Releasing IP Addresses in WHM/Cpanel
Apache
By default Apache listens to every interface coming into the machine by listening to 0.0.0.0:80/443. Normally you could edit the httpd.conf file directly in order to change the listen line, however that may cause problems with Cpanel’s automation.
To acheive this log into Webhost Manager and find Service Configuration followed by Apache Configuration. Then click on Reserved IPs Editor.
Here you will need to check the boxes of the IP addresses you do NOT wish for Apache to use. Once you save your selections, a new configuration file will be configured to listen on all the other IPs that were not checked. This will allow other services such as alternate web browsers to listen on those IP addresses without conflicting with Apache.
Webhost Manager
Navigate to IP Functions, followed by Show/Edit Reserved IPs. Here you should check the same IPs that were selected in the Apache Reserve list above.
Once this is done WHM/Cpanel will avoid using those IP address when setting up new accounts and services.
Changing the Sending IP for Outbound Email in Exim
In order to specify which IP address should handle outbound mail, you will need to disable an option in WHM’s Exim Configuration Editor . You can find the Exim Configuration Editor in the Service Configuration section of WHM. To begin, navigate to the configuration editor and disable the following option:
* Automatically send outgoing mail from the account’s IP address instead of the main IP address.
By default, Exim will send mail from the server’s main shared IP address. Enabling this option forces your users to send mail from their main domain’s IP address. If you choose to enable the option listed above, you will not be able to manually specify the IP addresses from which the domains send mail. This option uses /scripts/updateuserdomains to automatically populate /etc/mailhelo and /etc/mailips.
ICANNpolicies for Assigning Dedicated IP Addresses to Subdomains
ICANN requires that a website owner meet one of 2 simple requirements before dedicating an IP address to his or her domain. The user’s domain or subdomain must either:
* Require an SSL Certificate — Generally, these certificates are used for e-commerce. SSL Certificates ensure visitors that they are sharing sensitive information on a secure connection with the appropriate domain.
* Run an anonymous FTP site.
Assigning a dedicated IP address for any other reason than the reasons listed above is a violation of ICANN’s terms.
For more information about ICANN policies, you can visit their website here. http://www.icann.org/en/policy/
IP Spoofing
A remote machine acts as a node on your local network, finds vulnerabilities with your servers, and installs a backdoor program or trojan horse to gain control over your network resources.
Spoofing is quite difficult as it involves the attacker predicting TCP/IP sequence numbers to coordinate a connection to target systems, but several tools are available to assist crackers in performing such a vulnerability.
Depends on target system running services (such as rsh, telnet, FTP and others) that use source-based authentication techniques, which are not recommended when compared to PKI or other forms of encrypted authentication used in ssh or SSL/TLS.
Check the most IP connect to server
netstat -an | grep :80 | awk ‘{print $5}’ | sed -e s/’:.*’/”/g | sort | uniq -c
or
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
or
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
