Protection against rogue domains pointing to our IP's

stoner · May 13, 2015

Hi all,

We are running WHM on our dedicated server with 4 websites. 1 main website that we have our content and news and 3 others are mostly used privately.

Our main website has a dedicated IP with content that we create ourselves, someone has pointed their own domain to our website IP, so when someone visits their domain, it shows our website, at the same time, when we search Google for our own content, his domain shows up before ours.

I was told this method is apparently being used by some people to "steal" Google ranking so they can rank their domain or whatever to a certain point and then they start putting their own content on their website.

From what i read, i understood that using Virtual Hosts in Apache and in WHM we can limit the access to our IP's to only the domains we specify, so any other domain thats not "trusted" will get a 404 page or whatever instead of displaying the content of our website, therefor, it won't allow them to steal any ranking or show up in Google search by searching for our content.

Can this be done? and if it can be done, can someone help out on how we can set this up?

Thank you in advance.

quizknows · May 13, 2015

Generally if a rogue domain points to my IP I use ModSecurity to block it. Simply make a rule like this one (to block baddomain.com):
Code:
SecRule SERVER_NAME "baddomain\.com$" "t:lowercase,deny,id:193,status:406"
You can choose whatever 4xx or 5xx status you want. A 404 status will return an actual 404 response and page. You can also omit the status: and change "deny" to "drop" and it will drop the connections intended for baddomain.com rather than responding to them. The visitor just gets a "connection reset while the page was loading" error from their browser.

If you had a ton of rogue domains pointing toward you, there may be a way to restrict apache to only serve certain server names. Hopefully someone knows an easier way for you to accomplish that if needed. That said, I have not tested this in production like I have the above advice, but it would probably look something like:
Code:
SecRule SERVER_NAME "!@pmFromFile /path/to/trusted_domains.txt" "deny,id:148"
The file /path/to/trusted_domains.txt would need a list of domains apache is allowed to serve. The rule basically says if the domain name does not match an entry in that file, then deny the request. This could be suitable for someone like yourself who only hosts a few domains, I wouldn't really recommend it to someone else due to having to maintain that list. Ideally it's much easier and less overhead on the server to just block domains that you know you need to block.

cPanelMichael · May 14, 2015

Hello,

In addition to the previous post, if you need more information about enabling Mod_Security, you can find that at:

Apache Module - Mod_Security

Thank you.

stoner · Jun 15, 2015

cPanelMichael said: ↑

Hello,

In addition to the previous post, if you need more information about enabling Mod_Security, you can find that at:

Apache Module - Mod_Security

Thank you.
Click to expand...

Hi,

Thanks for the reply.

Unfortunately i couldnt use this setting since i dont have the expertise to do it.

I did some tests on my local server and i managed to fix this issue using Virtual Hosts but unfortunately i cannot find where to put these settings in WHM Apache file.

The test i was doing was on an Ubuntu server, i edited the /etc/apache2/sites-000-default.conf with this:

<VirtualHost *:80>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

<VirtualHost *:80>
ServerName ubuntu.linux.rocks
ServerName test.domain.local
DocumentRoot /var/www/html
<Directory /var/www/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>

is there a way to implement that to WHM ?

quizknows · Jun 15, 2015

You could try putting it in pre_virtualhost_global.conf in the /usr/local/apache/conf/includes/ directory. It may or may not have the desired result, but that would likely be the best place to try it.

stoner · Jun 21, 2015

quizknows said: ↑

You could try putting it in pre_virtualhost_global.conf in the /usr/local/apache/conf/includes/ directory. It may or may not have the desired result, but that would likely be the best place to try it.
Click to expand...

I'll give that a try quizknows, thanks. Will report back if it worked or not.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Protection against rogue domains pointing to our IP's

stoner Member

quizknows Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

stoner Member

quizknows Well-Known Member

stoner Member

Protection against brute force attacks

Symlink protection not found after upgrading

SOLVED Reduce password protection

Error on KernelCare Free Symlink Protection setup

SOLVED [CPANEL-21909] Is KernelCare's Free Symlink Protection free forever?

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Protection against rogue domains pointing to our IP's

stoner Member

quizknows Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

stoner Member

quizknows Well-Known Member

stoner Member

Protection against brute force attacks

Symlink protection not found after upgrading

SOLVED Reduce password protection

Error on KernelCare Free Symlink Protection setup

SOLVED [CPANEL-21909] Is KernelCare's Free Symlink Protection free forever?

Share This Page

cPanelMichael Technical Support Community Manager
Staff Member