[kwlug-disc] Free web storage for static HTML?

Paul Nijjar paul_nijjar at yahoo.ca
Sun Oct 19 14:39:08 EDT 2025 

This attack was sneaky. The gambling site was also hosted on github.io
, and the attacker just pointed their CNAME for the site to
waterlooregionvotes.org . 

The PSA here is that if you are hosting a custom domain on github
pages then you should verify the domain with a TXT record: https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

If you do not verify your domain then people can snipe the CNAME from
under you when you try to switch the domain to another project (which
is what happened in this situation). 

Our site is not fixed yet but it will no longer promote indonesian
gambling. The hard part is that I do not see a way to identify the
account that stole our CNAME.

You also need to be careful about being too generous with subdomains.
See: https://rmoff.net/2024/01/16/hosting-on-github-pages-watch-out-for-subdomain-hijacking/

- Paul

On Sun, Oct 19, 2025 at 01:20:13PM -0400, Paul Nijjar via kwlug-disc wrote:
> 
> It looks like the waterlooregionvotes.org site has been taken over by
> an Indonesian gambling site. I will ask the current maintainers of the
> site to investigate. In the meantime you don't want to go there. 
> 
> - Paul
> 
> On Sun, Oct 19, 2025 at 01:49:46AM -0400, Paul Nijjar via kwlug-disc wrote:
> > 
> > Github pages should work? So should Gitlab pages.
> > waterlooregionvotes.org is on github pages.
> > 
> > If you want to go old school you could use neocities.org . I have my
> > blog mirrored there for free.
> > 
> > - Paul
> > 
> > On Sun, Oct 19, 2025 at 01:28:48AM -0400, William Park via kwlug-disc wrote:
> > > Trying to help out few non-techie people, but I'm also interested
> > > personally...
> > > 
> > > How do you make *static HTML* files available online for *free?*
> > > 
> > > I looked at
> > > 
> > >  * Google Site -- you can't upload html file
> > >  * Dropbox -- it shows you the text content of HTML files.
> > >  * GitHub -- same thing.
> > > 
> > > Failing that, I'm considering
> > > 
> > >  * Put the files on USB stick, and plug it into router.� It has
> > >    web/file server.� I would have to register DDNS, though.
> > >  * Set up web server on a Linux computer.� But, I don't want to be
> > >    "tech support".
> > 
> > > _______________________________________________
> > > kwlug-disc mailing list
> > > To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> > > with the subject "unsubscribe", or email
> > > kwlug-disc-owner at kwlug.org to contact a human being.
> > 
> > 
> > _______________________________________________
> > kwlug-disc mailing list
> > To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> > with the subject "unsubscribe", or email
> > kwlug-disc-owner at kwlug.org to contact a human being.
> 
> _______________________________________________
> kwlug-disc mailing list
> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> with the subject "unsubscribe", or email
> kwlug-disc-owner at kwlug.org to contact a human being.

More information about the kwlug-disc mailing list