25

I've discovered (via looking at mod_pagespeed cache entries) that a completely random domain I've never heard of before is resolving to my website.

If I visit this domain, my website loads. The DNS for that domain is pointing to my server's IP.

Right now in my vhost config I have *:80, which I'm guessing is where I'm going wrong.

I immediately changed this to example.com:80 where example.com is my domain. Assuming this would mean the server would only respond to and fulfil requests for my domain name, rather than any request on port 80.

My original vhost config;

<VirtualHost *:80>
    DocumentRoot "/var/www/example.com"
    <Directory "/var/www/example.com">
        Order allow,deny
        Allow from all
        Allowoverride all
    </Directory>
</VirtualHost>

My new tried config;

Listen 80
ServerName example.com

<VirtualHost example.com:80>
    DocumentRoot "/var/www/example.com"
    <Directory "/var/www/example.com">
        Order allow,deny
        Allow from all
        Allowoverride all
    </Directory>
</VirtualHost>

When I tried to restart apache with the new config I got the following error:

 * Restarting web server apache2 [Fri Mar 28  08:55:47.821904 2014] [core:error] [pid 5555] (EAI 2)Name or service not known: AH00549: Failed to resolve server name for 152.155.254.241 (check DNS) -- or specify an explicit ServerName
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

Note: The IP beginning 152 in the above error has been slightly edited, but the original wasn't my server's IP address anyway.

Can anyone offer advice on this issue? Is the domain (actually there's a couple) that is resolving to my website innocently just the previous user of the dedicated server, whose DNS is just still pointing to it? How can I resolve the apache virtual host config issue, and any other advice is welcome.

Thanks.

i-CONICA
  • 630
  • 1
  • 9
  • 22
  • Your `VirtualHost` should have a `ServerName` -- that is the warning. – Simon Richter Mar 28 '14 at 11:43
  • 3
    The error is transient. It means that the grace period for rebinding the socket (120 seconds IIRC) has not yet elapsed. For config changes, `reload` is usually sufficient. – Simon Richter Mar 28 '14 at 11:45
  • I'd never heard of reload, I've been restarting all the while. Thank you. – i-CONICA Mar 28 '14 at 15:10
  • 3
    Is this your own server? Or are you on a multi-tenant hosting service server? If it's the second, this other hostname could belong to some other tenant. – O. Jones Mar 28 '14 at 18:22
  • To figure out which processes are listening on which ports, you can use `netstat -lnptu`
    (I would have written this as a comment but don't have enough rep yet)     – LoicAG Mar 28 '14 at 10:13
  • I only have 5 ports open, and the only thing listening on 80 is Apache. – i-CONICA Mar 28 '14 at 10:25
  • Hi, It's a very powerful fully dedicated server, mine all mine. I have a range of IPs available. – i-CONICA Mar 28 '14 at 22:25
  • The only reason I can imagine for someone to do this is for gaining search engine ranking over your current domain, or to bring negative (re)views using a known bad domain. – Vercas Mar 29 '14 at 09:10
  • I've only recently taken over the server, so it's likely that it's just an old abandoned domain, it certainly doesn't seem to have any purpose. – i-CONICA Mar 29 '14 at 13:19
  • As a possible reason, I had an old domain that pointed to a random website since it was pointed to a static IP I had but that expired before the domain and I forgot to update. – T. Kiley Mar 29 '14 at 20:43

5 Answers5

30

There's probably no harm in having those other domains pointing to your host, except of course that it increases the load on your server. If you want to block them, set up new virtual hosts for them:

NameVirtualHost *:80
<VirtualHost *:80>
    ServerName example.com
    # example.com configuration
</VirtualHost>
<VirtualHost *:80>
    ServerName baddomain.com
    Deny from all
</VirtualHost>

Instead of Deny from all you could use Redirect permanent /error.html to show them a custom error message.

You could repeat the second VirtualHost for each domain you want to block, or if there are a lot of them, put it first to make it the default VirtualHost, and make exceptions for your domain(s):

NameVirtualHost *:80
<VirtualHost *:80>
    # default VirtualHost
    Deny from all
</VirtualHost>
<VirtualHost *:80>
    ServerName example.com
    # example.com config
</VirtualHost>

As for your error messages, it seems that Apache couldn't resolve the hostname example.com when it started, or couldn't find your ServerName directive. Not sure why. The second error says that port 80 is already in use on your host. Did you finish shutting down all of the previous instances of Apache?

