There is a porn domain pointing to my site

Question

Let's say example.com is my real site, and fooexample.com is the porn site. fooexample.com are pointing to my ip. Now you could think, just don't mind it right. Well the thing is that they are driving load of traffic. Not only that, but my main domain example.com become unavailable after a couple of minutes and the only domain that work is either fooexample.com or none of those 2.

What i have done so far was using mod_rewrite to redirect the porn site to google but my domain still become unavailable. Blocking the ips served no result either.

I hope someone will be able to help me because this is a huge problem right now. Thanks.

Is everyone experiencing this problem? It sounds like you might have a problem with your domain resolution. — ChrisF, Jul 05 '12 at 11:24
You should check this. Try http://networking.ringofsaturn.com/Tools/dig.php for example — krissi, Jul 05 '12 at 11:33
Giving us the real domain names would help. Giving us an actual question to answer would also help. — womble, Jul 05 '12 at 11:35
The sites are www.tropikms.info (Mine) and www.sexymultiply.com (The porn site) For now i redirected the porn site to google using mod_rewrite but my domain still become unavailable. — Nicolas Martel, Jul 05 '12 at 11:41

score 2 · Answer 1 · answered Jul 05 '12 at 12:46

Its not a DNS resolution issue, its probably a fault of their load balancer's or reverse proxy's. Best bet is to contact the technical contact of the domain through name.com (can get this information via a whois).

Alternatively you could ask if your host will change your IPs for you. You have a 30 second TTL on them so your downtime on the change would be minimal.

DNS Info

;; ANSWER SECTION:
www.sexymultiply.com.   300     IN      A       109.236.80.17


;; ANSWER SECTION:
www.tropikms.info.      30      IN      CNAME   tropikms.info.
tropikms.info.          30      IN      A       108.162.197.132
tropikms.info.          30      IN      A       108.162.197.32

I sent an email to worldstream for them to change my IP. Hopefully they will. — Nicolas Martel, Jul 05 '12 at 13:22

score 2 · Answer 2 · answered Jul 05 '12 at 14:38

Several possible mitigations:

Use a name virtual host so that your webserver only tries to serve requests for www.tropikms.info
Use a firewall rule (such as iptables with a string match) to drop requests for the bad domain.
since you're using apache, you might look into modsecurity; it can definitely help here.
Use a caching reverse proxy such as nginx or varnish to ensure that requests for the unwanted domain never hit your "real" webserver. They will much better be able to handle the load.

Choosing between these options will depend on your familiarity with the tools, the urgency/immediacy of the problem and whether you're trying to protect from excessive CPU utilisation or bandwidth utilisation or what.

Here's an (untested) example for option #2:

iptables -I INPUT -p tcp --dport 80 -m string –string “<baddomainname.com>" -j DROP

score 1 · Answer 3 · answered Jul 05 '12 at 11:53

1

You can not do too much about the traffic. You can contact the provider of the nameservice though.

The WHOIS of the site contians some info

answered Jul 05 '12 at 11:53

Christopher Perrin

4,811
19
33

There is a porn domain pointing to my site

3 Answers3