Another domain name pointing to my server IP?

ip domain-name-system domain

Solution 1:

Some sketchy webmasters have in the past set up DNS entries to resolve their domain names to our IP address. It was not a mistake, because when we inmplemented countermeasures for a specific domain name, a new domain name began resolving to our IP address. Both of these rogue domain names were registered to the same individual. I have additional reason to suspect that it was an intentional ruse for nefarious purposes. My site is well known public law enforcement site.

I'm not sure what the intentions of the perpetrator are. It may be to gain search engine rank by parking his domain on my IP address. Or it might involve some cross-site scripting or IFrame / javascript / flash security hack attempt. The bottom line was that he pointed two different domain names at different times, to my webserver's address.

Both of his domain names were registered with GoDaddy, so I contaced their abuse foks to report that their DNS servers we being used for a questionable practice.

At first I added code to my home page to respond with a 404 - Not Found error if the HTTP_HOST in the URL was the other guys domain name. I did this because I thought it was his mistake. But after learning that the same individual subsequently pointed another domain name at our IP address, I had to find a better solution.

The Better Solution...See example 2 for the script.

I configured Microsoft IIS to use explicit host headers for our valid domain names. Then I created a new website in IIS that did NOT use host headers, and labeled it "Rogue Domain Names". Any domain names resolving to my webserver that match one of my explicitly defined host headers would find their way to the correct content. But any domain name NOT defined in a host header setting, goes to the Rogue Domain Names site. And the default home page for that Rogue Domain Names site contains a script to send a "301 - Moved Permanently" response, redirecting the request to Google.com.

I decided that if the intention was to poison search engine results or steal rankings, Google might be the place to send his traffic, and thus earn his site ill-will from Google spiders.

An added benefit of setting up a website site to catch unknown domain names set to resolve to our IP address, is that I can now log activity and see how often it happens. It also makes site testing easier than inserting code into individual pages to check for a valid domain names and redirect when necessary.

Here a code snipit for thos using classic ASP...

Example 1. Page level domain name rejection

Insert this code into an ASP home page to reject unknow domain names

 If instr(1, UCase(Request.ServerVariables("HTTP_HOST")), "OURSITE.COM") < 1 Then
    Response.Status = "404 Not Found" 
    Response.Write(response.Status)
    Response.End
 End If

Example 2 - IIS level domain name rejection

<%@ Language="VBScript" CodePage=65001%>
<% option explicit%>
<%
'
' Some fraudulent webmasters have in the past set up DNS entries to resolve their domain names to our IP address.
' This file is a counter measure to prevent other domain names from resolving to our site.
' The intent of the fraud may be to gain search engine ranking status for their domain name by pointing it to a 
' well known site.  Or there could be more going on such as cross-site scripting attacks...
' By using IIS host headers, we explicitly resolve domain names.  Any host headers that are not defined in IIS
' land on the Rogue Domain names website which servies up a 301 - Moved Permanently page that redirects to Google.
'--------------------------------------------------------------------------------------------------------------------
Response.Buffer = True 


If instr(1, UCase(Request.ServerVariables("HTTP_HOST")), "OURSITE.COM") < 1 Then
     Response.Status = "301 Moved Permanently"
     Response.AddHeader "location", "http://www.google.com/"
     Response.End
End If
%>

Solution 2:

When you do a reverse lookup of your IP address, does the name that is returned resolve back to your IP when looked up as a forward address?

For example:

user@host:~$ host 172.17.25.98
98.25.17.172.in-addr.arpa domain name pointer www.example.com.
user@host:~$ host www.example.com.
www.example.com has address 172.17.25.98

If the name for the reverse address does not match the forward address, it is likely that the name you see was the name assigned to your IP address when the IP was used by a different customer of your provider.

If the name does match, you should talk to your provider and make sure something else isn't going on.

If possible, please revise your question with some examples of what you're seeing.

Solution 3:

If contacting them does not work, and you are concerned about the search for their company showing up with your company's information. Implement a quick named based virtual host for "their" name(s) on "your" server and put whatever you like there. Then the next time the search engine spiders come by you can have anything you like show up for their name as it is your server. If it is obnoxious enough, maybe they will go away.

Solution 4:

You cannot force them to change, that's the way things are on the Internet.

Since I do not see why would anyone do what they do, it is probable they've made an honest mistake. In that case, why not contacting them and reporting the issue?

PS: are you sure they point at "your" IP address? Or is it simply that "your" IP address is shared hosting?

PPS: indicating real names and addresses would have helped a lot, since your question is unclear.

Related

Monitoring XFS filesystem health in Linux
What's the easiest way to back up EC2 instances automatically?
Acceptable load average
How important are PTR records for Email Servers?
How can i check if $remote_addr IP is NOT in CIDR range in nginx?
Is it possible to setup a writeonly ftp?
How can I get rid of the "Do you trust this printer" message box and add my printer via GPO?
ubuntu: let a user run a script with root permissions
HowTo redirect HTTP to HTTPS on the same httpd?
/home/vhosts/ or /var/www/
yum-security for CentOS?
How do I set up per-site php.ini files on a LAMP server using NameVirtualHosts?