I am VERY confused. I installed Ghost on an EC2 instance using their installation instructions. I followed it exactly and didn’t have any issue with it.
However, I was looking through Ahrefs and noticed that I had a link coming from this site: http://echo.tvo-test.com. As you’ll see it looks exactly like my blog https://blog.sellerssuite.com. My initial thought was that it was a phishing site, but the IP address of “echo” is coming from the same IP address as blog.sellerssuite.com.
I tried looking through Ghost documentation to see if Ghost runs a test site, but I can’t find anything.
Can anyone give me any idea of what is going on? I’m so lost.
@alex.f Ghost doesn’t and wouldn’t operate any such test site.
From the looks of it, the owner of tvo-test.com has either configured echo.tvo-test.com to point at your EC2 instance’s IP address, or more likely they previously used the EC2 IP address you’ve been assigned and didn’t update their DNS records when they removed their EC2 setup.
Do you think this could be a result of a compromised web server? If it was the case where “they” didn’t update their DNS records, would “they” be Amazon?
Do you think this could be a result of a compromised web server?
Unlikely, there’s nothing to suggest that would be the case.
If it was the case where “they” didn’t update their DNS records, would “they” be Amazon?
No, Amazon wouldn’t be really involved at this level, they only the provided the IP address and IP addresses are almost always recycled across virtual host instances as they are created/torn down otherwise they would quickly run out. “They” in this case would be the owner of tvo-test.com.
If you’re worried about it the best thing to do would be to update your nginx/apache configuration so that it’s only responding to requests for your actual domain name rather than any domain that resolves to your instances IP address.