manually. It can also be used to facilitate transfer to another server.
For a related reason you should never make your main shared IP be the same as your server base IP. The reason for this is that if your shared IP is DDOSed and subsequently null routed the server won't be accessible via WHM, and possibly not available at all due to the way some datacenters handle their VLANs. Also cpanel licencing won't be able to call home so your cpanel installation won't work at all. Makes it really hard to fix things/determine the DDOS target!
For a related reason you should never make your main shared IP be the same as your server base IP. The reason for this is that if your shared IP is DDOSed and subsequently null routed the server won't be accessible via WHM, and possibly not available at all due to the way some datacenters handle their VLANs. Also cpanel licencing won't be able to call home so your cpanel installation won't work at all. Makes it really hard to fix things/determine the DDOS target!
If nameservers are secured correctly, this isn't possible via zone transfer (that is, if an access list is used, as should be.) Regardless, Shaun's point still stands, as there are multiple providers out there who can tell you how many domains are hosted on a site/particular IP based on access to domain registration data and analysis against nameservers (whois.sc is one I think).
Last edited:
Right but this feature is already supported and was mentioned above
Sure but were talking about the default exim configuration, if we wanted to customize things by hand you could easily do this to make multiple shared ips for accounts owned by root by editing the httpd.conf and manually changing things per site.
I will agree with this to a extent because it would eliminate a few steps in the move process but were talking about changes that take minutes, regarless if your shared or primary ip is being DOS'd you still have quiet a bit of a headache moving customers around. Also, the whm/cpanel is accessible on any ip bound to the server.
Well thats true except i wasnt talking about doing zone transfers, you havnt been able to steel domain lists using zone transfers in forever (unless of course somebody enabled this by default in their named.conf), i cant even remember when that feature was enabled by default. The method i was talking about using i wouldnt even have to touch your server.
Like Shaun said, it's quite easy to get a list of all domains using your nameservers, or any variations of them. Also, I agree that anyone offering any adult material should definitely keep that on a separate server.
As far as multiple shared IP's, I have done that by using reseller accounts for things I want separated.
As far as multiple shared IP's, I have done that by using reseller accounts for things I want separated.
That's whay I don't run name serves on my box and use various 3rd party name servers like enom that have a major load of clients.
Anyhow - my projects aren't vital to national security or anything. But if I can obfuscate things without too much trouble then it's worth it in my calculus.
One good reason is because you wouldnt want a screw up in the apache config to show a adult website on a domain that targets children.. There are many other reasons... it's just a better idea to keep the stuff seperate.
That would be bad.
I agree. But I was just wondering because quite a few big hosts (Dreamhost) allow adult on their shared accounts.
Some hosts dont care, some hosts dont notice, it's not requried that a host keep adult content seperate it's just a good idea in my opinion..
