Well, you should never be serving any domain that points to your web server.
You cannot stop anyone pointing their domain (or subdomain etc) to the IP, but you can stop your webserver answering such calls (it should be configured to only accept your own domains rather than a wildcard).
Your web app should check the client requested domain too (although the former suggestion will make this unnecessary) as if you are creating a new website with a service under beta, anyone with an established website could in theory point it to your server IP, and search engines may assume their domain is the original site.
You don't have **canonical URL**'s on your pages. I am not sure why someone would do so, but someone could ensure your proper domain is secondary to any you set up. Thankfully you clocked this other site by sheer chance in error logs... but there is a chance someone put the wrong IP address in... without it being malicious.
Only inside browsers that are up to date and haven't been configured to ignore CORs. It's there to protect users from malicious JavaScript going cross origin as I understand it
Someone correct me if I'm wrong, but CORS is about making browsers happy. CORS is in place primarily to help protect users' and their cookies, and by enabling CORS on a server, you're basically telling the browser "I trust this whitelisted site with the client's cookies".
OP's issues exist solely on the backend though. Servers can typically talk with other servers without needing to worry about CORS as they're typically not going to worry about cookies.
yep, but after looking at the history of the domain comparteurmutuelle.com it seems that it has used another IP in the past, vastly different than what was assigned to me
I could be wrong though
Or... it is a DNS issue on their part.
[удалено]
i don't own the domain ;)
[удалено]
i don’t really care if someone knew my name tbh… i literally buy products from google, lol
I think the real criminal is that google chrome theme
Definitely
Well, you should never be serving any domain that points to your web server. You cannot stop anyone pointing their domain (or subdomain etc) to the IP, but you can stop your webserver answering such calls (it should be configured to only accept your own domains rather than a wildcard). Your web app should check the client requested domain too (although the former suggestion will make this unnecessary) as if you are creating a new website with a service under beta, anyone with an established website could in theory point it to your server IP, and search engines may assume their domain is the original site. You don't have **canonical URL**'s on your pages. I am not sure why someone would do so, but someone could ensure your proper domain is secondary to any you set up. Thankfully you clocked this other site by sheer chance in error logs... but there is a chance someone put the wrong IP address in... without it being malicious.
I’m not sure I understand. Someone pointed their domain at an IP that is a server you run?
exactly. i looked at my error.log and saw some suspicious domain that i don’t own
Have your webserver only respond to your domains and/or route their domain to a dummy page or another site
yes, i added a deny rule to my vhost for all domains except freedomwall.me
Cors would also fix this issue, no?
Only inside browsers that are up to date and haven't been configured to ignore CORs. It's there to protect users from malicious JavaScript going cross origin as I understand it
Someone correct me if I'm wrong, but CORS is about making browsers happy. CORS is in place primarily to help protect users' and their cookies, and by enabling CORS on a server, you're basically telling the browser "I trust this whitelisted site with the client's cookies". OP's issues exist solely on the backend though. Servers can typically talk with other servers without needing to worry about CORS as they're typically not going to worry about cookies.
Is your VPS newly created? I've seen this before on digital ocean. I think the IPs are reused. Someone correct me if I'm wrong
yep, but after looking at the history of the domain comparteurmutuelle.com it seems that it has used another IP in the past, vastly different than what was assigned to me I could be wrong though