I have no idea how this happens (or, if it’s nefarious, what is supposed to be accomplished by doing this), but I discovered, about a week ago, that some other domain was aimed at my IP address — as in, you type in their website name, and it goes to my site.
I found this out when I was doing a little security check-up, and noticed the other website name (which was, basically, almost-random-string-of-letters-dot-com) among the logs. I Googled it and the results showed snippets from my site. Hacked!!
Well not quite: some further Googling explained what was going on (but not why). I also found that when I tried to actually go to the other site my browser refused to load it, because the SSL credentials (for my site) did not match the bogus website’s hostname. Thank you SSL!
According to my Googling there was nothing I could do to prevent someone from aiming their site at my address, short of contacting the bogus site and asking them to stop (fat chance), but I could configure my site to throw a “Forbidden!” error at anyone coming to my site from any other hostname but mine. So now my site won’t load from that host, even if someone decides to ignore their browser’s security warnings.
What did the trick was a little snippet added to my site’s root htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^donkelly.net$ [NC]
RewriteRule ^ - [F]
</IfModule>