Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Urgent Help!!! Plz Help!!!!

[HenryJ]

how to block someone's redirect to your IP/domain

some sucker is redirecting his traffic to my IP address, and creating massive traffic havoc on one of my IPs.

his domain is registered at enom, and he is using enom's DNS, and doing redirect from it.

any idea how to block it from redirecting his domain's traffic to my IP

thank you

[Zadmin]

why dont use firewall and block any incoming from this ip

[Loon]

I think he means somebody is directing traffic from another domain to his server not that it's all coming from the same IP. You could discard it based on the refering domain with mod_rewrite.

You could do this from your httpd.conf file or the easiest way would be just to drop a .htaccess file in the home directory of your domain.

Code:

RewriteEngine On
Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} ^(www\.)?refering_domain\.com
RewriteRule .* - [F,L]

That would give any traffic from that domain that shows HTTP_REFERER info (most of it) a 403 (forbidden) error, obviously it's still going to be hitting your server, but unless you have a custom 403 page with lots of graphics and stuff it'll be alot better than each redirected user downloading your regular pages.

Or you could send it somewhere else:

Code:

RewriteRule ^(.*)$ http://www.google.com [R=301,L]

I'm sure google can handle it

You might want to find out why he/she's doing this though, most people like to keep their traffic

If you want to go a step further and stop the traffic in your firewall, you could probally write a rule to do that depending on which firewall you're using, or write a PHP script to check something like.

PHP Code:

if(eregi('refering_domain', $_SERVER['HTTP_REFERER'])) 


And if true, execute some commands with shell_exec() to drop the IP's in your firewall. You're not going to stop the traffic arriving in the first place though, you just need to stop it somewhere, best thing really would be find out why this person is sending it.

[HenryJ]

Okie this is the situation:

there is someone with the domain say abc123.com, and lets say my IP is :111.111.111.111

this domain is registered at ENOM.com, and it is redirecting all its traffic to my IP, which is the Main Shared Virtual Host IP of my server.

I want to block this "redirect", any help!

I have already sent email to abuse@enom.com but they wont be in office for next 7-8 hours when i can get hold on someone to tk care of this abuser. BUT what should I do till than

[Loon]

If they are using something like an A record and the traffic is staying on abc123.com but just that it's A record is pointing to your IP, you can use what i posted above but instead of looking for HTTP_REFERER you're looking for HTTP_HOST:

Code:

RewriteCond %{HTTP_HOST} ^(www\.)?abc123\.com [NC]

But if they are just forwarding all the traffic to your IP using a web forward/redirect (so when the traffic arrives it sees your IP in the browser not the domain) then i don't really think there's much you can do.

I don't understand though, who would get so much traffic then just point it to somebody elses IP, doesn't make sense why somebody would do that, unless he added the wrong IP in his DNS.

[HenryJ]

Wut he is doing is, he is using the ENOM's nameservers! and using the REDIRECT option from ENOM's control panel to redirect his domain to my server's IP.

BTW: when i open his domain in browser, it doesnt show my IP, but his domain.

Can you tell me where to put that code you gave? i have made the file called .htaccess in /usr/local/apache/htdocs/ and putting the code in that. is that the correct location of default webdirectory.

[HenryJ]

i need to find the location where i can put that redirect code for the whole IP address, cos when i put it inside /usr/local/apache/htdocs/ it just gives the 403 for hostname.mydomain.com not the IP address.

[Loon]

You can add the lines to your httpd.conf file inside a <VirtualHost> section for the IP:

Code:

<VirtualHost 123.45.67.89>
RewriteEngine On
Options +FollowSymlinks

RewriteCond %{HTTP_HOST} ^(www\.)?abc123\.com [NC]
RewriteRule .* - [F,L]
</VirtualHost>

I *think* that'll work.

* edit - remember to restart apache

[HenryJ]

well i have 40 domains hosted on that IP (its a Main Shared IP of the server.) so i have to do it on all the domain names?

[UH-Matt]

Use your firewall...

Get your server admin to assist you.

[HenryJ]

I was just on phone with enom tech support, what this guy doing is using his domain's A records and redirecting his domain to our hostname IP address. Is there is any possible way to block it?

since i am getting 150+ hits per second on my httpd (apache).

[UH-Matt]

Add the domain to local DNS and direct it back to an enom ip, im sure they will then be more than happy to correct the record at their end then