Ask HN: Someone cloned GitHub, not sure why
16 comments
VirusTotal [1] is lighting up on that site. Do not click those links and I would remove the links from HN.
[Edit] HN Moderator removed it.
[1] - https://www.virustotal.com/gui/url/f298f1b568fccc7d942aa39c1...
[Edit] HN Moderator removed it.
[1] - https://www.virustotal.com/gui/url/f298f1b568fccc7d942aa39c1...
I just clicked and went straight to the site. What do I do now?
Ensure your anti-malware is up to date. If its a work computer let your security team know. If its yours probably clear cache close browser install anti-malware and scan the machine. I dont have time to dig into whats on that site to see what it does.
[deleted]
Probably a phishing site to steal username + password.
I wonder if it's someone's reverse-proxy to bypass censorship of the main site.
It does look like a live proxy rather than a copy/clone.
The responses have headers like "X-GitHub-Request-Id", which would be a pretty easy detail to forget if it were a copy.
The responses have headers like "X-GitHub-Request-Id", which would be a pretty easy detail to forget if it were a copy.
To bypass the great firewall? Or possibly, to bypass country level restrictions on content blocks? You might have just outed some group in China.
github is not blocked in China
Looks like a social engineering attack of some sort.
Is this basically a MitM attack as a proxy?
Bob: Susan, remember not to make the GitHub staging site public by accident.
Susan: or what?
Bob: someone might me see it!
Susan: an obscure url like that? not a chance.
Bob: still, a small chance
Susan: and so what if someone sees it? it’s not like it will show up on the front page of Hacker News!
Susan: or what?
Bob: someone might me see it!
Susan: an obscure url like that? not a chance.
Bob: still, a small chance
Susan: and so what if someone sees it? it’s not like it will show up on the front page of Hacker News!
I stumbled across this list of enrichers:
https://causlayer.orgs.hk/topics/serilog-enrichers
Which have a few links to github repositories. I looked at one or two and then click the link for laurentiustamate94 / serilog-enrichers-aspnetcore and eventually noticed it took me to this page:
https://causlayer.orgs.hk/laurentiustamate94/serilog-enrichers-aspnetcore
A pretty exact copy. Everything works, though some links (like profile etc) take you to the real github.
Why would someone put that amount of work into this?
If you go to https://causlayer.orgs.hk it's a copy of the github home page with a fake login page!
Is this something github should be aware of? If so where would you report it?