User login

Blocking malicious domains pointed at a dedicated IP address

I found a situation today where someone had registered a domain and pointed it at one of my customer's websites who has a dedicated IP. By default, cpanel will allow any host header to bring up the website. It was drawing quite a bit of traffic to the server with visitors and crawlers to this fake website.

It could be blocked at the application level, but it's simple enough to do with .htaccess:

RewriteCond %{HTTP_HOST} !^
RewriteCond %{HTTP_HOST} !^
RewriteRule .* - [F]

The fake website was registered with a DNS provider and pointed at the dedicated IP on my server. I spotted it by seeing the fake HTTP host in the logs.