Strange domain point to my Server IP

Hello !

Since few weeks, a strange domain is pointing to my server IP address : pinoytvflix.net
It’s not my domain, but it’s seem’s that this domain DNS zone is on Cloudflare.

I receive many abuses for this domain, but i can’t do anything …
It’s flooding my Nginx logs, somebody have any idea to how fix this ? I did not find the owner of the domain …

If you are using Cloudflare for your site, you may want to consider enabling Authenticated Origin Pulls. This is most secure when you provide your own certificate.

More information on other methods is available.

Thank’s for your reply @epic.network, i’ll will check this. But if someone configure DNS of their domains to point to my origin, i can’t do anything ?

1 Like

You can implement one or more of the the mechanisms in the guides that I shared. Your orgin server shouldn’t be configured to serve content for a domain that it doesn’t host. I am uncertain about what else you might want.

2 Likes

If I understand properly, someone has bought a domain, placed it in Cloudflare, and points it to your origin for content.

If you are a Cloudflare customer, ask them to look into it for you.
If you are not a Cloudflare customer, then look carefully at the headers coming in. What is the value of their “Host: value” header? See if you can block these requests on something that gives them away.

I filter requests to my webserver in the firewall and only let Cloudflare IP ranges access it. That makes sure noone can easily play around on my servers or easily dDoS them. However someone might add their domain to Cloudflare and point the Cloudflare proxy to my IP address (if they knew the origin IP). For that reason we also use authenticated origin pulls plus I configured NginX sites that only respond to my own domainnames and no others. I also use an NginX configuration tweak to generate an internal server error on the default site, so communication to my servers is only possible if traffic comes from Cloudflare, the requests are signed by Cloudflare with my certificate and they correspond to my own domains.
Content of my default site config file:

## return internal server error when accessing invalid host on this ip address without
## presenting ssl certificate warnings in browser
map "" $empty {
        default "";
}

server {
        listen          443 default_server;
        server_name     _;
        ssl_ciphers aNULL;
        ssl_certificate data:$empty;
        ssl_certificate_key data:$empty;

        return          444;
}
2 Likes

Yes this is it, i see many different hosts, like
pinoytvflix.net
piinoyflix.net
www.pinoytvflix.net

All these domains are proxied by Cloudflare… Yes i can block them but they can reach my origin anyway

I have some website that are not on Cloudflare, so i can’t do this :frowning:

Well you can always get on Cloudflare and start out for free or use any other CDN with similar functionalities. But yes, a traditional webserver that is supposed to be reachable from all over the world will always be reachable from anywhere. This is the very point of it :slight_smile: You could of course just block the Cloudflare IP ranges but you may also lock out legitimate users that use Cloudflare’s network to access your sites…

This is what I would do:

  • become a cloudflare customer, even if a simple free tier
  • block all IPs that are not from Cloudflare (only accept CF traffic). This will not fix your current problem, but it will be a start.
  • alert CF to the problem because they are the ones that don’t “validate” ownership on the backside. However, they do make sure that customers cannot manipulate the Host header to something that they don’t own. So on your website server, you will have to do some sort of Host header check to accept traffic only from your domain. If unsure how to do this, plug the prompt into chatgpt.

can you share the domain name?

pinoytvflix.net
piinoytvflix.net

I already receive many abuse from my provider for this domain …

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.