Hiding Websites with Vhosts

May 28, 2009

If you create a webpage for a vhost entry, that has no valid DNS entry. Nobody can access it, unless they modify their host file to point that domain to your IP.
For example, I could create a vhost for google.com on my server here, additional to the normal page and the page would stay hidden. Everybody typing in google.com will end up at real google.com and everyone typing in my IP will get the normal site. To access my fake google.com you would have to add a host entry google.com to my ip in some DNS-server or host file. Than if you type in google.com in your browser you will be able to see my fake site.
You could hide entire communities (mostly of the illegal kind) this way, all you need is a fake name and an IP. Take filesharing for example: You could provide a direct download link in some forum and only people with the modified host file can access it. For all other people it is just a dead link. You can’t even guess the location because you are missing that IP, and knowing the IP alone won’t help you, because you are missing the fake domain name. Only if you know both you can access those files.

I wonder how many websites are hidden this way, it is quite easy….