Forum Thread: Recon on a Website Hosted by a Hosting Company

A lot of the websites today are not hosted on someones own little server, but at huge hosting companies like One.com, Hostgator and Godaddy.com. When using, for example, Nmap to scan one of these sites for vulnerabilities, it scans the huge servers, with very little chance of succes as these companies have enough money to add proper security to their servers.

I was wondering how one would still be able to find vulnerabilities in the websites that are most times made by average people (read: people who leave big and probably easy to find holes in their security), but are hosted by those companies.

Anyone who could push me in the right direction on this?

5 Responses

Hey Ape,

Try pinging the website, "ping www.site.com" or "ping direct.website.com", etc. Then, Nmap or Nikto the site.

good point, Overflow. but the problem is, that IP address is that of the server of a hosting company in this case, and they are usually well secured. if you are going to hack a website that is hosted by a host company, i advice you to look for web-based vulnerabilities.

Is there any scanning tool to help looking for those?

w3af (my favorite), Nikto, Nmap (with vulnerability-scanning scripts), or you could just get your hands dirty. ;)

Share Your Thoughts

  • Hot
  • Active