Ask HN: Someone cloned GitHub, not sure why

by rbobbyon 12/8/2021, 3:50:52 AM with 10 comments
  • by LinuxBenderon 12/8/2021, 4:26:56 AM

    VirusTotal [1] is lighting up on that site. Do not click those links and I would remove the links from HN.

    [Edit] HN Moderator removed it.

    [1] - https://www.virustotal.com/gui/url/f298f1b568fccc7d942aa39c1...

  • by disqardon 12/8/2021, 4:22:15 AM

    Probably a phishing site to steal username + password.

  • by Nextgridon 12/8/2021, 4:01:05 AM

    I wonder if it's someone's reverse-proxy to bypass censorship of the main site.

  • by tyingqon 12/8/2021, 4:46:36 AM

    It does look like a live proxy rather than a copy/clone.

    The responses have headers like "X-GitHub-Request-Id", which would be a pretty easy detail to forget if it were a copy.

  • by robbedpeteron 12/8/2021, 4:12:24 AM

    To bypass the great firewall? Or possibly, to bypass country level restrictions on content blocks? You might have just outed some group in China.

  • by egbertson 12/8/2021, 4:27:17 AM

    Someone is going to have to be brave enough to login and see if their private repositories got cloned as well.

    I have no private repo. It would suck if that too got cloned.

  • by mosdlon 12/8/2021, 4:05:00 AM

    To steal passwords?

  • by smoldesuon 12/8/2021, 4:53:05 AM

    Looks like a social engineering attack of some sort.

  • by piyhon 12/8/2021, 4:42:35 AM

    Is this basically a MitM attack as a proxy?

  • by omarhaneefon 12/8/2021, 4:45:39 AM

    Bob: Susan, remember not to make the GitHub staging site public by accident.

    Susan: or what?

    Bob: someone might me see it!

    Susan: an obscure url like that? not a chance.

    Bob: still, a small chance

    Susan: and so what if someone sees it? itโ€™s not like it will show up on the front page of Hacker News!