My domain got abused on GitHub Pages
A user discovered that their domain was being abused on GitHub Pages while traveling in Africa. The domain, intended for a personal project, was misconfigured, allowing others to create subdomains without proper verification. The user suggests improvements to GitHub's verification process to prevent such abuses in the future.
- ▪The user received an email from Google Search Console about a new owner for their domain.
- ▪GitHub Pages allows anyone to create subdomains if the DNS is misconfigured.
- ▪The user reported the abuse to GitHub and hopes for a resolution.
Opening excerpt (first ~120 words) tap to expand
The last few weeks I traveled through Africa, with barely any internet. At some point I got an email from Google Search Console about a new owner for the domain https://kafka.immersivepoints.com/. Weird… My immersivepoints.com domain is only used for one website hosted as a GitHub page. The website is for my 3D and VR point cloud visualizer, which in practice is just a simple hosted html page. There definitely is no Kafka involved here, let alone that I knew the new owner of this subdomain. After I regained access to a normal speed internet connection I started digging. First check was my DNS records, but initially nothing seemed off there. I simply forwarded the domain to the servers of GitHub, with a wildcard to also catch any subpage (such as www.immersivepoints.com).
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Roland Meertens.
Discussion
0 commentsMore from Roland Meertens
