blocking a domain accessing server via A record..

[adibranch]

Hi all, this is confusing me a bit. A rogue domain is directly accessing a hosting account via an A record to the corresponding accounts IP. I've never added this domain to WHM or the accounts cpanel.

Is there any way to block it via WHM? All i have is the dns nameservers/IP coming from the domain, and the domain name itself, but thats it.

Thanks..

 

[adibranch]

am i to assume this isnt possible?

 

[Infopro]

I'm not sure I understand, but you might want to check your settings at:
WHM > Tweak Settings > Domains Tab.

 

[adibranch]

okay i'll try to explain better.

We have a domain on our VPS
oursite.co.uk
It has its own IP on the VPS.

There is a french domain that has nothing to do with us, nor have we added it to any accounts or settings on the VPS. It is owned by anonymous owner, and handled by eurodns as the ISP.
roguedomain.fr
this french domain is directly accessing the hosting account of oursite.co.uk via an A record set up by the domain administrator. Somehow, our VPS is letting it do this for some reason.

I cant block the IP of the french domain, as obviously the A record points to our own server. I've tried blocking Euro DNS IP's for the nameservers of the domain, and it didnt work. I need a way to stop this french domain from accessing the VPS.

My hosts for the VPS say they cant help.

 

[cPanelTristan]

Hello adibranch,

Is the rogue domain actually set to use the A record for your machine for that domain? If so, then that domain isn't actually accessing your machine, they are simply pointing to the IP of the domain on your machine. You cannot prevent a domain from setting their A record to the same as an IP on your machine. All that ends up happening when this occurs is that people who try to access the other domain end up on your server instead. I'm uncertain how this would be construed as the domain accessing your VPS, though, unless I'm misunderstanding still what they are doing, but setting their domain to the same A record as your IP when they aren't actually on your machine wouldn't be accessing your VPS directly.

Unfortunately, I'm uncertain how you could stop this behavior if they are pointing to the wrong IP. It likely isn't intentional but accidental. You might want to contact their domain registrar to ask they force a change for the domain's DNS, or email the administrative address on file for their domain to see if they can fix the issue. The domain whois records for the domain should contain that information. You can issue this in root SSH on your server to obtain the information:

whois roguedomain.fr

Next, the issue with firewall blocks on Linux is that they don't go by domain name but IP. Now, if this were FreeBSD, pf firewall does allow blocking by domain name.

A viable option might be to have a rewrite rule in .htaccess for those systems coming in from that domain to your machine, then redirect those users to a different page than your main domain. Something that lets them know it isn't the right location.

Thanks.

 

[adibranch]

Thanks, yes what you're describing is correct.. the A record points to the IP of our domain on the VPS (their MX record also points to it).
I must admit i'm suprised the standard linux settings allow this, as this means that any domain owner can serve the content of any site it wishes simply by pointing it to an IP of another site... effectively this is intellectual property theft. I was always under the impression that you need to give a domain permission (or include it in remote domain settings etc) on the VPS for it to be allowed to use a sites content.

ANyway.. maybe its a mistake, maybe its intentional.. but basically it's causing problems with our search engine results. Originally i'd 301'd the domain to ours via htaccess, but sending it off to another site may be a better idea.

As to who owns it and why they've done it.. well the whois reports an anonymous registrant. The hosting company that appears to manage it and serves the nameservers refuses to answer my emails, as does the company who relates to the domain (ie the rogue domain is xyzcompany.fr, and there is a business under xyzcompany.com, but they dont reply to my emails).

I'm still kinda amazed that any domain owner can add an A record of another site, and use the content under their own domain though.

 

[cPanelTristan]

I'm still kinda amazed that any domain owner can add an A record of another site, and use the content under their own domain though.

Since they don't control the content on the server, all that happens is it will either be an annoyance or free traffic for your site content. As for the other domain, it doesn't do them any good at all without controlling the actual content. They don't get the stats nor can they place ads to get additional income, so I'm trying to see how this benefit them in any way. It also won't increase Google Page ranking for their domain because google is only supposed to include one domain not parked domains on a site. That domain is basically functioning like a parked domain would, so they won't even get to benefit if your site were highly ranked to increase theirs.

 

[adibranch]

i wonder why they do it too.. at first i thought they might be using the account to send spam, as they have an MX record pointing there too.. but obviously this isnt possible just by pointing the record to our VPS.

Anyway, it does affect our search engine positions, or rather it has the potential to, which is why i wanted to sort it out. I work in web marketing and the site is one of my clients. I do not know the history of the french domain, what it is or has been used for, whether it is associated with spamming or not, or anything about it. The inclusion of it pointing to our website could have negative impacts on our own UK results. The fact that it is in france cause further potential problems.

Anyway, whether this is morally right or not, i've redirected the domain back to the company who it may be associated to. Ie..

xyzcompany.fr now redirects to xyzcompany.com (a real domain for a real company).

Ideally though, i'd want it gone.. my only other alternative is changing the IP of our site and see if the roguedomain follows it a few days later..
Its also strange that no one involved with the domain is replying to any emails i send.

Anyway,. thanks for the help.