I was looking over my code and I realized someone could point an arbitrary domain name of their's at my IP and cause visitors to their domain to interact with my site. I set it up so apache serves an error page if this happens but I'd rather prevent my server from responding to a request like that at all. Is there anything I can do?
Sorry for digging up an old thread, but I have also been wanting to know if there is a way to reject an arbitrary domain pointing at my IP.
What got me on the lookout for a solution was recently firing up a new Linode VM, then researching the IP history and discovering a Chinese registered domain pointing to the IP of the new Linode VM. Realizing how potentially damaging this could be, I destroyed the Linode and created a new one in order to get a different IP. Then I started looking for a solution in case someone in the future points an domain to my IP. I did the following.
I created a page with a short message indicating nothing is to be found and located it in its own site container, /var/www/badtraffic. I then setup an Apache VirtualHost with no ServerName, only a DocumentRoot pointing to /var/www/badtraffic. Any request coming directly to the IP address, or by a DNS resolved name to the IP not defined as a valid VirtualHost in my httpd.conf goes to badtraffic. I've tested it and it works well.
I would like to send the traffic to a 403 forbidden, but have not had any success. At least I know that no one can point their domain at my site (only one public site on this IP). So if anyone has further insight into a solution to this potential issue, I'd be interested in hearing.