posted on Mar, 7 2013 @ 02:46 AM
reply to post by nothingwrong
A good portion of web hosting has moved to shared servers running multiple sites from one IP. There are servers out there that are serving over a
hundred websites from one IP. You have 100 root directories, one for each site. When a request comes in, the server software looks at the host header.
It will bind that request to any one of those directories depending on the hostname lookup rules.
If it doesn’t fall in any one of the predefined directories, then it will bind it to a default directory.
The default directory is usually the default splash page that was created when the server software was installed. Or the admin log in page.
That is why if you do an IP address lookup, and enter the raw IP address into the browser, you will sometimes get the default apache splash page, or
admin login page. And there will be no way you can get from that default page to the page you want that is hosted on that server.
It will not serve you the desired page unless the host header on your browser’s request matches the desired page. That will only happen if you have
a functioning DNS, or lookup list.
There is a lot of times you will run into a security hole that way because the server admin did not take down the default splash page and it will give
you the necessary information to gain entry into that server.
Go ahead and try it. It’s funny what you will find sometimes.
edit on 7-3-2013 by Mr Tranny because: (no reason given)