Nonexistent domains on server?

Becouse in "MyHostName.domain.com" I have ONLY ONE DOMAIN,
I put this code PHP (from file PHP) in /home :

PHP:

   $dir = preg_replace('/www\.|www/i', '', $_SERVER['SERVER_NAME']);

then I save INTO $dir some info as REFERER, IP, memory_get_usage(1), etc...

Sorry, allowme I repeat: I have ONLY ONE DOMAIN in this server.

My sorpraise is FOREVER, after of 2 or 3 days /home look as this:





Logically that is activity hacker, but how is possible the var

PHP:

$_SERVER['SERVER_NAME']

return domains non-exist in server?

or...

I have a trojan into my server?

Thanks by your help

 

Thanks,

by months I do this in others servers.

I have this in mode "TEST", then my "web site" is only 3 files, no data base, etc...

However ever appear foraneus domains after of 2, 3 days...


but how is possible the var {$_SERVER['SERVER_NAME'} return domains non-exist in server?...

 

thanks very much.

ticketid=12353753 is URL to ticket.


Regards

 

Gotcha!!,

finally we fixed the bug.

We find the problem with the help of


Sean Bailey
Technical Analyst II
cPanel, L.L.C.


the problem is:

HTTP_HOST and SERVER_NAME Security Issues | Blog

Thanks to all team of cPanel by your time.

Regards

 

Hello again.

Becouse this is very strange for me,
I add this line in my code (pseudocode):

PHP:

if( is NEW DIR - new DIMAIN.TLD) {
    mail()...
    ...
    ...
    }


and just today I get this email:

PHP:

---------------------------------------------------------------------------------------------------
_SERVER: Array
(
    [SERVER_SOFTWARE] => Apache
    [REQUEST_URI] => /
    [CONTEXT_DOCUMENT_ROOT] => /home/FOLDER_USER/public_html
    [CONTEXT_PREFIX] =>
    [DOCUMENT_ROOT] => /home/FOLDER_USER/public_html
    [GATEWAY_INTERFACE] => CGI/1.1
    [HTTP_ACCEPT_ENCODING] => gzip
    [HTTP_CONNECTION] => close
    [HTTP_HOST] => jg4rli4xoagvvmw47gxvbt3bhyd.onion
    [HTTP_USER_AGENT] => Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)
    [PATH] => /bin:/usr/bin
    [PHP_INI_SCAN_DIR] => /opt/cpanel/ea-php56/root/etc:/opt/cpanel/ea-php56/root/etc/php.d:.
    [QUERY_STRING] =>
    [REDIRECT_STATUS] => 200
    [REMOTE_ADDR] => 5.8.10.202
    [REMOTE_PORT] => 18840
    [REQUEST_METHOD] => GET
    [REQUEST_SCHEME] => http
    [SCRIPT_FILENAME] => /home/FOLDER_USER/public_html/index.php
    [SCRIPT_NAME] => /index.php
    [SCRIPT_URI] => http://jg4rli4xoagvvmw47gxvbt3bhyd.onion/
    [SCRIPT_URL] => /
    [SERVER_ADDR] => SERVER_IP
    [SERVER_ADMIN] => webmaster@TLD_USER.com
    [SERVER_NAME] => jg4rli4xoagvvmw47gxvbt3bhyd.onion
    [SERVER_PORT] => 80
    [SERVER_PROTOCOL] => HTTP/1.1
    [SERVER_SIGNATURE] =>
    [TZ] => Continent/City
    [UNIQUE_ID] => XOZmmLevTCUZEI0hNjM62gAAAJE
    [PHP_SELF] => /index.php
    [REQUEST_TIME_FLOAT] => 1558603417.05
    [REQUEST_TIME] => 1558603417
    [argv] => Array
        (
        )

    [argc] => 0
    [HTTP_REFERER] =>
    [REDIRECT_QUERY_STRING] =>
    [REDIRECT_URL] =>
)

---------------------------------------------------------------------------------------------------

I seek in NET and I get:



then please helpme with some questions:

1// is possible we do something about this hacker?
2// how we protect of this and others attacks?
3// what can do the hackers with this attack, code malicious?
4// and finally, then ... is bad idea create/config URLs in portal web with <a href="https://'.$_SERVER['SERVER_NAME'].'">LINK</a>... then what is the solution?, what is the correct/professional method to create/config web design ?



Thanks by all yours helps