|OS type and version:||Ubuntu 20.04|
|Related products version:||Apache version 2.4.41|
I have a domain (client2.org) that has a variety of sites using subdomains. For example client2.org, payments.client2.org, eco.client2.org, etc. In DNS (at GoDaddy) we have these wildcarded, so for example donation1.payments.client2.org will go to the correct IP address without having to propagate DNS changes.
Recently we have become aware of bots (probably) accessing their main site client2.org by using nonexistent subdomains consisting of “foreign” domains prepended to our wildcarded subdomains, for example somesite.compayments.client2.org. These requests land on the client2.org main site, which is a CMS that caches generated pages, and a few links on those pages get cached pointing to somesite.compayments.client2.org. Normal people browse the site, click those cached links, and end up logged out or trying to access the SSL domain that has no cert installed.
Why are these requests going to client2.org? I would think they would end up at the “It Works” page.
How do I set up the server so that these requests actually go to the It Works page?