Unwanted Cpanel Add-on Domains for Multiple Affiliate Sites

[harrytwatter]

Hello BoSu world,

I've gleamed a lot from this fantastic community over the years and try to contribute constructively whenever I can. Today I discovered every add-on domain I've ever registered all indexable as sub-domains of my primary account domain. I'm really hoping someone may have some insight into the severity of this and/or potential solutions.

Essentially over the years I've registered maybe 20 domains. Some I've let lapse as they were failed projects, but I have about 10 that were built-out and are live today.

Well, in Cpanel I see them all, the failed and the live all existing as subdomains of my primary hosting account domain.

With "example.com" as my primary domain it looks something like this:
potato.example.com
trucks.example.com
cats.example.com
weather.example.com
headphones.example.com
etc..

This looks scary to me and looks even scarier when I pop them in my browser. Most of them simply have an "Index of/" but some are complete clones of the primary domain.

For instance I have example.com which is a automotive niche site, and I have potato.com which is a cooking niche site, but in my Cpanel I can find potato.example.com and it's an exact duplicate of potato.com.

Contacted my hosting provider (Peopleshost) and they say this is just how Cpanel deals with add-on domains. I have a shared account and was setting up everything presuming they'd they'd be independent sites.

However as an SEO having all my sites (various unrelated niches) linked as subdomains via one primary domain is hella scary, and having a cloned version is downright terrifying.

How do BoSu'ers handle add-on domains and Cpanel? Should I really have separate hosting accounts for each niche site?

My host recommended adding the following to my .htaccess to make the links "unavailable":

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} addon.maindomain.com$
RewriteRule ^(.*)$ "http://maindomain.com/404" [R=301,L]
</IfModule>

Being a technical layperson I have no idea what the above means/does which makes me nervous about implementation.

The second solution offered was to point my unwanted subdomains to a non-working IP address. This sounds simpler but I'm struggling to see how Google would evaluate this from a search perspective.

How do ya'll deal with subdomains created in Cpanel? Should I be shitting my pants given the above or am I over-reacting?

If anyone has any insight I'd be eternally grateful.

 

[Ryuzaki]

Yes, this is normal and how it works on shared hosting. You have sub-domains that "point to" sub-folders of the main domain in the /public_html/mainaccount/, if I recall correctly. It's been a while.

To not show the "index of," you can either drop some kind of index.html file in those folders so that loads instead (it can be blank), but better yet is an .htaccess rule so unauthenticated viewers can't browse folders:

# NO DIRECTORY BROWSING
Options All -Indexes

Pretty simple solution there. That should stop any of them from being indexed. I think it throws a 5xx level error in the HTTP headers. Whatever the "authentication" errors are.

But Google shouldn't be finding those sub-domains anyways. When you aim the domain at the nameservers, it should connect that domain to the proper sub-folder file hierarchy.

Any of these sub-domains that are clones of your main site sound like they aren't set up correctly. Your first move should be to simply delete any that you aren't using. You may have to manually delete the sub-folders. I don't think cPanel is going to clean that up for you, it just breaks the ties between the sub-domain and sub-folders and the nameserver connection to the sub-folder.

That .htaccess code you included in your post 301 redirects the sub-domains to a non-existent page (/404) on your main domain. I don't think that's a good solution. I'm not great at Regex but I'm pretty sure that code does not handle anything but the homepage of the sub-domain (no inner pages). The non-working IP address suggestion is pretty stupid. A less stupid one would be to make it throw a 410 error so Google never indexes it. Better yet would be to redirect any traffic from any page to the real domain so there's no errors ever.

But again, I doubt they're crawling those at all unless you or someone else has created links to them.

Add-on domains are fine. I went full time with shared hosting and add-on domains. Google will never find them, the sub-domain is the account name and not the domain name, so people would have to guess how to find them, and even if they load your site, one thing you can be doing is having rel="canonical" in there to point to the real version of the site.

You should be able to check the traffic on them and see nobody is visiting them. Also, you can use the code I pasted above to block directory browsing. Beyond that, you're good to go, especially with canonicals.

There's actually some kind of PHP module you can enable to block anyone from visiting a site through the account sub-domain, now that I think of it. Some security module that cPanel has... I can't think of what it is but you can ask your hosting company. Sounds like they probably won't know though.

 

[harrytwatter]

This was very enlightening, thank you!

To not show the "index of," you can either drop some kind of index.html file in those folders so that loads instead (it can be blank), but better yet is an .htaccess rule so unauthenticated viewers can't browse folders:

This seems the most straightforward to me so I think I'll give it a shot. I'll own my ignorance and ask, do I have just one .htaccess that I can pop this in or do each of the subdomains have one that it needs to be added to?

But Google shouldn't be finding those sub-domains anyways. When you aim the domain at the nameservers, it should connect that domain to the proper sub-folder file hierarchy.

I did check and fortunately none were indexed. Maybe I'm just overly paranoid that Google is somehow finding them and saying "oh ok, bunch of random niches with different personas, this guy is clearly an affiliate marketer..devalue!"

That .htaccess code you included in your post 301 redirects the sub-domains to a non-existent page (/404) on your main domain. I don't think that's a good solution. I'm not great at Regex but I'm pretty sure that code does not handle anything but the homepage of the sub-domain (no inner pages). The non-working IP address suggestion is pretty stupid.

When I first moved to Peopleshost from Small Orange I was blown away with their customer support. Over the years it seems to have deteriorated quite a bit. Moving is such a pain though so I'm avoiding it if possible.

You should be able to check the traffic on them and see nobody is visiting them. Also, you can use the code I pasted above to block directory browsing. Beyond that, you're good to go, especially with canonicals.

It looks like Mozilla and MobileSafari have found them, I have no idea how...but that does seem concerning?

The problem with a canonical tag is choosing an original URL to point to as most of them are 50/50 mashups of two completely different sites, idk how I'd choose between apples.com and oranges.com if the problem child is apples.oranges.com. Maybe I'll just implement the "No Directory Browsing" code, delete the unused and try to forget about it

I tried searching for other examples of this and other solutions but oddly not finding much on Google, at least in regards to potential SEO risk, which I find odd because isn't everyone and their mothers using shared hosting and Cpanel?

Thank you again for taking the time and putting some thought into your response!

 

[Ryuzaki]

You can drop the same .htaccess code for blocking directory viewing into each sub-folder's .htaccess file. You can confirm it's working right by checking yourself in a private browser.

Yeah, if Google does index them, then you'll have a "duplicate pages in the index" Panda problem. You definitely don't want that. I don't think they care if you're building sites with the intention of making money. That's pretty much the point in 2019.

Mozilla and MobileSafari aren't crawlers. Sounds more like UserAgents from browsers. Have you checked on the sites yourself with Firefox and an iPhone?

I'd say most people aren't worried about it. You can find some stuff on stackexchange and cpanel's forums, but in general most people don't know about this type of thing, even if they're internet marketers. They just trust the software.

Maybe I'll just implement the "No Directory Browsing" code, delete the unused and try to forget about it

That should get you taken care of. Also, I'd ask your host about the "make it you can't browse the sites from the account-name subdomain. It's absolutely possible. You may be able to find it yourself in cPanel. I can't remember what's involved though.

The main thing is, nobody will ever find those sub-domains without guessing the account names, nor the sub-folders if you block directory browsing.