Membership is FREE, giving all registered users unlimited access to every Acorn Domains feature, resource, and tool! Optional membership upgrades unlock exclusive benefits like profile signatures with links, banner placements, appearances in the weekly newsletter, and much more - customized to your membership level!

Problem with 20i.com - are you affected?

boxfish

boxfish

Joined
Jul 1, 2010
Posts
1,033
Reaction score
227
I know a few people on here use the 20i.com WordPress Hosting so wondered if you could test something out and see if it affects your sites too - as far as I know this is just the WordPress Managed Hosting - not the VPSs

If you type a non-existent subdomain onto the front of your actual domain, does it resolve and show the homepage?

For example :

viagra.yourdomain.co.uk
nastything.yourdomain.com
nonexistsub.yourdomain.uk

On my account, on every site, it does.

I can't find a single other host that doesn't show ERR_NAME_NOT_RESOLVED error page instead.

I contacted support and they said it was probably down to a plugin.

I then did a clean install with zero plugins and it did the same - they said 'if it is a persistent problem we'll look into it'.

The Problem:

If people link to these nonexistant subdomains I/you could very soon have lots of duplicate content, across an unlimited number of dubiously named sub-domains (viagra, pron etc) indexed in Google.

I think this is a huge problem but 20i.com don't seem bothered - is it just my sites?
 
dee said:
i just get a cert error on mine. Anything meant to resolves fine.
Click to expand...

On Chrome when you get the cert error, if you do the Advanced > Proceed to possibly unsafe destination - what happens then?
 
boxfish said:
On Chrome when you get the cert error, if you do the Advanced > Proceed to possibly unsafe destination - what happens then?
Click to expand...

If its wordpress and has the correct redirects in place for https its likely it will just redirect to the main domain. Is your site on https ? If not ideally it would be better to test from another site that is also not using https

Edit, Ignore that. It shouldn't redirect as it shouldn't resolve at all. I think that's the whole point your saying isn't it ?.

I assume admins site is on their shared hosting: beautifulworld.com which redirects to the domain from a random subdomain which means random subdomain is resolving........when it shouldn't.
 
Resolves to home page. Although on one of my sites I actually want this .
 
Adam H said:
I assume admins site is on their shared hosting: beautifulworld.com which redirects to the domain from a random subdomain which means random subdomain is resolving........when it shouldn't.
Click to expand...

Admin's site is just redirecting to the beautifulworld.com address for me. It shouldn't do that but at least it it's not resolving porn.beautifulworld.com and returning an indexable page.

Adam H said:
Edit, Ignore that. It shouldn't redirect as it shouldn't resolve at all. I think that's the whole point your saying isn't it ?.
Click to expand...

Yep, it shouldn't resolve.

I've now found several sites on the 20i.com servers where I can link to a made up subdomain and get a page indexed.

Over the next 30 days, as the SSL certs get renewed into the new Wildcard SSLs, the new subdomains won't even give a certificate warning, they will just go to the https page so if I link to childporn.yourbusiness.co.uk it will create an indexable page in Google
 
Do you have access to .htaccess on their Wordpress hosting? There must be a fix you can do there, if so?
 
On one site I tested this morning, just by linking to a single subdomain it created duplicate, indexable content not just for the subdomain, but for all the links using relative paths too.

For example, all the below pages of duplicate content would be created just from one link to a made-up subdomain

https://porn.testdomain.co.uk
https://porn.testdomain.co.uk/index.php
https://porn.testdomain.co.uk/testdomain-partners.php
https://porn.testdomain.co.uk/pwreset.php
https://porn.testdomain.co.uk/register.php

You could literally repeat this with an unlimited amount of words.
 
Last edited:
In my support ticket, which is 30 messages long, it goes from:

"We've modified your .htaccess to stop this abnormal behaviour that is happening on your site - we believe this may be caused by a plugin that you currently have installed"

to

"The web space and IP are assigned to your site and all references to the domain go there by default using the wildcard record. If you dont want this behaviour then you can simply remove the record or add a htaccess file to prevent subdomains other than those allowed. "

The above is a direct copy and paste which shows it's gone from being 'abnormal behaviour' to 'default'.

