Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protection against rogue domains pointing to our IP's

Discussion in 'Security' started by stoner, May 13, 2015.

  1. stoner

    stoner Member

    Joined:
    Jan 18, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    51
    Hi all,

    We are running WHM on our dedicated server with 4 websites. 1 main website that we have our content and news and 3 others are mostly used privately.

    Our main website has a dedicated IP with content that we create ourselves, someone has pointed their own domain to our website IP, so when someone visits their domain, it shows our website, at the same time, when we search Google for our own content, his domain shows up before ours.

    I was told this method is apparently being used by some people to "steal" Google ranking so they can rank their domain or whatever to a certain point and then they start putting their own content on their website.

    From what i read, i understood that using Virtual Hosts in Apache and in WHM we can limit the access to our IP's to only the domains we specify, so any other domain thats not "trusted" will get a 404 page or whatever instead of displaying the content of our website, therefor, it won't allow them to steal any ranking or show up in Google search by searching for our content.

    Can this be done? and if it can be done, can someone help out on how we can set this up?

    Thank you in advance.
     
    #1 stoner, May 13, 2015
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    986
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Generally if a rogue domain points to my IP I use ModSecurity to block it. Simply make a rule like this one (to block baddomain.com):
    Code:
    SecRule SERVER_NAME "baddomain\.com$" "t:lowercase,deny,id:193,status:406"
    You can choose whatever 4xx or 5xx status you want. A 404 status will return an actual 404 response and page. You can also omit the status: and change "deny" to "drop" and it will drop the connections intended for baddomain.com rather than responding to them. The visitor just gets a "connection reset while the page was loading" error from their browser.

    If you had a ton of rogue domains pointing toward you, there may be a way to restrict apache to only serve certain server names. Hopefully someone knows an easier way for you to accomplish that if needed. That said, I have not tested this in production like I have the above advice, but it would probably look something like:
    Code:
    SecRule SERVER_NAME "!@pmFromFile /path/to/trusted_domains.txt" "deny,id:148"
    The file /path/to/trusted_domains.txt would need a list of domains apache is allowed to serve. The rule basically says if the domain name does not match an entry in that file, then deny the request. This could be suitable for someone like yourself who only hosts a few domains, I wouldn't really recommend it to someone else due to having to maintain that list. Ideally it's much easier and less overhead on the server to just block domains that you know you need to block.
     
    #2 quizknows, May 13, 2015
    Last edited: May 13, 2015
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    In addition to the previous post, if you need more information about enabling Mod_Security, you can find that at:

    Apache Module - Mod_Security

    Thank you.
     
    #3 cPanelMichael, May 14, 2015
  4. stoner

    stoner Member

    Joined:
    Jan 18, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    51
    Hi,

    Thanks for the reply.

    Unfortunately i couldnt use this setting since i dont have the expertise to do it.

    I did some tests on my local server and i managed to fix this issue using Virtual Hosts but unfortunately i cannot find where to put these settings in WHM Apache file.

    The test i was doing was on an Ubuntu server, i edited the /etc/apache2/sites-000-default.conf with this:

    <VirtualHost *:80>
    ServerName catchall
    <Location />
    Order allow,deny
    Deny from all
    </Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


    </VirtualHost>

    <VirtualHost *:80>
    ServerName ubuntu.linux.rocks
    ServerName test.domain.local
    DocumentRoot /var/www/html
    <Directory /var/www/>
    AllowOverride All
    Order allow,deny
    allow from all
    </Directory>
    </VirtualHost>

    is there a way to implement that to WHM ?
     
    #4 stoner, Jun 15, 2015
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    986
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    You could try putting it in pre_virtualhost_global.conf in the /usr/local/apache/conf/includes/ directory. It may or may not have the desired result, but that would likely be the best place to try it.
     
    #5 quizknows, Jun 15, 2015
  6. stoner

    stoner Member

    Joined:
    Jan 18, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    51

    I'll give that a try quizknows, thanks. Will report back if it worked or not.
     
    #6 stoner, Jun 21, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Protection against rogue
  1. moodyeye12

    Protection against brute force attacks

    moodyeye12, Feb 23, 2017, in forum: Security
    Replies:
    1
    Views:
    248
    cPanelMichael
    Feb 24, 2017
  2. dvk01uk

    In Progress Kernel symlink protection warning in security advisor

    dvk01uk, Oct 18, 2017 at 11:16 PM, in forum: Security
    Replies:
    2
    Views:
    47
    dvk01uk
    Oct 20, 2017 at 2:37 AM
  3. John Schmerold

    SOLVED Symlink Protection patchset

    John Schmerold, Oct 15, 2017 at 8:29 AM, in forum: Security
    Replies:
    4
    Views:
    75
    cPWilliamL
    Oct 16, 2017 at 9:46 AM
  4. Zardiw

    cPHulk Protection Explanation

    Zardiw, Oct 9, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    49
    Infopro
    Oct 9, 2017
  5. RobinHood

    How do I know if cPanel Brute Force protection is working?

    RobinHood, Oct 5, 2017, in forum: Security
    Replies:
    3
    Views:
    108
    cPanelMichael
    Oct 10, 2017

Share This Page