7 ways to determine the site hoster

    From time to time, many of the webmasters are faced with the task of identifying a hoster with whom this or that site lives. The motivation for this is very different, like simple curiosity, and the desire to settle in the neighborhood on a good and stable hosting, or vice versa, not to plunge into such a neighborhood. In this post I will give some methods known to me with their advantages and disadvantages. It is possible that it is incomplete, so add-ons are strongly encouraged.
    Also, “ashore” I will make a reservation: all the sites and hosters mentioned below are mentioned solely as illustrative examples, and in no case as advertising or, God forbid, anti-advertising. The choice of these was also made almost by accident - where I used to work with which methods at one time.

    I list the methods in decreasing order of accuracy and, unfortunately, in increasing order of probability of operation.

    1. NS server


    It’s even strange that I forgot to mention it from the very beginning. Thanks variable For the reminder. Very often, people use the host's NS-servers and with the help of whois we instantly recognize the host.

    pros

    • It often works on shared hosting

    Minuses

    • Often VPS and Dedic users, as well as advanced users on shared hosting, use their DNS servers or use their subdomains.

    2. Error 403/404


    I can’t say that most, but many serious hosters, by default, make web server error pages with information about themselves, and many of their clients forget / are too lazy to override them. Therefore, in the first place, you should try to cause such an error and see what happens. It so happens that a CMS on a site using mod_rewrite intercepts requests for non-existent files and gives its 404th error in response. You can try to work around this by causing error 403 by accessing a directory without an index file. It can be a folder with pictures / templates, a folder for downloaded files, an engine cache, a system folder of the type includes, etc. A small hint - sometimes there is a webmaster email on the error page and you can often find out the hoster's site domain from it.


    Example


    Website: sloger.net
    Page with 404 errors .
    It Results: Hoster Hostgator

    pros

    • High accuracy of determination. As a rule, most resellers have the ability to set their own default error page for their customers, in which case we can even find out the reseller.

    Minuses

    • Very often, small hosters forget / are too lazy to set their own error pages
    • Even more often, the site’s CMS intercepts requests for nonexistent files and hides the standard host page

    3. Virtualhost by default.


    Here the situation is much similar to the previous one - large hosters usually put their own stubs on the virtual host by default, small ones often neglect this, and the default virtual host usually becomes either the first site of their first client or the standard stub from the control panel (this is especially often the case with with cpanel). By the way, in the first scenario, there is a pleasant special case, consisting in the fact that sometimes the site of the hoster itself becomes the first site of the first client, and therefore the reception still gives the desired result.
    The most reliable way to get to the virtualhost by default is to access the web server by IP.

    Example


    Website: www.tapebackup.ru
    IP: 90.156.153.106
    Result: please contact technical support: (495) 772–97–20, support @ masterhost.ru . From this we conclude that the host is Masterhost.

    pros

    • Fairly high accuracy in determining the host. You can always determine the host-owner of the server, and if the reseller is working on a dedicated IP, then the input and reseller.
    • It works on almost all large hosting providers.

    Minuses

    • For small hosters, it usually does not work.
    • Especially often it doesn’t work on servers with cPanel - a standard panel stub is issued

    4. Reverse DNS Lookup


    Without going into details, I’ll say that for any IP address you can use the PTR record in the DNS zone to set the “default domain” (this is not an exact term, but that’s not the point). At the same time, the vast majority of hosters assign default servers to their servers that contain the hostname of the host, that is, something like server-name.hoster-name.com.
    The easiest way to find out this default domain name is with the help of all native ping (alternatively, the host, dig and nslookup commands under Linux, there should be analogs under Windows, but I don’t know anything about them).

    Example


    Website: cisnet.ru
    Ping:
    PING cisnet.ru (78.108.81.180) 56 (84) bytes of data.
    64 bytes from timur. majordomo.ru (78.108.81.180): icmp_seq = 1 ttl = 55 time = 102 ms

    Result: Hoster - majordomo.ru

    pros

    • It works in the vast majority of cases. If the received domain does not somehow indicate the hoster's site, then most likely it is a private dedicated server or VPS.
    • Very easy to apply. Even if there is no ping at hand (all of a sudden from a phone / PDA), then there are tons of free services for doing Reverse DNS Lookup queries.

    Minuses

    • Sometimes, separate domains are used for the infrastructure, which do not have an obvious connection with the hoster.

    5. Traceroute


    This method is closely related to the previous one, since it also implies the use of Reverse DNS Lookup, only this time we will look at domains for nodes on the way to the node of interest to us. The meaning is simple - according to the domains of the last nodes in the trace, we are more likely to guess the host or data center in which the site we are interested in is located. Obviously, this method will help us if the subject is sitting on a VPS or a dedicated server.

