Strange Domain name under the same IP Address
Posted
by
Mike Chip
on Server Fault
See other posts from Server Fault
or by Mike Chip
Published on 2013-11-03T03:02:50Z
Indexed on
2013/11/03
3:56 UTC
Read the original article
Hit count: 194
dns
There's something really weird happening in my server.
But first things first: I wanted to have my website and chose the domain name "myowndomain.com", Now on my domain registrar I point "myowndomain.com" to the address of my recently setup VPS, let's say 50.50.50.50
So I installed everything I needed to run my website, and I started to notice strange queries coming from different IP Addresses.
Like these
[client 123.123.123.123] File does not exist: /var/www/html/api, referer: http://www.strangedomain.com/api/manyou/my.php
[client 456.456.456.456] File does not exist: /var/www/html/api, referer: http://www.strangedomain.com/api/manyou/my.php
or like this (Really a long line, I cut some things)
GET /?s=vod-show-id-22-area-%E5%85%B6%E4%BB%96-language-%E9%9F%A9%E8%AF%AD.html HTTP/1.1" 301 295 "http://v.strangedomain.com/?s=vod-s ...[cut]... spider"
That above is happening the most.
The 'strangedomain.com' returns the same IP address of my VPS which my website is hosted on. The whois of such domain shows it's registered to a chinese. But the street name didn't look so right (like a huge single word), so I think all of that info might be fake, but still might be a chinese. I also noticed that all 'clients' trying to access the 'strangedomain.com' is coming from china.
If I type in the browser 'strangedomain.com', I see my website.
I'm worried, because my website is actually an e-commerce. I don't know if 'strangedomain.com' WAS a website on 50.50.50.50 in the not so far past, or if it's something else.
© Server Fault or respective owner