Apache: Scammers point dozens of domain names at my dedicated IP. How to prevent this?

security apache-2.2 domain-name-system

For the sake of discussion, pretend that I have an Apache webserver which serves a website at www.example.org. This domain name resolves to the public IP address at 192.168.1.100 (pretend this is a public IP).

The discussion at Is there anything I can do about someone who has pointed their domain at my ip? demonstrates that anyone can point their domain at my IP. Apache won't prevent this by default, but an administrator can deal with these one at a time through use of a blacklist.

However, it's becoming more common for scammers to register dozens of domains (or more) for use in a scam. I'm concerned about the following possible attack:

  1. A scammer registers hundreds of domain names, and points them at my dedicated IP address.
  2. The scammer directs search engines at their scam domains, thus using my content to increase their standing in the search engines.
  3. Later, the scammer moves their domain names to point to their own servers which host a scam/porn, or a competing business, etc. thereby reaping the benefits of their standing in the search engines. Some of these domains might be used to in comment spam as well.
  4. Profit!!

I believe I have seen scammers using this trick in the past, involving dozens of domains. We didn't realize the scam implications at the time, and assumed these were misconfigured domains.

Is there a term for this nefarious SEO trick? SEO masquerading? DNS Diversion?

How could I prevent this using Apache? I'm considering a "whitelist" fix based on using a default VirtualHosts, ServerNames & ServerAliases so that Apache only responds to requests where these white-listed ServerNames appear in the "Host: " header. Everything else would be rejected (or redirected to a particular page). However, I am unsure if this is the best approach.

For example, I've configured the domain http://thisisnotserverfault.stefanco.com/ to point at the IP for Serverfault.com. You can see the results here: http://thisisnotserverfault.stefanco.com/ .


I would setup NameVirtualHost entries for all your own domain entries and have anything not matching those get an explanation page (which is what you have demonstrated from Serverfault). Reference http://httpd.apache.org/docs/2.0/vhosts/name-based.html


You cannot prevent anybody from pointing their DNS servers to your IP. However, you can choose to not serve any HTTP content to those domains. Use Virtualhosts to serve content for your own domains, and do not set a default virtual host. Or use the default virtualhost to serve 404 or 403, that should scare the spammers away.


Put a http://en.wikipedia.org/wiki/Canonical_link_element into your webpages telling search engines the correct domain to use. The scammers links will then be an SEO benefit to you rather than a detriment.

Related

Docker breaks libvirt bridge network
How to diagnose causes of oom-killer killing processes
Is it possible to set an SSLProtocol in Apache for a single VirtualHost (poodle)?
My public website name and AD domain name are the same. How can I get to my external website from inside my network?
Disabling RAID feature on HP Smart Array P400
How to repair/restore ubuntu 10.04 after 'sudo chmod / 777'
Is it possible to have a 100% secure virtual private server?
How can I check the integrity of a video file (avi, mpeg, mp4...)?
Refresh Icon Cache Without Rebooting
SSMS wont give up file associations
Where did the other .8 GB of RAM go? [duplicate]
Is it possible to have several languages in Windows 8?