🌱 A Quick Lesson learnt on Domain Takeovers

A little experience about something that happened recently with my website, s9lab.dev , and how I learned an important lesson about keeping your domain safe. 🧠

So, the other day, I was trying to verify my custom domain for my GitHub Pages site. But guess what? 😱 I got an error saying the domain name was already taken! At first, I thought, "Wait, did my domain expire? Or was it auctioned off?" 🤔

I checked with my DNS provider, and everything looked fine. Then I remembered a GitHub Actions vulnerability issue I’d heard about recently. Could that have caused the problem? Nope! That wasn’t it either.

Turns out, my site was victim of a domain takeover attack . 🚨 This was new to me, so I dug deeper, learned more

What Exactly is a Domain Takeover Attack?

Imagine this: Someone else takes over your custom domain and uses it to publish their GitHub Pages site instead of yours. Yep, scary stuff! 😨

When Can Domain Takeovers Happen?

Here are some common scenarios where this can happen:
👉 You delete your repository.
👉 Your billing plan gets downgraded.
👉 Any change that disconnects your custom domain or disables GitHub Pages—but your domain is still pointing to GitHub Pages and isn’t verified.

If you’re using GitHub Pages to host your site with a custom domain, it’s SUPER important to verify your domain . 🔐 This small step can save you from potential takeovers.

How to Protect Your Domain: GitHub has clear steps for verifying your custom domain. Here’s the link to follow: GitHub Docs .

Always double-check your settings and verify your domain. It’s like locking the door to your digital house! 🏠🔑

Now https://s9lab.dev is in safe hands and up ✨