subdomain has been hacked?

[kielnevec]

Dear @senorprogrammer
please kindly check this

http://wukong138.wtfutil.com/

someone using wtfutil.com subdomain for betting site

regards

[indradhanush]

Just checked and wtfutil.com looks okay to me.

Edit: Nevermind. I did not read the description carefully.

[senorprogrammer]

Thanks for catching this - somehow they've hijacked a subdomain. Any idea how they'd do that?

[Seanstoppable]

Looks like it is due to the usage of a wildcard, where *.wtfutil.com points to the gh pages servers.
Reading https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/troubleshooting-custom-domains-and-github-pages, using a wildcard is discouraged, more or less just because of this.
It lets pretty much anyone create a GH pages account and actually create an entry that will work. For example, I just set up seanstoppable.wtfutil.com on my personal gh pages, and now it is happily serving up my old blog.
Removing the wildcard, and setting up records for just www.wtfutil.com and wtfutil.com will result in these subdomains just not working.