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
  • 18
    There is harm. Google does not like multiple sites with the same content. – TomTom Mar 28 '14 at 10:05
  • 1
    Hi, Thanks. I used service apache2 restart, so I assume it doesn't start apache again until all instances are closed but I could be wrong! The worry about having other domains resolving to my website is from an SEO point of view, having other domains mirror my content is really bad news, especially considering my domain is fairly young, and the other domains may be considerably older. I'll try the suggestion to deny from all, then allow mine, and see how I get on, thanks. – i-CONICA Mar 28 '14 at 10:06
  • TomTom, yes see my comment, that's my concern! :) – i-CONICA Mar 28 '14 at 10:06
  • 1
    +1 for the second part of this answer; make a default vhost to capture all the bad domains, and then set up specific vhosts for your domain(s). I also like the "Redirect permanent" solution, as it allows you to tell people "this domain is broken!" -- just make sure you don't provide your email/etc on that error page otherwise users of the other domains will start whining at you about the other domains being broken (which is beyond your control). Also +1 to TomTom about duplicate content penalties in Google. – Doktor J Mar 28 '14 at 20:20
  • @TomTom maybe someone is trying to bomb his PageRank – NothingsImpossible Mar 29 '14 at 01:39
  • The simple solution to this is to have the main page as a domain name specific site, and have the default site use use http 301 redirects as described on [Change page URLs with 301 redirects](https://support.google.com/webmasters/answer/93633) as this will maintain your pagerank and you will receive free advertising. Since it is your web server serving the web pages you can serve up what ever content you want, including the 301 permanent redirect. – BeowulfNode42 Mar 29 '14 at 09:50
  • Also take a look through your content and logs to be sure some section of your site(s) hasn't been hijacked and is serving up malware or clickjacking. – fatal_error Nov 28 '14 at 15:59
4

Apache serves as a sort of default the first domain you define.

If you want to serve up myowndomain.com with the content you desire and all other domains some behavior (perhaps redirecting to the corresponding page on your preferred domain), define the "catchall" domain first, handle traffic appropriately (I recommend redirecting to your real domain), and then define your real domain etc. with subsequent VirtualHosts.

Christos Hayward
  • 1,152
  • 3
  • 15
  • 35
4

Regarding "where the heck did this other name for my website come from", anyone can put any A record they like at any name below a domain they control. You can investigate a little by using whois to find out who has registered the second-level domain containing the offending DNS name.

zwol
  • 1,305
  • 2
  • 12
  • 22
1

Your best bet here, if you really want to avoid random domains being pointed to your website, is probably as Andrew Schulman has answered and BeowulfNode42 has commented:

Serve a default vhost. You have a few options here, but to be clear I disrecommend serving a plain error page since it may make troubleshooting a pain later.

  • Serving up a bland "Under normal circumstances you shouldn't see this, please contact blah blah for help." sort of message. That way if something undesired does happen later (misconfigurations do happen) you'll have a useful fallback.
  • Redirecting with 301 to your actual domain/website, though if certain issues do arise you could end up with a redirection loop.
  • Have some sort of mini-site that then directs the user to your actual website, perhaps explaining that the domain they've hit is "no longer in use".

So, leave your vhost configuration as it was, but create a new vhost for the actual website, swap the directories around, and keep going.

Given what you've said about recently taking over the server, I would consider making sure (unless the domain clearly isn't yours) that this isn't some forgotten leftover that needs to be taken off autorenewal, or that it isn't part of some project that isn't yet complete or was abandoned.

Keilaron
  • 111
  • 2
0

You should always put the default VirtualHost first, as in @Andrew Schulman second solution.

That way you can keep all the requests that are not for your site in different log files using CustomLog and ErrorLog in the config - you don't want that in your logs if you are using AWStats or another program to create your stats.

Also a lot of (most?) attacks will come at your IP and not at your hostname. Again this will keep your real site logs clean and reject them straight with the deny from all.

Sacha K
  • 367
  • 4
  • 18
  • Hi, Thanks. I tried the second solution, but it gave me an error. I'll continue with this a bit later on, I can't right now. Thanks. – i-CONICA Mar 28 '14 at 11:39