• chmaynard 72 days ago

    > It turns out that GitHub doesn't require proof of ownership in order to set a custom domain.

    This is a major blunder. GitHub management needs to close this loophole immediately and delete this idiot's account.

    • Richienb 72 days ago
      • eugeniub 72 days ago

        I reported earlier today, and luckily, it appears that the user is gone now.

        • craftyguy 72 days ago

          Right? But I guess complaining about it on HN gets you more fake internet points, so OP did that instead.

          • eugeniub 72 days ago

            You may have missed the part of my post where I said I reported the user to GitHub four hours before posting. I posted about it here because (1) I wanted to draw attention to this problem, which is affecting many developers this month because of all the users downgrading from Pro to Free, and (2) because I wanted to draw attention to this critical design flaw in GitHub Pages.

            • 71 days ago
          • chelmzy 72 days ago

            You can do this with a ton of other services as well. It's pretty common in the bug bounty scene. I did it with MoviePass domains awhile back.

            • saghm 71 days ago

              I set up a Github Pages site for the first time last month, and to set up a custom domain, it had me add four A records pointing to IP addresses (all of which were hardcoded in the GitHub pages documentation, i.e. not specific to my repository) and add the domain I was using in the settings for the site's repository. I remember wondering how Github stopped other people from just putting arbitrary domains in their repositories to steal them if they ever got pointed towards Github Pages; I guess I have my answer now!

              • talves 71 days ago

                Good to Know Eugene. Thanks for the heads up.

                After having to deal with a ton of issue requests, I am sure GitHub will see the light and change this to a better requirement.

                Also, have you heard of Netlify. They will Host it to their Global CDN for free and they are fast as hell. Also can use private repositories on Github also.

                • WaltPurvis 69 days ago

                  Side note: https://iosref.com/ is quite useful. Thanks!

                  • jacob9706 71 days ago

                    Looks like he's no longer around.

                    • kaletaa 71 days ago

                      What did you expect from MS, they made Windows updates which wiped your fucking documents

                      • aaomidi 71 days ago

                        How many people do you think joined GitHub from Microsoft after the merger?

                        This is literally human oversight.