How can addon domain completely conceal all traces to primary domain?

questions · #1 10-15-2007, 05:27 PM

I want my addon domain to act as a complete independent entity, revealing no traces to the primary account under any circumstance.

I have a primary domain "primary.com" registered with my Baby account.
I setup an addon domain "myaddon.com"

If there is an error in any .htaccess file for myaddon.com, it will show a 500 Internal Server Error, thus revealing my primary website. Is there anything I can do to stop this from happening and are there anymore cases in which my primary could be revealed? Thanks for your time and replies

PHP Code:


			
//root for primary.com

public_html/ 



//root for myaddon.com

public_html/myaddon/



//Intentionally place an error in my htaccess file here

//will trigger 500 internal error and reveal primary address

public_html/myaddon/contact/.htaccess

Quote:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@myaddon.primary.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

quietFinn · #2 10-15-2007, 05:29 PM

Quote:

Originally Posted by questions

If there is an error in any .htaccess file for myaddon.com, it will show a 500 Internal Server Error, thus revealing my primary website. Is there anything I can do to stop this from happening ...

Yes. Get a separate account for your 2nd domain.

slapshotw · #3 10-15-2007, 05:58 PM

Quote:

Originally Posted by quietFinn

Yes. Get a separate account for your 2nd domain.

Read my mind exactly. Or get a reseller account if you have a bunch that you're going to need to do this for.

gwyneth · #4 10-15-2007, 07:21 PM

Or avoid errors in your add-on pages.

This is one of those "one per cPanel" things.

esl · #5 10-15-2007, 07:39 PM

Quote:

Originally Posted by gwyneth

Or avoid errors in your add-on pages.

LOL.

That's a good answer.

gwyneth · #6 10-15-2007, 09:39 PM

Quote:

Originally Posted by esl

LOL.

That's a good answer.

quietFinn and Matt were probably too nice to mention it. But it is a foolproof solution for the problem at hand.

questions · #7 10-16-2007, 01:07 AM

thanks for all your help
May I ask what exactly happens when we addon a domain? Does that actually go in and make physical changes to a conf file on the server?

slapshotw · #8 10-16-2007, 01:24 AM

Yes. A new directory is created in the public_html folder in the main domain's /home/username folder. Also, a few server-wide files are modified (like apache and bind files) and new DNS zones are added.

gtgeorge · #9 10-16-2007, 06:31 AM

Wouldn't custom error pages help with not revealing the primary domain?

questions · #10 10-16-2007, 11:43 AM

Quote:

Originally Posted by slapshotw

Yes. A new directory is created in the public_html folder in the main domain's /home/username folder. Also, a few server-wide files are modified (like apache and bind files) and new DNS zones are added.

Maybe it's a cpanel flaw or a technique to encourage more account signups but it seems that it's effectively adding new <VirtualHosts> containers so it seems like the solution could be as simple as adding more directives within this container. ie: ServerAdmin, ServerName

Quote:

Originally Posted by gtgeorge

Wouldn't custom error pages help with not revealing the primary domain?

Thanks, this is what I eventually resorted to, setup error pages from 400-417 and 500-505 in my htaccess file. I'm just wondering if the primary can be discovered thru another loophole. Say email headers?

gtgeorge · #11 10-16-2007, 12:57 PM

Quote:

Originally Posted by questions

Thanks, this is what I eventually resorted to, setup error pages from 400-417 and 500-505 in my htaccess file. I'm just wondering if the primary can be discovered thru another loophole. Say email headers?

Usually the addon domain can be accessed via maindomain.com/foldername by default, I believe. Might want to use .htaccess to prevent that. Email headers shouldn't reveal the account name but not sure where else this may be revealed.

One of the best ways would be to go with a reseller account with multiple domains in my opinion.

slapshotw · #12 10-16-2007, 05:51 PM

Quote:

Originally Posted by questions

I'm just wondering if the primary can be discovered thru another loophole. Say email headers?

If you're this concerned, I really would spend the extra few dollars a month to get the second account. This will ease your fears.

And usually, any inspection of email headers will lead to the server's hostname, not your primary domain.