I get subdomains from fusionbd.com pointed to our domain earthfightsback.org. For the moment I have blocked 3 subdomains, m.fusionbd.com, mtube.fusionbd.com, radioprograms.fusionbd.com. All point to our ip 173.249.31.58. They use Cloudflare dns. How do I stop this?
5 minutes A 173.249.31.58
Authoritative Nameservers
lily.ns.cloudflare.com
rob.ns.cloudflare.com
Why is this your IP? It will simply be an address which your host also assigned to you.
It would seem as if that address is properly configured to redirect to the naked domain, which suggests that it was (possibly still is) used for the domain in question.
You might want to discuss this with your host.
Why should I discuss it with my host?
I see it as MY ip because it is assigned to MY server. The IP is shared between 5 of MY domains. How can it be that cloudflare dont bother about what ip subdomains are pointed at in the cloudflare dns. Does it mean that I can point my domains to any IP? If so its high time to leave cloudflare. I have no time to block new subdomains every hour of the day
Because your server responds to that domain.
So you have a dedicated server just for yourself and that’s where that IP has been assigned to?
yes i have
Then you should check why your server responds to that domain.
$ curl -I --resolve radioprograms.fusionbd.com:80:173.249.31.58 http://radioprograms.fusionbd.com
HTTP/1.1 301 Moved Permanently
Server: Apache
Location: https://fusionbd.com/
Content-Type: text/html; charset=iso-8859-1that is what I try to find out. Someone register subdomain and point them to that IP. The host mean its not a datacenter problem
But to stop it I will add an IP, proxy it with Cloudflare and see if it stops. As I understand it there should not be any possibility to find out the real IP of my server
That’s something you need to check on your server, Cloudflare is not involved here.
That can always happen is nothing “illegal” either. Just make sure your server does not respond for that domain respectively returns an appropriate error message when a request for it comes in.
Ok I will find out how. For the moment I just redirect them in htaccess back to the motherdomain.
That’s exactly what I meant. I wouldn’t redirect but rather rather send an error response.
You could also restrict requests only to Cloudflare addresses and enable Cloudflare’s client certificate authentication (Origin Pulls). That would guarantee that only Cloudflare can connect.
Hi! Can you point at some info on how I do that? It would be a good solution for all different like this
Do what? There’s plenty in the documentation and search though, I’d use that first.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.