2

I am curious whether someone could find out if a site hosted on GitHub Pages could be traced back to the user that published it. This is of course, assuming that:

  • the GitHub repository containing the website’s file is private,
  • the website is connected to a custom domain (using something like a CNAME record, rather than a redirect from example.com to user.github.io/secret-site),
  • the GitHub account itself isn’t compromised.
Mysterio
  • 21
  • 2

1 Answers1

5

Yes, you can identify the Github username of the person. This works because CNAME records are public. CNAME records essentially work like a redirect, and tell a DNS resolver to use the records from elsewhere.

For example, spec.commonmark.org is hosted with GitHub pages. How do I know? I can run dig spec.commonmark.org CNAME and get the following response:

spec.commonmark.org.    1608    IN      CNAME   jgm.github.io.

From this I can see that the GitHub user or organization “jgm” controls the repository from which that website is built.

In this case, that is an individual user. But if it is a GitHub organization, it might not be possible to know who controls that organization, since members can set their membership to private.

amon
  • 1,346
  • 8
  • 9
  • 1
    This is a good trick. It won't work 100% of the time - older GH pages setups (and new ones not following the official instructions) can use A records straight to GH's IP addresses. – Zach Bloomquist Dec 12 '23 at 23:01