Hi I created a new DigitalOcean droplet (wordpress one-click install) and then installed mod_pagespeed.
A couple hours later I look in the cache folder /var/cache/mod_pagespeed/ and there are domains getting added there that aren't mine -
/var/cache/mod_pagespeed/v3/big-events.co.uk
/var/cache/mod_pagespeed/v3/youexel.com
I am only using this droplet for 1 website so why are all these other websites appearing in the cache?
I found this stackoverflow post with similar problem and I tried to implement the solutions suggested - Strange domains in mod_pagespeed cache folder
Please can someone confirm I've added the suggestions correctly?
Suggestion 1 ModPagespeedDomain
I've added this to my .htaccess file -
<IfModule pagespeed_module>
ModPagespeed on
ModPagespeedDomain demo.mywebsite.com
ModPagespeedMapRewriteDomain demo.mywebsite.com *mywebsite.com
</IfModule>
Suggestion 2 UseCanonicalName & UseCanonicalPhysicalPort
I added these lines to /etc/apache2/sites-enabled/000-default-le-ssl.conf
UseCanonicalName On
UseCanonicalPhysicalPort On
Is there anything I can do to stop this exploit?
Thanks for any help!
Well, I think the fact the you can see new domains in your cache directories does not imply you have been hacked :) its just that many random requests will come to your host if your ports are open so you either block external traffic or just update your configurations so that default server does not do caching by default and add a new virtualhost for your actual domain name you want to use.
I hope this helps.