How I Discovered and Resolved Unintended Domain Traffic with Apache

3 weeks ago
Ruian Ding
3 minutes

Recently, I encountered an interesting situation while monitoring my website traffic. Through Matomo, I noticed that someone was visiting a domain I hadn’t configured, www.tripwiki.cn, yet these requests were hitting my server. This sparked my curiosity, as I do not own the tripwiki.cn domain. So, why was this traffic ending up on my server?

Investigation

I first checked my Apache logs and, sure enough, all these requests from tripwiki.cn were being directed to my server. After a bit of digging, I realized that although I had not explicitly configured a virtual host for tripwiki.cn, its DNS record was pointing to my server’s IP. Because I hadn’t set up a fallback or default configuration for unknown domains, Apache was handling these requests as if they were legitimate.

Root Cause

Initially, I had disabled the default virtual host in Apache (000-default.conf) since I wasn’t aware of how Apache’s fallback mechanism worked. This meant that when Apache couldn’t find a matching ServerName, it would default to serving my primary website, effectively allowing any domain pointing to my IP to access the site.

The Solution

To prevent other unrelated domains from sending traffic to my server, I decided to re-enable the default virtual host and make a few key optimizations. Here’s how I solved the problem:

1. Re-enable the Default Virtual Host

I used the following command to bring back the default virtual host configuration in Apache:

   sudo a2ensite 000-default.conf

2. Modify the Default Virtual Host Configuration

I updated the 000-default.conf file to ensure that any requests for domains not explicitly configured would be rejected. The updated configuration looked like this:

   <VirtualHost *:80>
       ServerAdmin webmaster@localhost
       ServerName unused.local
       DocumentRoot /var/www/html

       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined

       <Location />
           Require all denied
       </Location>
   </VirtualHost>

This setup ensures that any request that doesn’t match my configured domains will receive a 403 Forbidden or be outright denied.

3. Configure My Domain-Specific Virtual Host

I made sure that my own domain, www.ruianding.com, was properly set up with its own virtual host, so only traffic for this domain would be served:

   <VirtualHost *:80>
       ServerAdmin webmaster@localhost
       ServerName www.ruianding.com
       ServerAlias ruianding.com
       DocumentRoot /var/www/ruianding

       ErrorLog ${APACHE_LOG_DIR}/ruianding_error.log
       CustomLog ${APACHE_LOG_DIR}/ruianding_access.log combined
   </VirtualHost>

4. Restart Apache

After updating the configurations, I reloaded Apache to apply the changes:

   sudo systemctl reload apache2

Lessons Learned

From this experience, I learned a few valuable lessons:

  • Apache’s fallback mechanism is crucial. Even if you haven’t configured a domain, if its DNS points to your server’s IP, Apache can still serve it.
  • To ensure the security and proper functioning of your server, always configure a default virtual host to deny or restrict access to unintended domains.

By making these changes, I ensured that only the domains I own would be served by my server, preventing any unrelated or unintended traffic from accessing my resources. I hope this blog post can help others who might run into a similar situation