An unknown domain serving contents of my sites

Question

I found that an unknown domain like www.aaa.com serving exactly the same contents (html, js ,css, any asset) of my site: myname.me.

And the API as well, for example, www.aaa.com/api/user get the same response as myname.me/api/user.

How can I block this domain from serving my thing?

How does it make this, redirect directly to my domain? Proxy? DNS?

I use VPS and I use nginx, here my nginx config, This is the redirection to https:

server {
    if ($host = example.me) {
        return 301 https://$host$request_uri;
    }

    listen 80 default_server;
    listen [::]:80 default_server;

    server_name example.me;
    return 404;
}

This is the proxy from https request to my application running on port 3000:

server {
    root /var/www/html/example
    server_tokens off;

    index index.html index.htm index.nginx-debian.html;

    server_name example.me;
    # add_header Cache-Control no-cache;

    location / {
        # First attempt to serve request as file, then as directory, then fall back to displaying a 404.
        # try_files $uri $uri/ =404;
        proxy_pass http://198.51.100.1:3000$request_uri;
    }
}

First thing to do is block the IP Address(s) which proxy your domain. But, this is not a solution. It will just put these unethical people on notice and let them know you know about them. Is this API serves anonymous content? Or, you have an authentication mechanism setup? — fossil, Jun 03 '19 at 01:56
I found that the requests form `www.aaa.com`'s IP is the same as my linux host IP. Is it proxy or something? — , Jun 03 '19 at 02:00
It seems `www.aaa.com` is pointing you your server. You could do something for this quickly. Review your Nginx configuration and make sure it serves the content and API only for requests coming with valid domain name. It should throw an error for unknown domains. — fossil, Jun 03 '19 at 02:07
It should not serve content and API if requests coming directly to IP address. — fossil, Jun 03 '19 at 02:09
@fossil I've updated my question and add my nginx config, I did set the server name, is that correctly? — , Jun 03 '19 at 02:29
The configuration seems to be fine. You should consider reconfiguring your real server to listen only on 127.0.0.1:3000. This will prevent anyone connecting to your server on port 3000. Please note that this is not solution, but a best practice. — fossil, Jun 03 '19 at 02:44
The best practice is only valid if we don't have active firewall on VPS. If there is firewall, you can block incoming requests on port 3000. — fossil, Jun 03 '19 at 02:47
This is a very good question and I upvoted it. However, I feel it would be better suited on the network & administration site. — Marcel, Jun 03 '19 at 05:52
I've found that this called 惡意鏡像/恶意镜像 in Chinese, which means "Maliciously mirror", that an unknown domains copy your website's content, not sure whether there's a similar phrase related to this in English. I'm still finding a better answer to solve this. — Timothy Lee, Jun 03 '19 at 10:10
Related: The question with this same issue for Apache: [How do I prevent Apache from answering requests for domains I don't host?](https://serverfault.com/q/444217/126632) — Michael Hampton, Jun 03 '19 at 14:46

score 4 · Accepted Answer · answered Jun 03 '19 at 14:49

Your description says that another domain name you don't own has been set to your IP address, and web visitors to that domain therefore see your site.

To fix this, you need to restore the default nginx server block which shipped with nginx (or in this case, Ubuntu's custom version of the default server block). This default server block does not serve anything by default; everything reaching it gets the Debian "welcome to nginx" page. You should have separate server blocks for your own sites.

score 0 · Answer 2 · answered Jun 04 '19 at 07:58

Refer to @Michael Hampton♦ 's answer, here is how I fix it.

Add a default server block (ssl), need to include ssl certificate paths to make it work, see here.

server {
        listen 443 default_server;
        listen [::]:443 default_server;
        ssl_certificate /path/to/your/certificate
        ssl_certificate_key /path/to/your/certificate_key
        server_name _;
        return 444;
}

Now that unknown domain returns nothing(but still using my ssl), and my domain works normally.

An unknown domain serving contents of my sites

2 Answers2