

Ask PG: Is HackerNe.ws an official domain? - nreece

http://hackerne.ws
======
pg
No, someone else created that.

~~~
joshu

      hackerne.ws.		1722	IN	A	174.132.225.106
      news.ycombinator.com.	835	IN	A	174.132.225.106
    

You really should check the Host: header that gets sent and if it's not a host
you recognize, redirect to one you do recognize. Do not allow people to create
aliases to sites you control. This is dangerous.

Users can log in and register with it. After a while, he could redirect
through a proxy, and catch the cookies. Search engines might crawl you through
this domain name, which can later be re-pointed. There's all sorts of abusive
or inappropriate things that can be done here; don't allow it.

~~~
cperciva
You're right about the dangers; but those dangers can't really be avoided. If
the news.ycombinator.com server stops responding to queries for hackerne.ws,
the owner of hackerne.ws can simply set up a proxy which changes the Host:
header and have hackerne.ws start working again.

~~~
joshu
That's a good point, although he could throttle on an IP address. Or at least
logins on an IP address.

You still generally want to eliminate low-hanging fruit.

------
JacobAldridge
Interesting. Not sure how often it updates, but seems reasonably current.
Doesn't know who I am, which is the best giveaway (eg, my login id doesn't
appear, and I have the option to upvote stories / comments I already have - or
which are my own).

Actually, when I go to vote, it asks me to login.

No thanks.

~~~
joshu
It's an A record, not a proxy. Still abusive but the owner would have to point
it elsewhere.

------
e1ven
This domain was registered about a year and a half ago as a gift offering to
news.yc.

<http://news.ycombinator.com/item?id=84039>