    Example


    Website: phpbbguru.net
    Traceroute:
    traceroute to phpbbguru.net (88.198.45.197), 30 hops max, 60 byte packets
    / * A piece uninteresting to us was
    skipped * / 6 87.226.228.149 (87.226.228.149) 126.004 ms 103.010 ms 103.147 ms
    7 xe-2–2–0. frkt-ar2.intl.ip.rostelecom.ru (87.226.133.150) 115.394 ms 115.575 ms xe-1-0-0.frkt-ar2.intl.ip.rostelecom.ru (87.226.133.110) 137.887 ms
    8 decix-gw . hetzner.de (80.81.192.164) 120.920 ms 137.137 ms 137.343 ms
    9 hos-bb1.juniper1.rz6. hetzner.de (213.239.240.238) 115.458 ms hos-bb1.juniper2.rz6.hetzner.de (213.239.240.239) 118.008 ms 118.280 ms
    10 hos-tr4.ex3k41.rz6. hetzner.de (213.239.252.180) 118.562 ms hos-tr2.ex3k41.rz6.hetzner.de (213.239.229.180) 137.399 ms hos-tr3.ex3k41.rz6.hetzner.de (213.239.252.52) 115.269 ms
    11 static.88–198–45–197.clients.your-server.de (88.198.45.197) 136.016 ms 137.170 ms 132.209 ms


    pros

    • Almost 100% probability of success in determining the data center and slightly less - directly to the hoster
    • Easily done under any OS or using a web service.

    Minuses

    • Since there are quite a few DNS queries, this method becomes the longest in the list.

    6. Whois


    So they got to Whois, great and terrible. The Whois database stores not only domain data, but also data on the owners of ranges and individual IP addresses. Accordingly, based on the information, we can try to establish the company-owner of the hosting or data center.

    Example


    Website: searchengines.ru
    IP: 83.222.4.124
    Whois output:
    whois 83.222.4.124% This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % Of The the RIPE is the Database are subject to the Terms and the Conditions.
    % See www.ripe.net/db/support/db-terms-conditions.pdf%

    Note: This output has been filtered.
    % To receive output for a database update, use the "-B" flag.

    % Information related to '83 .222.4.0 - 83.222.5.255 '

    inetnum: 83.222.4.0 - 83.222.5.255
    netname: MASTERHOST-COLOCATION
    descr: Masterhost is a hosting and technical support organization.country
    : RU
    admin-c: MHST-RIPE
    tech-c: MHST-RIPE
    status: ASSIGNED PA
    mnt-by: MASTERHOST-MNT
    source: RIPE # Filtered

    role: MASTERHOST NOC
    address: .masterhost
    address: Lyalin lane 3, bld 3
    address: 105062 Moscow
    address: Russia
    phone: +7 495 7729720
    fax-no: +7 495 7729723
    remarks: - remarks: MASTERHOST is available 24 × 7
    remarks: - remarks: Points of contact for MASTERHOST Network Operations
    remarks: - remarks: Routing and peering issues: noc@masterhost.ru
    remarks: SPAM and Network security issues: abuse@masterhost.ru
    remarks: Mail and News issues: postmaster@masterhost.ru
    remarks: Customer support: support@masterhost.ru
    remarks: General information: info@masterhost.ru
    remarks: - admin-c: AAS-RIPE
    tech-c: AAS-RIPE
    tech-c: UNK-RIPE
    nic-hdl: MHST-RIPE
    abuse-mailbox: abuse@masterhost.ru
    mnt-by: MASTERHOST-MNT
    source: RIPE # Filtered

    % Information related to '83 .222.0.0 / 19AS25532 '

    route: 83.222.0.0/19
    descr: .masterhost
    origin: AS25532
    mnt-by: MASTERHOST-MNT
    source: RIPE # Filtered

    Conclusion: the site lives on its own server hosted by Masterhost.

    pros

    • It works flawlessly. In any case, you can determine at least roughly in which DC the site is located and whether in the DC at all (it happens that the sites on the home computer spin ;-))

    Minuses

    • Low accuracy of determination. Cases when you can determine more precisely than DCs are counted on the fingers.
    • Often whois gives a lot of details and offhand it is not so simple to isolate the necessary from the whole array.

    7. Signature of the SMTP server


    Option proposed by the Crashus Habraiser .
    a small hack - telnet to port 25, in most cases an email service hangs on it and it will immediately display the hostname of the server.

    For example, your sites:

    # telnet sloger.net 25
    Trying 70.87.244.247 ...
    Connected to sloger.net.
    Escape character is '^]'.
    220-gator217.hostgator.com ESMTP Exim 4.69 # 1 Sat, 17 Apr 2010 13:19:55 -0500

    # telnet cisnet.ru 25
    Trying 78.108.81.180 ...
    Connected to cisnet.ru.
    Escape character is '^]'.
    220 timur.majordomo.ru ESMTP Exim 4.69 Sat, 17 Apr 2010 22:20:47 +0400

    # telnet phpbbguru.net 25
    Trying 88.198.45.197 ...
    Connected to phpbbguru.net.
    Escape character is '^]'.
    220 sds.fastvps.ru ESMTP Exim 4.69 Sat, 17 Apr 2010 22:23:25 +0400

    Add-on from alexkbs :
    Instead of telnet, you can use netcat:
    $ netcat cisnet.ru 25
    220 timur.majordomo.ru ESMTP Exim 4.69 Sun, 18 Apr 2010 12:21:21 +0400
    ^ C

    Additional Services Offered by HabraPublic


    Morality


    In almost any case, we will be able to satisfy our curiosity, the only question is how accurate. A moral for hosters - do not be lazy to provide yourself with an additional channel of customer inflow, but at the same time do not go too far so as not to frighten current customers.

    UDP Moved to Hosting.
    UPD2. Added two more services suggested in the comments.
    UPD3, May 30th. Suddenly found this topic in drafts. Returned to the place.

    PS. If you know more ways - write, and I will add to the list.

    Also popular now: