Resolved unknown domain pointing to my server

[zoni]

Hello,

A domain not own by me or any of my clients is pointing to my server and causing a lot of errors in logs, especially in maillog, with loads of relay access denied errors.

Anyone browsing to this domain will see my server´s default page.

Is there any way to stop traffic from this domain?

Thanks.

 

[UFHH01]

Hi zoni,

did you consider to use Fail2Ban ( and there as well the "recidive" - jail ) ?

 

[Bitpalast]

You can run these commands in the given order to block all traffic directed to a specific domain name, regardless whether that domain name actually exists on the host or not:

iptables -I INPUT 1 -p tcp -m multiport --dports 80,443,7080,7081,8443,8447 -m string --algo bm --string "DOMAIN.TLD" -j REJECT --reject-with tcp-reset
iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443,7080,7081,8443,8447 -m string --algo bm --string "DOMAIN.TLD" -j REJECT --reject-with tcp-reset
iptables -I OUTPUT 1 -p tcp -m multiport --dports 80,443,7080,7081,8443,8447 -m string --algo bm --string "DOMAIN.TLD" -j REJECT --reject-with tcp-reset

Instead of "DOMAIN.TLD" enter the domain name that the traffic is directed to.

The example only blocks all traffic to web service related ports. If you are having trouble with mail, add these port numbers to the list, too:
25,110,143,93,995

 

[zoni]

Hi Peter,

Thanks a lot, that is exactly want I want to achieve! Priceless help