I have noticed in the Web-server log-file that some guys actually test the existence of some pages on my server (and possible other server).
So I have setup a custom 404 site and read out who this visitors are. Something like
ErrorDocument 404 /404.php
and I get something like this:
GATEWAY_INTERFACE CGI/1.1
SERVER_ADDR 62.75.xxx.xxx (my servers IP)
SERVER_NAME vps28680.vps.ovh.ca
SERVER_SOFTWARE Apache/2.2.22 (Debian)
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
REQUEST_TIME 1465225786
REQUEST_TIME_FLOAT 1465225786.731
DOCUMENT_ROOT /var/www
HTTP_HOST vps28680.vps.ovh.ca
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
REMOTE_ADDR 167.114.3.44
REMOTE_PORT 44685
SCRIPT_FILENAME /var/www/404.php
SERVER_PORT 80
SERVER_SIGNATURE Apache/2.2.22 (Debian) Server at vps28680.vps.ovh.ca Port 80
SCRIPT_NAME /404.php
REQUEST_URI HTTP://vps28680.vps.ovh.ca/judge/judge.php
In a normal World the SERVER_NAME should be part of REQUEST_URI and it should resolve to REMOTE_ADDR.
like in this case :
$_SERVER(REQUEST_URI) = "HTTP://vps28680.vps.ovh.ca/judge/judge.php"
$_SERVER(SERVER_NAME) = "vps28680.vps.ovh.ca"
and
$_SERVER(SERVER_NAME) = "167.114.3.44"
I done a 'dig vps28680.vps.ovh.ca' and it turns out to be 167.114.3.44 .
OK, so far so good, but the Problem is that neither the IP not the URI are on my server.
The $_SERVER(REQUEST_URI) is according to the documentation the URI the visitor entered in his Firefox browser and landed on my server. And exactly immediately after his visit, I clicked the link and it didn't took me to my box.
Okay so I thought that its possible that someone setup a Nameserver to point at my box with that domain, but how could he do it with the fake IP ? So why did he land on my box?
A.f.a.i.k the HOST_NAME should have been showing my domain name, not his domain. Or probably these are'nt his IP and his Domain.
Can somebody explain me what's going on?