Unrelated CloudFlare account has domain with my current server's IP


I’m sorry if this is not the right category, or even the right place to ask this kinda thing but I noticed attempted access to my server from multiple domains I do not own. This lead me to set up firewall rules only allowing connections from CF IPs (before that I only did strict SSL), which got rid of one domain, but another one persisted. It seems like this domain itself is served by CF and points to my server.

Are there any security implications caused by this, and if so, is there anything I can do against it or do I just have to live with the fact that someone is running a domain directly pointing at my server?



You should also be doing HOST header verification, ie. your website is only served when the host/vhost matches your website. You would have a “default” host/vhost that handles all connections that don’t specify your website, and in that you would serve some generic response (ie 400, or an empty response).

This topic was automatically closed after 30 days. New replies are no longer allowed.