Otdfbt

Why is high voltage dangerous?

Is above average number of years spent on PhD considered a red flag in future academia or industry positions?

When -s is used with third person singular. What's its use in this context?

Can Pao de Queijo, and similar foods, be kosher for Passover?

"Seemed to had" is it correct?

How does cp -a work

What does the "x" in "x86" represent?

What would be the ideal power source for a cybernetic eye?

How much radiation do nuclear physics experiments expose researchers to nowadays?

IndentationError when pasting code in Python 3 interpreter mode

How to assign captions for two tables in LaTeX?

Gastric acid as a weapon

Did Kevin spill real chili?

Sorting numerically

Should I discuss the type of campaign with my players?

Why is black pepper both grey and black?

How can I make names more distinctive without making them longer?

What do you call a plan that's an alternative plan in case your initial plan fails?

Does accepting a pardon have any bearing on trying that person for the same crime in a sovereign jurisdiction?

Why does Python start at index 1 when iterating an array backwards?

Check which numbers satisfy the condition [A*B*C = A! + B! + C!]

How to draw this diagram using TikZ package?

What LEGO pieces have "real-world" functionality?

3 doors, three guards, one stone

How is it possible for a Linux Redhat server to run both IIS and Apache on port 80?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

2

1

I recently got an assignment of pen-testing a remote server. Upon Information Gathering I got the following:

 host1 ip 132.56.34.23 port 80 IIS 7.0
 host2 ip 132.56.34.23 port 80 IIS 7.0
 host3 ip 132.56.34.23 port 80 Apache 2.4.6 php 5.4
 host4 ip 132.56.34.23 port 80 Apache 2.4.6 php 7.2

Is it possible that 3 of the above are a diversion or it's actually happening? I mean, I understand that a machine can host more than one site but not all on port 80 plus a different PHP version.

linux port

share|improve this question

edited yesterday

Pikachu the Purple Wizard

1095

asked Apr 10 at 14:14

user358812user358812

183

New contributor

user358812 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Could it be that ip 132.56.34.23 is a load balancer? which means that there could be more than one server behind that address...
  
  – Itai Ganot
  Apr 10 at 14:17
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  The host may be running a reverse proxy and is the public front-end with specific sites / applications hosted on different back-end servers, or it randomizes the headers it sends.
  
  – HBruijn
  Apr 10 at 14:17
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @HBruijn no it does not randomize the header
  
  – user358812
  Apr 10 at 14:33
  

  
  
  
  

add a comment | 

2

1

I recently got an assignment of pen-testing a remote server. Upon Information Gathering I got the following:

 host1 ip 132.56.34.23 port 80 IIS 7.0
 host2 ip 132.56.34.23 port 80 IIS 7.0
 host3 ip 132.56.34.23 port 80 Apache 2.4.6 php 5.4
 host4 ip 132.56.34.23 port 80 Apache 2.4.6 php 7.2

Is it possible that 3 of the above are a diversion or it's actually happening? I mean, I understand that a machine can host more than one site but not all on port 80 plus a different PHP version.

linux port

share|improve this question

edited yesterday

Pikachu the Purple Wizard

1095

asked Apr 10 at 14:14

user358812user358812

183

New contributor

user358812 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Could it be that ip 132.56.34.23 is a load balancer? which means that there could be more than one server behind that address...
  
  – Itai Ganot
  Apr 10 at 14:17
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  The host may be running a reverse proxy and is the public front-end with specific sites / applications hosted on different back-end servers, or it randomizes the headers it sends.
  
