有人如何使用我仍然拥有的域名来托管他们的网站？

Question

我仍处于开发中的Web应用程序的开发阶段，但我想在AWS上购买域名，因为我想保留该名称。我今天刚刚访问了该网站，但看到一个陌生的网站。我没有被重定向到另一个网站，并且我确认我正确输入了域。我以为有人针对我做广告，尽管很烦人，但我对这是怎么发生的很好奇。我认为他们做了一个别名，但是我不确定在没有访问我的AWS凭证的情况下如何做到这一点。

背景信息：我在Route 53中使用IPv4地址为已关闭了几个月的EC2实例设置了别名。我什至试图访问该IP地址，但没有出现任何异常。然后，我将IPv4地址更改为托管另一个网站的EC2实例，似乎新的IP地址将覆盖它们的IP地址（即不再显示恶意网站）。不知道这是否相关，但是几个月前，我还在Zoho上为该域设置了邮件。

以下是该网站的屏幕截图。也许您发生了类似的事情，并且您对着陆页很熟悉？ 他们是如何做到的，如何防止这种情况发生？

编辑：经过研究，似乎该术语是DNS劫持。还是希望您能分享一些知识。

Answer 1

As you are unable to share your hostname/url the first thing you need to do is test the pages from another location, network and PC browser etc. if your unable too yourself then ask a trusted contact to do it for you.

It could be a problem at your end which is causing the 'bad' page to be returned. (I'll start with that);

• You need to check your endpoint for any viruses, malware or toolbars and addons as any one of these things could cause your requests to be redirected.

• You should check your endpoint and local network for any 'odd' increased load or network traffic (Virus's and malware often exhibit extra traffic and load.

• If you can you should try a different DNS resolver (Google & others provide open DNS resolvers, and as your an AWS customer already they might provide something as well.

• If you wanted to dig deep at the local end you should try something like WireShark then you can inspect the actual traffic between you and your AWS instances to make sure the correct/expected data is being sent/received.

At the AWS end, as you have indicated neither instance is behind a load balancer or anything then there are still a number of other things you could check;

• Checking the DNS configuration, have you got the correct name server (NS) records listed, are there any wild card entries?

• Is your web server correctly configured being careful to check for any virtual host directives, its also worth checking your web server is actually secure. If your using WordPress or a similar CMS system these are well known for being hacked in a similar way. You should check your actual web dir and make sure all the files and code there is actually yours...

• If you have the option with AWS and you are able check the correct 'good' pages are returned when you use the internal or private addresses of your instances - this may help narrow your searching. If as indicated in our chat that works as expected every time over a few tests then it's unlikely the problem is your actual server serving 'bad' pages.

• If you have any other services running on your instances at the public IP/hostname try and connect directly to those with something like PuTTY and make sure you are actually hitting your server as expected.

In general there are a number of things you can check for which may be causing the issue, and some of the issues it might actually be;

• Check the http headers which are coming from the 'bad' pages - they may give a clue where the content is coming from.

• DNS Cache poisoning attack

• DNS Hijacking
• DNS Configuration issue/problem/rouge NS.
• Compromised CMS, 3rd party script or underlying OS.
• MITM Proxy or interception system
• AWS issue

As this setup is not on a server or network fully within your control to speculate as to what else it could be is a little hard. AWS is a big dark cloud and I for one am certainly no expert with there inner workings!

Lastly if you have exhausted all these options and ideas and your still getting the same problems I'd raise a ticket with AWS for them to look at. There is every chance that it's just something weird going on within there network somewhere.

Without much more info from your side for people to go and run there own tests and investigations its very hard to say where the issue may lie.