Can you find an hidden domain on a server?

I have a public server with a hidden domain that I use for dev/admin stuff. I added a "dev.com" domain in Plesk but the domain is not pointing to my server, so no one can access the website. Then I modified the windows hosts file to make dev.com point to my server IP. So when I go to dev.com in my browser, I can access the domain and use the admin features.

My question: is there a way for a hacker who knows my server's IP to find out that there is a hidden "dev.com" domain? Obviously, I am aware an hacker could do the same I did with windows hosts file, but what if he doesn't know the name of the hidden domain? I know this is not 100% safe I just want to know if someone can get the list of hidden domains on the server, if the domain is not pointing to the server's IP.

Thanks

It's not really clear what you are asking.

In the best case, the hacker has to know the IP address and the domain name in order to access the server. Someone who just happens to visit the IP address cannot easily discover the name of the web site if the server's default configuration does not reveal it.

The crucial question then is how exactly the system is set up and whether that configuration can be trusted to not leak the information you want it to protect. We have no information about this, so the short answer is simply "it depends."

Still, someone who knows which domain name you are likely to use and who is specifically striving to access this particular server could perhaps find out by some means which IP address you are connecting to. If they have visibility into the network you are connected to, they would just have to look where the packets from your computer are going in order to discover this.

Depending on the risk scenario, you might want to consider adding additional layers of security around the system. Perhaps require authentication in order to access the server (and/or require a private SSL certificate), and/or use a VPN to hide the destination of your outbound traffic.

No, it is not possible. You can only know which domains this server is ready to serve either by the brute force (which is infeasible), or from side channels.

But the way you presented the idea creates issues.

The first: you are hijacking some others's domain. Never do this. You own example.com means you can do anything under this domain three, so better use e.g. abracadabra.example.com or jeug982-gu9fg.example.com, or buy another domain, but don't hijack other's domains. You may continue to use hosts or you may consider adding it to the DNS — this wouldn't change much; DNS is also non-traversable (DNSSEC — with NSEC3), e.g. you can't list all subdomains of some domain and what I said about web server applies here: only brute force or side channel.

Second: don't assume this is secure. While in theory this could be considered as a shared secret (e.g. password), in practice nobody will consider this name as a secret. For example, browser will display it in clear on the screen, so anybody staring into your screen may see this very secret name. You may use secret domain name for site admin panel for improved security, but don't rely on it and still implement proper authentication.

There is not a problem for you having this configuration, because only you are pointing to dev.com and this exist only for you. For me dev.com is at

borc@borchp:~$ ping dev.com
PING dev.com (162.248.51.101) 56(84) bytes of data.
64 bytes from host.dev.com (162.248.51.101): icmp_seq=1 ttl=43 time=203 ms