Many of our websites allows people to make comments, and we get an email whenever there is a new comment, and that email will contain the domain name so we know where it came from. Recently I noticed that there were some comments from a strange domain that does not belong to us. For the purposes of this article I'm calling the unauthorized domain "hacker-domain.jerk"
, and that our actual domain is "coolcomputing.com"
hosted at the IP address of 184.108.40.206. What was happening was that someone nefarious set up their domain name to DNS point at our web server (running Apache). This can potentially hurt a site because of duplicate content problems. Someone searching on Google for "coolcomputing.com latest coupon codes" can see the same exact pages located at hacker-domain.jerk. It could be a prelude also to hacking attacks as well, so this is something you definitely want to address as a webmaster to prevent problems.
Basically the person who owns the domain name hacker-domain.jerk configured its DNS to resolve to our IP of 220.127.116.11. Apache takes the first VirtualHost entry for each IP and sets that up as the default to use if someone accesses it directly by IP address. So the solution of this problem also applies to those of you who want to block direct IP access to your website/domain
We have multiple IP addresses on our server running Apache using Named Based Virtual Hosting. So I wanted to find a catch-all solution that would work for all IP address in httpd.conf. But it seems that no such solution exists. So this has to be done for every single IP address you have on your server.
For this to work, you need to put the following right below the NameVirtualhost
for each IP you have in httpd.conf, so that it is the FIRST VirtualHost entry for that IP.
Deny from all
ServerName Blahblah.BlahBlahBlah.notmatched can be replaced with any non-existant domain name. It is very important
that you have the ServerName entry here because otherwise it will match ANY domain in your NameVirtualhost section. For instance I found out www.coolcomputing.com was getting a 403 error page when ServerName was missing. You also have to make sure that the directory /home/www/default/htdocs
exists (or whichever you select to replace that directory).
After you edit your httpd.conf, restart Apache, direct IP access attempts or traffic from any unauthorized domain name that is not yours should be blocked.
For a related issue check out my article on how to handle a situation where you want to redirect an unforseen subdomain to your www subdomain