So be aware that anyone can create subdomains and duplicate content on your site unless you edit your .htaccess or delete a specific DNS record for each site.

Not sure what to make of it but miffed it took 30 messages to get a straight answer.
 
  • Like
Reactions: dee
boxfish said:
In my support ticket, which is 30 messages long, it goes from:

"We've modified your .htaccess to stop this abnormal behaviour that is happening on your site - we believe this may be caused by a plugin that you currently have installed"

to

"The web space and IP are assigned to your site and all references to the domain go there by default using the wildcard record. If you dont want this behaviour then you can simply remove the record or add a htaccess file to prevent subdomains other than those allowed. "

The above is a direct copy and paste which shows it's gone from being 'abnormal behaviour' to 'default'.

So be aware that anyone can create subdomains and duplicate content on your site unless you edit your .htaccess or delete a specific DNS record for each site.

Not sure what to make of it but miffed it took 30 messages to get a straight answer.
Click to expand...

Good catch. Cheers
 
seemly said:
That's pretty shocking "default behaviour", though.
They should probably make it NOT default behaviour from now.
Click to expand...

I completely agree. I showed examples of some of the potential problems but their responses to me just got shorter and shorter.
 
So i just had a look at DNS for a domain (didnt even realise had access to DNS on wordpresss hosting)

There are two wildcard entries:

*.domain.com A

*.domain.com AAAA

So I presume you would delete these ? But then you would have to add a WWW.domain.com to account for the www typers ? Does that sound right ?
 
dee said:
So i just had a look at DNS for a domain (didnt even realise had access to DNS on wordpresss hosting)

There are two wildcard entries:

*.domain.com A

*.domain.com AAAA

So I presume you would delete these ? But then you would have to add a WWW.domain.com to account for the www typers ? Does that sound right ?
Click to expand...

Yep, replicate the

*.domain.com A
*.domain.com AAAA

entries with

www.domain.com A
www.domain.com AAAA

entries then delete the *. records
 
Last edited:
You must log in or register to reply here.

Similar threads

Systreg
Any WP type themes for this?
Replies
5
Views
945
Systreg
Systreg
it.com
it.com How to Optimize Information Displayed about a Website in Google Search Results
Replies
0
Views
129
it.com
it.com
it.com
it.com Website Migration Guide – Chapter 1: Types of Website Migrations
Replies
0
Views
130
it.com
it.com
it.com
it.com How Much Does It Cost to Launch an E-commerce Website in 2024?
Replies
0
Views
308
it.com
it.com
Acorn Newsbot
Nominet From fantasy sports to forecasting domains: How to carve your own path in the tech industry
Replies
1
Views
300
ukbackorder
ukbackorder

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 428 (members: 3, guests: 425)
IT.com

Premium Members

Get a .HipHop domain

Calendar events

Latest Comments

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Other domain forums

Other domain forums.
Global
Asia
Europe
North America
Oceania & Australia

Our Mods' Businesses

Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • D AcornBot:
    DarkSky has left the room.
  • Helmuts @ Helmuts:
    👋
  • ukbackorder AcornBot:
    ukbackorder has left the room.
  • T AcornBot:
    ttek has left the room.
  • Admin @ Admin:
    Hello. So, do anyone happen to know anything about Whois and how it can be accessed?
  • BrandFlu AcornBot:
    BrandFlu has joined the room.
  • BrandFlu AcornBot:
    BrandFlu has left the room.
  • Helmuts @ Helmuts:
    Admin said:
    Hello. So, do anyone happen to know anything about Whois and how it can be accessed?
    Click to expand...
    ;) you are leaking info ;) :D :D
    • Funny
    Reactions: Admin
  • D AcornBot:
    Darren has left the room.
      D AcornBot: Darren has left the room.
      Top Bottom