I just recently had an exchange with a client that some of their web sites were ‘cross bleeding’ – a few visitors going to sitea.com were getting siteb.com. These are all hosted on the same server, stock Apache/PHP stuff, nothing special. However, one of the domains was SSL, and had an entry for responding to port 443, which the others didn’t. If anyone tried sitea.com via https, they’d see siteb. I went in and patched that up in the config and thought everything was good.
Week later… “this is still happening, and getting worse”.
Well… I started to dig in a bit more, and noticed that the control panel we’d installed had created the new siteb entry with IPv6 and IPv4, but the other sites, which got imported but not updated, were IPv4 only. I updated all the vhost definitions to respond to IPv6 and IPv4, and… so far so good. I’m pretty sure this was the issue. It was only affecting a handful of people, and they were reporting in in a meeting (based on the context, I infer these were mobile users) and from what I gather, more mobile operators are pushing IPv6 out to end users.
If you’re getting the problem I was, check that you are dealing with both IPv6 and IPv4.