Home / server / Questions / 698558
In Process
Ergec
Asked: 2015-06-13 03:20:39 +0800 CST

how they know there is an account for a domain on a specific server without DNS record

  • 772

I've a CentOS & ISPConfig server and couple domains on it. One specific domain xyz.com is on the server for testing purposes but actual DNS record from registrar (Godaddy) is pointed to another server having public website up and running. I mean this xyz.com domain has no relation with my linux server and never did before ever. I just created on my linux to test some php codes. But in apache log files I see some remote IP addresses that request this xyz.com domain from my server. How they know that this account is on my server, how's that possible?

centos6

1 Answers

  1. These are most likely brute-force attempts or port-scans via a tool like nmap, and are just an artefact or having a server of any kind available on the public Internet.

    Most likely, someone is scanning every IP in a given range, testing for responses on common ports and looking for exploitable scripts/applications on those ports - for example a web application with a XSS vulnerability.

    If the requests are genuinely for your domain, you can verify this by adding a default "catch-all" VirtualHost. You will need to create an empty directory at /var/www/default with a .htaccess file containing Options -Indexes.

    VirtualHost file below:

    <VirtualHost *:80>
    DocumentRoot /var/www/default
    ServerName **insert-your-server-hostname-here**
    CustomLog /var/log/apache/default-access.log combined
    ErrorLog /var/log/apache/default-error.log
</VirtualHost>
<VirtualHost *:80>
    DocumentRoot /var/www/xyz.com
    ServerName xyz.com
    CustomLog /var/log/apache/xyz.com-access.log combined
    ErrorLog /var/log/apache/xyz.com-error.log
</VirtualHost>
    • 0