Bizarre redirect behaviour *solved* possible bug?

Hi,

Recently somebody was redirected from my website to another on my virtualmin server. There were no redirects set up so i was puzzled.
Attached is a screenshot that was taken, notice the URL says stonefree-it.nl and the site showing is actually artsenvoeding.nl . I have not been able to reproduce this behavior, but when i did a sitecheck on sucuri.net ( http://sitecheck.sucuri.net/results/stonefree-it.nl ) it actually shows a number of urls on artsenvoeding.nl when you click on l" List of URLs scanned".

https://virtualmin.com/files/screen.png

Now i have been searching all the apache confguration files and have been grepping my way through the filesystem trying to locate any reference to artsenvoeding.nl where it shouldn’t be but sofar my search has been without result.
Somehow, inappropriate urls are returned i guess, but i am absolutely puzzled as to where that would be.

Some additional info:
The artsenvoeding.nl is a sub-server of another domain (not the stonefree-it one).
I created the sub-server while logged in with my administrative account for virtualmin.
When i check other domains hosted on the server with the sucuri check, they all list the artsenvoeding.nl url’s

Does anybody have any idea where i should look or how i can solve this? Or even tell me what problem i am having. Log files or anything can be posted ofcourse(but in the apache access logs for the virtual servers was no info of help).
Thanks in advance!

Cheers

Guido


See last post for " solution"

It would seem that your Apache is confused about which domain to serve, and thus serves (which is the default behavior when it encounters an unknown domain) the alphabetically first that it knows. “artsenvoeding.nl” sounds like it could be the first, starting with an “a” and all.

First you might want to go to “Webmin -> Servers -> Apache Webserver” and make sure that in the list that appears, all the “Virtual Servers” have your external IP listed in the “Address” column, and port “80” or “443” in the “Port” one.

Hi, thanks for the suggestion, but the list is in order. Also, there are two domains that precede the artsenvoeding one alphabetically.
I also agree that it looks like apache is confused somehow, but configuration-wise the only thing that was changed is the addition of the sub-server. There are more subservers and this problem did not occur before.

Yeah this is somewhat odd. For starters, you might check out this page, section “the wrong site shows up”: https://www.virtualmin.com/documentation/web/troubleshooting

Thanks, I already checked that out. No luck.
The weird thing is that i have not been able to reproduce the problem (as in the correct websites show up), but there is something not correct that is served judging by the sucuri.net report.
Any other leads maybe?

So just to try i decided to disable ipv6 for this server, and after restarting apache the sucuri report no longer shows the wrong urls.

Maybe this is a bug, maybe I somehow misconfigured ipv6(although i did not touch these settings after initial setup).
Somehow (maybe after virtualmin update?) ipv6 was enabled for this server, and apparently it was the only website being served on the ipv6 address. So for some reason after creating this sub-server all ipv6 requests were being served with this website. Very strange but happy its solved!

Cheers!

Now it seems that some people are served with the alphabetically first ipv6 enabled domain. I have now disabled apache from accepting any requests for the ipv6 domain, maybe this will help. Definitely not a solution though.

So it looks definitely like an ipv6 problem. A client was denied an adwords campaign for his website because apaarently when google tries to access the website in question they get redirected to the first ipv6 enabled server. There is some progress however because this time i see google connecting to the wrong website.

From the acces_log where the website served is futilism.org, and the site requested is taximartini.nl:
2620:0:1040:401:61d3:3676:6e:f3f0 - - [29/Jan/2014:14:49:11 +0100] “GET /futilism.png HTTP/1.1” 200 68807 “http://www.taximartini.nl/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.72 Safari/537.36”

Will post a solultion once i find one. In the mean time if anyone has any idea that would be great.

Ok problem solved by allocating all servers an ipv6 address.
Strange that this became a problem when adding the last vritual server. Also the fact that it was not reproducible on my side does not help in finding what caused this.