wtf icon indicating copy to clipboard operation
wtf copied to clipboard
verified publisher icon wtfutil

subdomain has been hacked?

Open kielnevec opened this issue 2 years ago • 5 comments

Dear @senorprogrammer please kindly check this

http://wukong138.wtfutil.com/

someone using wtfutil.com subdomain for betting site

regards

kielnevec avatar Dec 17 '23 16:12 kielnevec

~Just checked and wtfutil.com looks okay to me.~

Edit: Nevermind. I did not read the description carefully.

indradhanush avatar Jan 03 '24 14:01 indradhanush

Thanks for catching this - somehow they've hijacked a subdomain. Any idea how they'd do that?

senorprogrammer avatar Jan 08 '24 20:01 senorprogrammer

Looks like it is due to the usage of a wildcard, where *.wtfutil.com points to the gh pages servers. Reading https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/troubleshooting-custom-domains-and-github-pages, using a wildcard is discouraged, more or less just because of this. It lets pretty much anyone create a GH pages account and actually create an entry that will work. For example, I just set up seanstoppable.wtfutil.com on my personal gh pages, and now it is happily serving up my old blog. Removing the wildcard, and setting up records for just www.wtfutil.com and wtfutil.com will result in these subdomains just not working.

Seanstoppable avatar Feb 19 '24 05:02 Seanstoppable

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 17 '24 09:08 stale[bot]