Strange Domain name under the same IP Address

Posted by Mike Chip on Server Fault See other posts from Server Fault or by Mike Chip
Published on 2013-11-03T03:02:50Z Indexed on 2013/11/03 3:56 UTC
Read the original article Hit count: 194

Filed under:

There's something really weird happening in my server.

But first things first: I wanted to have my website and chose the domain name "myowndomain.com", Now on my domain registrar I point "myowndomain.com" to the address of my recently setup VPS, let's say 50.50.50.50

So I installed everything I needed to run my website, and I started to notice strange queries coming from different IP Addresses.

Like these

[client 123.123.123.123] File does not exist: /var/www/html/api, referer: http://www.strangedomain.com/api/manyou/my.php
[client 456.456.456.456] File does not exist: /var/www/html/api, referer: http://www.strangedomain.com/api/manyou/my.php

or like this (Really a long line, I cut some things)

GET /?s=vod-show-id-22-area-%E5%85%B6%E4%BB%96-language-%E9%9F%A9%E8%AF%AD.html HTTP/1.1" 301 295 "http://v.strangedomain.com/?s=vod-s ...[cut]... spider"

That above is happening the most.

The 'strangedomain.com' returns the same IP address of my VPS which my website is hosted on. The whois of such domain shows it's registered to a chinese. But the street name didn't look so right (like a huge single word), so I think all of that info might be fake, but still might be a chinese. I also noticed that all 'clients' trying to access the 'strangedomain.com' is coming from china.

If I type in the browser 'strangedomain.com', I see my website.

I'm worried, because my website is actually an e-commerce. I don't know if 'strangedomain.com' WAS a website on 50.50.50.50 in the not so far past, or if it's something else.

© Server Fault or respective owner

Related posts about dns