I've just done a routine reverse IP check. And saw that 2 domains are pointing to my IP.
This is getting me really worried, as I was told they could be preparing to attack my server.
What exactly can I do about this?
Asked
Active
Viewed 474 times
-6
-
2What do you mean by reverse IP check? How did you do it? It is highly unlikely and probably someone had that IP before you and let the domains pointed as they are no longer in use. – Florin Asăvoaie Apr 24 '16 at 14:15
-
4http://serverfault.com/questions/588389/another-domain-points-to-my-webserver?rq=1 – Mat Apr 24 '16 at 14:16
-
@FlorinAsăvoaie No one did. I did with domaintools.com – Nikk Apr 24 '16 at 14:18
-
A PTR record isn't a confirmation of a corresponding A record. – joeqwerty Apr 24 '16 at 14:20
1 Answers
1
As Mat indicated, this is pretty much a duplicate of:
Another domain points to my webserver
Where it's answered that in your webserver settings, you can simply make it so your server doesn't respond to anything it doesn't recognise. So no big deal. With tools like Fail2Ban, you could even make it so that your server does respond to it, and bans the visiting IPs right away, or make it serve some huge file from someplace else.
As you just found out, anyone can point any domain to any IP. There's no harm in that. Just make sure your public facing server is as secure as it reasonably can be.
To answer your question:
What exactly can I do about this?
You can of course ask the owner to stop pointing to your IP address, in as far as you actually own this IP. That's the only thing you can do about somebody pointing a domain name to your IP address.
-
Right but the question doesn't really have any answers. I'm very much a newb with server stuff. Im running debian and I do have fail2ban. And I've also been told to try http request blocking through nginx. But I've been unable to find anything helpful for both fail2ban and http requests blocking. Can you maybe please suggest some links? – Nikk Apr 24 '16 at 22:54
-
If you configure Nginx only for whitelisted, explicitly allowed domains, rather than * wildcards, then you don't have to block any requests because they don't even resolve. Similarly, there isn't anything to block with Fail2Ban unless you specifically allow this to resolve on your server. You could do that, to then match the access log in your jails, and ban accordingly. But you may be banning people who have nothing to do with this. So really, keep your server secure and then don't worry about this. – JayMcTee Apr 25 '16 at 11:56