Unknown subdomains poited at our ip

I get subdomains from fusionbd.com pointed to our domain earthfightsback.org. For the moment I have blocked 3 subdomains, m.fusionbd.com, mtube.fusionbd.com, radioprograms.fusionbd.com. All point to our ip 173.249.31.58. They use cloudflare dns. How do I stop this?

5 minutes A 173.249.31.58

Authoritative Nameservers
lily.ns.cloudflare.com
rob.ns.cloudflare.com

Why is this your IP? It will simply be an address which your host also assigned to you.

It would seem as if that address is properly configured to redirect to the naked domain, which suggests that it was (possibly still is) used for the domain in question.

You might want to discuss this with your host.

1 Like

Why should I discuss it with my host?
I see it as MY ip because it is assigned to MY server. The IP is shared between 5 of MY domains. How can it be that cloudflare dont bother about what ip subdomains are pointed at in the cloudflare dns. Does it mean that I can point my domains to any IP? If so its high time to leave cloudflare. I have no time to block new subdomains every hour of the day

Because your server responds to that domain.

So you have a dedicated server just for yourself and that’s where that IP has been assigned to?

yes i have

Then you should check why your server responds to that domain.

$ curl -I --resolve radioprograms.fusionbd.com:80:173.249.31.58 http://radioprograms.fusionbd.com
HTTP/1.1 301 Moved Permanently
Server: Apache
Location: https://fusionbd.com/
Content-Type: text/html; charset=iso-8859-1

that is what I try to find out. Someone register subdomain and point them to that IP. The host mean its not a datacenter problem
But to stop it I will add an IP, proxy it with Cloudflare and see if it stops. As I understand it there should not be any possibility to find out the real IP of my server

That’s something you need to check on your server, Cloudflare is not involved here.

That can always happen is nothing “illegal” either. Just make sure your server does not respond for that domain respectively returns an appropriate error message when a request for it comes in.

1 Like

Ok I will find out how. For the moment I just redirect them in htaccess back to the motherdomain.

That’s exactly what I meant. I wouldn’t redirect but rather rather send an error response.

1 Like

You could also restrict requests only to Cloudflare addresses and enable Cloudflare’s client certificate authentication (Origin Pulls). That would guarantee that only Cloudflare can connect.

1 Like

Hi! Can you point at some info on how I do that? It would be a good solution for all different like this

Do what? There’s plenty in the documentation and search though, I’d use that first.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.