I use althttpd and had my public site configured to serve content from the default.website directory. I noticed on a google search that my content was showing up in search results under a different domain name that I do not own. Browsing that domain was exactly like browsing my real domain. Updates I made to my site were instantly visible in the imposter domain.

I changed from default.website to the specific domain format and now browsing to the imposter domain results in a 404 being returned, as expected. So that was a quick mitigation.

In reviewing the server logs I determined that all the source IPs belonged to Cloudflare. Also, looking at the html source from the returned 404 page, there's a script tag in the head that references "CloudflareApps".

If I'm interpreting it correctly, it seems whoever owns the imposter domain has it configured to resolve to a Cloudflare proxy and is then somehow returning my domain content. It's not just a redirect so far as I can tell by looking at the developer's tools in Firefox.

Beyond changing from default.website, do you have any suggestions on additional action? Seems like I could drop all Cloudflare IP ranges at my firewall without blocking legitimate traffic?