  – HBruijn
  Apr 10 at 14:17
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @HBruijn no it does not randomize the header
  
  – user358812
  Apr 10 at 14:33
  

  
  
  
  

add a comment | 

I recently got an assignment of pen-testing a remote server. Upon Information Gathering I got the following:

 host1 ip 132.56.34.23 port 80 IIS 7.0
 host2 ip 132.56.34.23 port 80 IIS 7.0
 host3 ip 132.56.34.23 port 80 Apache 2.4.6 php 5.4
 host4 ip 132.56.34.23 port 80 Apache 2.4.6 php 7.2

Is it possible that 3 of the above are a diversion or it's actually happening? I mean, I understand that a machine can host more than one site but not all on port 80 plus a different PHP version.

linux port

share|improve this question

edited yesterday

Pikachu the Purple Wizard

1095

asked Apr 10 at 14:14

user358812user358812

183

New contributor

user358812 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

 host1 ip 132.56.34.23 port 80 IIS 7.0
 host2 ip 132.56.34.23 port 80 IIS 7.0
 host3 ip 132.56.34.23 port 80 Apache 2.4.6 php 5.4
 host4 ip 132.56.34.23 port 80 Apache 2.4.6 php 7.2

share|improve this question

edited yesterday

Pikachu the Purple Wizard

1095

asked Apr 10 at 14:14

user358812user358812

183

New contributor

user358812 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited yesterday

Pikachu the Purple Wizard

1095

asked Apr 10 at 14:14

user358812user358812

183

New contributor

user358812 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited yesterday

Pikachu the Purple Wizard

1095

edited yesterday

Pikachu the Purple Wizard

1095

asked Apr 10 at 14:14

user358812user358812

183

New contributor

user358812 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked Apr 10 at 14:14

user358812user358812

183

1 Answer
1

active

oldest

votes

2

A few possibilities:

• That is a load balancer or proxy in front of many different web servers.


• The pen testers identification methodology is inaccurate.


• Server header is being spoofed.

If your organization controls this host, determine what it is. Find its owner or access it yourself.

share|improve this answer

answered Apr 10 at 18:41

John MahowaldJohn Mahowald

8,8661713

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  host3 is using the correct information and also they are 4 domains hosted on apache server, which means indeed it might be a proxy for host1,host2 and host3
  
  – user358812
  Apr 11 at 2:58
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

user358812 is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962437%2fhow-is-it-possible-for-a-linux-redhat-server-to-run-both-iis-and-apache-on-port%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

2

A few possibilities:

• That is a load balancer or proxy in front of many different web servers.


• The pen testers identification methodology is inaccurate.


• Server header is being spoofed.

If your organization controls this host, determine what it is. Find its owner or access it yourself.

share|improve this answer

answered Apr 10 at 18:41

John MahowaldJohn Mahowald

8,8661713

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  host3 is using the correct information and also they are 4 domains hosted on apache server, which means indeed it might be a proxy for host1,host2 and host3
  
  – user358812
  Apr 11 at 2:58
  

  
  
  
  

add a comment | 

2

A few possibilities:

• That is a load balancer or proxy in front of many different web servers.


• The pen testers identification methodology is inaccurate.


• Server header is being spoofed.

If your organization controls this host, determine what it is. Find its owner or access it yourself.

share|improve this answer

answered Apr 10 at 18:41

John MahowaldJohn Mahowald

8,8661713

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  host3 is using the correct information and also they are 4 domains hosted on apache server, which means indeed it might be a proxy for host1,host2 and host3
  
  – user358812
  Apr 11 at 2:58
  

  
  
  
  

add a comment | 

A few possibilities:

• That is a load balancer or proxy in front of many different web servers.


• The pen testers identification methodology is inaccurate.


• Server header is being spoofed.

If your organization controls this host, determine what it is. Find its owner or access it yourself.

share|improve this answer

answered Apr 10 at 18:41

John MahowaldJohn Mahowald

8,8661713

share|improve this answer

answered Apr 10 at 18:41

John MahowaldJohn Mahowald

8,8661713

answered Apr 10 at 18:41

John MahowaldJohn Mahowald

8,8661713

answered Apr 10 at 18:41

John MahowaldJohn Mahowald

8,8661713