10

I was checking out my reverse-DNS entry of my domain the other day which is run from a dedicated server.

I noticed that another person/company had their domain pointing to my server? I have no idea who this company is or why they are pointing their domain at my server IP?

How can I go about stopping this or forcing them to change?

splattne
  • 28,508
  • 20
  • 98
  • 148
  • 2
    The relationship with the reverse-DNS entry is unclear. Do you talk about a domain name pointing to "your" IP address or about the opposite? – bortzmeyer Mar 03 '10 at 09:40
  • 2
    And do not forget to vote (up or down) to the answers and may be to accept one, otherwise we may think you do not even read the answers to the questions you asked... – bortzmeyer Mar 05 '10 at 14:43
  • What is this "rogue" domain name? Could it be that you provider has registered all its addresses in the pool they own? – Eddy Mar 03 '10 at 06:31
  • today I also noticed the same issue & the HEAD reports an X-Pingback: for xmlrpc.php also so likely some sort of data collection / phishing attack on WP. – Chris Oct 18 '16 at 08:29

5 Answers5

15

Some sketchy webmasters have in the past set up DNS entries to resolve their domain names to our IP address. It was not a mistake, because when we inmplemented countermeasures for a specific domain name, a new domain name began resolving to our IP address. Both of these rogue domain names were registered to the same individual. I have additional reason to suspect that it was an intentional ruse for nefarious purposes. My site is well known public law enforcement site.

I'm not sure what the intentions of the perpetrator are. It may be to gain search engine rank by parking his domain on my IP address. Or it might involve some cross-site scripting or IFrame / javascript / flash security hack attempt. The bottom line was that he pointed two different domain names at different times, to my webserver's address.

Both of his domain names were registered with GoDaddy, so I contaced their abuse foks to report that their DNS servers we being used for a questionable practice.

At first I added code to my home page to respond with a 404 - Not Found error if the HTTP_HOST in the URL was the other guys domain name. I did this because I thought it was his mistake. But after learning that the same individual subsequently pointed another domain name at our IP address, I had to find a better solution.

The Better Solution...See example 2 for the script.

I configured Microsoft IIS to use explicit host headers for our valid domain names. Then I created a new website in IIS that did NOT use host headers, and labeled it "Rogue Domain Names". Any domain names resolving to my webserver that match one of my explicitly defined host headers would find their way to the correct content. But any domain name NOT defined in a host header setting, goes to the Rogue Domain Names site. And the default home page for that Rogue Domain Names site contains a script to send a "301 - Moved Permanently" response, redirecting the request to Google.com.

I decided that if the intention was to poison search engine results or steal rankings, Google might be the place to send his traffic, and thus earn his site ill-will from Google spiders.

An added benefit of setting up a website site to catch unknown domain names set to resolve to our IP address, is that I can now log activity and see how often it happens. It also makes site testing easier than inserting code into individual pages to check for a valid domain names and redirect when necessary.

Here a code snipit for thos using classic ASP...

Example 1. Page level domain name rejection

Insert this code into an ASP home page to reject unknow domain names

 If instr(1, UCase(Request.ServerVariables("HTTP_HOST")), "OURSITE.COM") < 1 Then
    Response.Status = "404 Not Found" 
    Response.Write(response.Status)
    Response.End
 End If

Example 2 - IIS level domain name rejection

<%@ Language="VBScript" CodePage=65001%>
<% option explicit%>
<%
'
' Some fraudulent webmasters have in the past set up DNS entries to resolve their domain names to our IP address.
' This file is a counter measure to prevent other domain names from resolving to our site.
' The intent of the fraud may be to gain search engine ranking status for their domain name by pointing it to a 
' well known site.  Or there could be more going on such as cross-site scripting attacks...
' By using IIS host headers, we explicitly resolve domain names.  Any host headers that are not defined in IIS
' land on the Rogue Domain names website which servies up a 301 - Moved Permanently page that redirects to Google.
'--------------------------------------------------------------------------------------------------------------------
Response.Buffer = True 


If instr(1, UCase(Request.ServerVariables("HTTP_HOST")), "OURSITE.COM") < 1 Then
     Response.Status = "301 Moved Permanently"
     Response.AddHeader "location", "http://www.google.com/"
     Response.End
End If
%>
Ben Pilbrow
  • 12,041
  • 5
  • 36
  • 57
user46392
  • 151
  • 1
  • 4
2

When you do a reverse lookup of your IP address, does the name that is returned resolve back to your IP when looked up as a forward address?

For example:

user@host:~$ host 172.17.25.98
98.25.17.172.in-addr.arpa domain name pointer www.example.com.
user@host:~$ host www.example.com.
www.example.com has address 172.17.25.98

If the name for the reverse address does not match the forward address, it is likely that the name you see was the name assigned to your IP address when the IP was used by a different customer of your provider.

If the name does match, you should talk to your provider and make sure something else isn't going on.

If possible, please revise your question with some examples of what you're seeing.

Shane Meyers
  • 1,008
  • 1
  • 7
  • 17
2

If contacting them does not work, and you are concerned about the search for their company showing up with your company's information. Implement a quick named based virtual host for "their" name(s) on "your" server and put whatever you like there. Then the next time the search engine spiders come by you can have anything you like show up for their name as it is your server. If it is obnoxious enough, maybe they will go away.

Kevin K
  • 833
  • 1
  • 6
  • 8
1

You cannot force them to change, that's the way things are on the Internet.

Since I do not see why would anyone do what they do, it is probable they've made an honest mistake. In that case, why not contacting them and reporting the issue?

PS: are you sure they point at "your" IP address? Or is it simply that "your" IP address is shared hosting?

PPS: indicating real names and addresses would have helped a lot, since your question is unclear.

bortzmeyer
  • 3,941
  • 1
  • 21
  • 24
  • There are ways to force them to change. You could get help from their providers assuming you can prove your ownership. Or, many services use server access as a form of authentication. For example, "Add y38d8xka09d.html to your server to prove you have control". You could take advantage of this to take over their services and change things yourself. – J.Money Jan 16 '17 at 16:49
0

Why don't you just look up the registrant info for this domain, and contact them? Usually postmaster@domain.com works, or webmaster@domain.com for contact as well.

Look them up... and if you can't find anything (private registrant via proxy) then who cares? You can always set your reverse-DNS for your machine yourself.

Jakub
  • 380
  • 1
  • 11
  • hi thanks for the response. yeah i was generally just concerned that a google search for this domain name "wrongdomain.com" [this is not the domain just an i.e.] - brings up their domain next to our site. i.e. "our title" "our description" "wrongdomain.com" –  Mar 03 '10 at 05:06
  • 1
    There are many reasons to care: branding, SEO, the trust and security of your users, bandwidth, server load, controlling the domain names that lead to your content, etc. – J.Money Jan 16 '17 at 16:37