I have a web admin question that’s beyond my meagre knowledge. Quite by accident today, I discovered that when you go to, say:
You get a link farmy landing page. Which, obviously, doesn’t belong to us. Is this an exploit and is there some server-side setting I need to change? Or is this totally normal and I shouldn’t worry my little head about it?
UPDATE: Thanks for the advice, everybody. I’ve made an enquiry with my webhost, though they don’t handle my DNS. I’m going to get some more information from them, and then hit up my domain registrar (who also handles my DNS).
I’m not an expert in that area, but I suspect your domain registrar (dotster.com?) is responsible, since you DO own the the domain. Only the administrator of the domain can add sub-domains, I thought.
Aiee! You want to fix that!
Hopefully you are using some neat little DNS/Domain manager that gives you a polite interface into managing the DNS for your domains. You need to modify it, so that your “aliases” redirect to your root domain name… ie if capulet.com is where your site is, make sure that http://www.capulet.com and foo.capulet.com point to capulet.com… heck – you can even set it up so that wow.capulet.com goes to capulet.com 🙂
Hey Darren – take a look at http://www.zoneedit.com/ – they let you have up to 5 domains (unlimited sub-domains I believe) for free. I’ve used them for a couple of years now without issue.
I think that Jody is right – its probably the person hosting your dns who is to blame. If you do it yourself, you can setup a “blanket” domain so that all unknow sub-domains will go to a place of your choosing…
That’s very definitely not normal — Whomever does your DNS hosting is the one that’s responsible.
If you’re using some sort of free DNS hosting that came with your domain registration, then you should contact your webhost and see if you can use their DNS servers.
If you’re using the DNS servers from your webhost – then you need to contact them and tell them to stop playing games with your account.
By default, subdomains that don’t have an explicit entry created, should just return a ‘no record found’ entry.
You can configure “wildcard” entries, but it’s something *you* control.
That’s nasty, I’d change hosting provider for such behaviour.
We use godaddy.com and http://foo.putplace.com returns a “can’t find server” error. I’d definitely look at what your hosting provider is doing as this is definitely a no no.
Yup, as the other folks are saying, you should be very unhappy about this.
There was a company a year or so ago buying these sorts of subdomain links from bloggers for the purpose of gaming search engines. (And many were used in spam runs).
I know of several bloggers (including one for whom I did admin support) who got banned by Google for the practise.
Certainly not something you’d want to have happen to your company sight, so I’d get the bottom of it right quick.
uhhh… that would be company site.
You have a “wildcard DNS entry” in place, so that *.capulet.com goes to your DNS provider’s link farmy thing. Fun.
Removing the wildcard DNS entry will make this go away.
Boris, would you be willing to explain how you checked that out? I’d love to know (I know little about DNS) and I bet others would like to know how to check for such a thing too.
(Would that qualify as the “lazier lazyweb”?)
Awww crap, Darren. It looks like I forgot to close my italics tag at the end of my second (short) comment and it’s borking the rest of the page.
Sorry ’bout that.
I’ll try to sum this up. You need to look at your DNS settings for your domain. Normally this is via your admin control panel.
You will be interested in the A Records & C-Name records depending on how these guys have set it up.
If 188.8.131.52 was your website server, and 184.108.40.206 was the server with the ads on it, it will pretty much look like this.
you pretty much want to delete the *. wildcard line OR change it to 220.127.116.11 etc.
Hope that helps (scrolling up I see you may have already fixed this).
L & D: No worries, I do it all the time.
“Boris, would you be willing to explain how you checked that out?”
I’m not Boris, but without access to the DNS Server, or an improperly configured DNS Server – you shouldn’t be able to do this directly.
You can, however, infer that a wildcard record is in place by trying random sub-domains. eg: If I can hit random keys on my keyboard, and it still returns a result – it’s a fairly good chance that a wildcard is in place.
I’m given the same two IPs in a round-robbin arrangement no matter what random string I try and resolve at capulet.com
eg: omgponies.capulet.com, ljklsjflkjhklhsadf.capulet.com, foo.capulet.com, blah.capulet.com all comes back to two IPs: 18.104.22.168, and 22.214.171.124
Thus, it’s fairly safe to say a wildcard is in place.
I’m here because I just noticed the Dotster wildcarding. Look for “wild” in the Dotster agreements and you’ll see they specify when they do it. Ick.
It’s actually a nice and helpful piece of information. I’m happy that you just shared this useful info with us.
Please keep us informed like this. Thanks for sharing.
I’m gone to say to my little brother, that he should also pay a visit this website on regular basis to obtain updated from latest gossip.
Comments are closed.