I found a situation today where someone had registered a domain and pointed it at one of my customer's websites who has a dedicated IP. By default, cpanel will allow any host header to bring up the website. It was drawing quite a bit of traffic to the server with visitors and crawlers to this fake website.
It could be blocked at the application level, but it's simple enough to do with .htaccess:
RewriteCond %{HTTP_HOST} !^www.example.org
RewriteCond %{HTTP_HOST} !^example.org
RewriteRule .* - [F]
The fake website was registered with a DNS provider and pointed at the dedicated IP on my server. I spotted it by seeing the fake HTTP host in the logs.