Visitors may sometimes access your server by a pretty raw manner which contains the most specific matching IP address. For instance, suppose the server IP is 123.123.123.123, they might access the server via http://123.123.123.123/ in any browser on purpose. If there's no website or web page in the server document root (i.e. /var/www/html), httpd will return the first listed virtual host instead of returning nothing.
This manner is usually wrong because the first virtual host may not be able to represent the whole server.
Solution
So the trick I recommend is that we put a dummy virtual host as the first one in the configuration file. httpd will take it as the default host when there's nothing in the server document root.
[root@test ~]# vi /etc/httpd/conf/httpd.conf
...
<VirtualHost *:80>
ServerName 123.123.123.123
Redirect 404 /
</VirtualHost>
As you can see, I redirect all attempts on the server IP to a 404 Not Found for any URI on this server. Of course, you can also redirect a 403 Forbidden in this dummy directive, but the anonymity of this server could be compromised. I will explain more in this post: How to Return "404 Not Found" Instead of "403 Forbidden".
Please note that, the ServerName in the directive must match your server IP.