detecting multiple websites on a server

[amfEichman]

a friend bought a dedicated server to host his website, the server has recently been moved to a new service provider. Over the last few weeks the web site has been responding very slowly, in some cases timing out and not delivering images and pages.
my friend has spoken to them a number of times around the issues with the website and server, and it improves for a short period of time.

i have check the site for speed from a number of different connections and they are all around the same response times from different isp's.

The concern is that the service provider is hosting other sites on the dedicated server, as there was mention of another site running on the server the last time he contacted them about performance issues.

so the question is, is there any method to tell if there are other sites on the server ?
the only log ons we have are to the website management console and to the ftp server for uploading the site. the site is php BTW

thanks in advance
alan

[hypervista]

Check out Maltego, which is included with BT4 under the Infomation Gathering section.

Is it really a dedicated server, or a dedicated virtual server?

[CaptSilver]

If it is on the internet and has been for a while, you can use a google hack to find other websites. "ip:" Without the quotes.

Cheers!!

[randalth0r]

If they're running mutiple websites on a single server it has to be a server running virtualisation?

I mean if you have only one server and multiple websites on it, then the websites needs to have one port each open for each website.

Like 172.16.0.1:80
and 172.16.0.1:81

Or can this be solved with DNS somehow?

Google to 172.16.0.1/google and at the same time have say:
Microsoft Corporation to 172.16.0.1/microsoft?

I don't know if this is possible. AFAIK, this shouldn't be possible?

Anyway, if it's a server that virtualises guests and then you assign different public IP's to each guest OS; then I think it's pretty hard to find out what you want to know.

Please correct me if I'm wrong.

[whitelisted]

corrected.

Apache Virtual Host documentation - Apache HTTP Server

Also, 172.16.0.0 through 172.31.255.255 is a reserved set of IP numbers for non-internet addressing. Google won't know anything about these.

[fancy]

Or check out this online tool:

Reverse IP Lookup - Find Other Web Sites Hosted on a Web Server

[aegis]

As a pentester i swear by Hostmap,

hostmap - the automatic hostnames and virtual hosts discovery tool

or scraping from WHOIS and Reverse IP Service

[amfEichman]

Thanks for the replies!

Its as we thought there are 8 other sites hosted on the box, this should be a truly dedicate server as he bought the tin the sites on and they are hosting the physical box.

He said he is going to turn up on site and demand the box there and then

alan

[randalth0r]

corrected.

Apache Virtual Host documentation - Apache HTTP Server

Also, 172.16.0.0 through 172.31.255.255 is a reserved set of IP numbers for non-internet addressing. Google won't know anything about these.

Thank you. This is interesting. Will check it out.

I'm fully aware of the local IP's I chose. It was just an example.