The question I have is not how, but why. I’ve spent a lot of time today trying to redirect all randomly typed in subdomains to the main domain as below.
Now, I’ve seen a few good blogs/websites including google.com, and they don’t do this. They just let the browser return an error saying “cannot display the webpage”.
Is there any point in catching and redirecting random subdomains??? I’m sure there was a good reason why I was doing it… but I can’t honestly remember
That looks good to me! I’m not sure how your ban works but mine is to add a line to the .htaccess file with the {REMOTE_ADDR} of the one I want to ban. PHP can do that with just a little knowledge of PHP.
I agree, it does seem like a hacker is more likely to try to access random subdomains than a real user.
In answering my own question of why you need a catch-all, I took off my *.domain.com DNS record. This meant that all random subdomains go to a crappy ad-filled page at my registrar. Looks unprofessional so I can see why now.
I’ve just got subdomain catching sorted. I know you can go down the route of adding a wild-card subdomain and configuring apache accordingly, but this is a lot more trouble on plesk were webmail is affected.
My approach is to replace the plesk default page (shows up when a page/subdomain isn’t found) with a script that permanently redirects the page to the main domain. The beauty of this approach is that I can add to the script to log information about the user, and then at my discretion ban them if their activity looks suspicious.
I’ve not come across this approach in my hours of googling over the past 2 days, but it seems to work a treat. Any reason why it wouldn’t be desirable?
What’s happening (wildcard subdomain redirection to the main domain) is something that’s under control of your host. Why? To facilitate an attack on your website? IMHO, if someone’s mucking about trying to find a “hidden” subdomain, they deserve a - [F] response (and capture of their ISP to add to a ban list), not a redirection.
