I've set up a few simple dockerized websites on my VPS, with a simple proxy (https://github.com/jwilder/nginx-proxy
) to forward requests to the right website depending on the subdomain.
I'm getting several hits per minute for pages on the 'oncireview.com' domain, most of which are from YandexBot and FeedBurner.com. In addition, I'm also getting a few hits for 'times4you.com'. These requests are all blocked by the proxy, as it is obviously not aware of these domains.
A reverse DNS lookup on both domains tells me that oncireview is managed by cloudflare, and resolves - initially - to a cloudflare ip. Sending a curl request to that ip with a 'Host: oncireview.com' header resolves to my ip again. The times4you domain seems to actually have a DNS record pointing towards my ip directly.
I have three questions;
- is this harmful/dangerous? (it's certainly annoying)
- how could this have happened?
- what should I do about it?