https://amoffat.github.io/sh/ is blocked
slatermethuen opened this issue · comments
The documentation pages are currently being blocked by UK’s National Cyber Security Centre protective DNS service.
This means NCSC think it is hosting or is associated with malware. Are you aware of this?
No I'm not aware of this thank you for bringing it to my attention. Is all
of GitHub.io blocked or just amoffat.github.io ?
…On Mon, Jun 5, 2023, 4:05 AM slatermethuen ***@***.***> wrote:
The documentation pages are currently being blocked by UK’s National Cyber
Security Centre protective DNS service.
This means NCSC think it is hosting or is associated with malware. Are you
aware of this?
—
Reply to this email directly, view it on GitHub
<#680>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB7IKIROYCKLFAGUUZN75LXJW4RLANCNFSM6AAAAAAY2ZYLEI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
For example, is https://octocat.github.io/ blocked? DNS on amoffat.github.io and github.io show the same IPs, so I would think the NCSC must be blocking all of github.io
It seems to just be amoffat.github.io as far as I can tell. The octocat pages are OK.
That filtering isn't happening at the DNS level then. Can you please share
some screenshots of what you see? Also can you share the verbose output of
a curl request on the link? Thank you
…On Mon, Jun 5, 2023, 9:49 AM slatermethuen ***@***.***> wrote:
It seems to just be amoffat.github.io as far as I can tell. The octocat
pages are OK.
—
Reply to this email directly, view it on GitHub
<#680 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB7IKK4FA3XIRPKXQHX6QTXJYEZTANCNFSM6AAAAAAY2ZYLEI>
.
You are receiving this because you commented.Message ID:
***@***.***>
Here is a screenshot:
Here is the output of curl:
$ curl.exe -v https://amoffat.github.io
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 25.25.25.80:443...
* Connected to amoffat.github.io (25.25.25.80) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: C:/Users/ajs/AppData/Local/Programs/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [91 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3255 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [621 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=GB; L=Oxford; O=Nominet UK; CN=*.protectivedns.service.ncsc.gov.uk
* start date: Jan 30 00:00:00 2023 GMT
* expire date: Mar 1 23:59:59 2024 GMT
* subjectAltName does not match amoffat.github.io
* SSL: no alternative certificate subject name matches target host name 'amoffat.github.io'
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, close notify (256):
} [2 bytes data]
curl: (60) SSL: no alternative certificate subject name matches target host name 'amoffat.github.io'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
For comparison here is a request to octocat:
$ curl.exe -v https://octocat.github.io
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 185.199.108.153:443...
* Connected to octocat.github.io (185.199.108.153) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: C:/Users/ajs/AppData/Local/Programs/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3050 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io
* start date: Feb 21 00:00:00 2023 GMT
* expire date: Mar 20 23:59:59 2024 GMT
* subjectAltName: host "octocat.github.io" matched cert's "*.github.io"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: octocat.github.io]
* h2h3 [user-agent: curl/7.84.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x1661375fa90)
} [5 bytes data]
> GET / HTTP/2
> Host: octocat.github.io
> user-agent: curl/7.84.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [193 bytes data]
< HTTP/2 200
< server: GitHub.com
< content-type: text/html; charset=utf-8
< permissions-policy: interest-cohort=()
< last-modified: Sun, 27 Apr 2014 10:07:39 GMT
< access-control-allow-origin: *
< etag: "535cd6eb-f8c"
< expires: Mon, 05 Jun 2023 17:27:44 GMT
< cache-control: max-age=600
< x-proxy-cache: MISS
< x-github-request-id: E07E:11118:30E739F:32850A7:647E18B7
< accept-ranges: bytes
< date: Mon, 05 Jun 2023 17:19:37 GMT
< via: 1.1 varnish
< age: 113
< x-served-by: cache-lhr7386-LHR
< x-cache: HIT
< x-cache-hits: 1
< x-timer: S1685985577.467641,VS0,VE1
< vary: Accept-Encoding
< x-fastly-request-id: c311fcbd34868047cfb1a266f376efaa082096b6
< content-length: 3980
<
{ [975 bytes data]
100 3980 100 3980 0 0 51501 0 --:--:-- --:--:-- --:--:-- 52368<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
<meta http-equiv="X-UA-Compatible" content="chrome=1" />
<meta name="description" content="Octocat.github.io : " />
<link rel="stylesheet" type="text/css" media="screen" href="https://github.com/amoffat/sh/issues/stylesheets/stylesheet.css" target="_blank" rel="nofollow">
<title>Octocat.github.io</title>
</head>
<body>
<!-- HEADER -->
<div id="header_wrap" class="outer">
<header class="inner">
<a id="forkme_banner" href="https://github.com/octocat">View on GitHub</a>
<h1 id="project_title">Welome to the Octocat homepage!</h1>
<h2 id="project_tagline">Be sure to keep this page in mind to see all my latest updates.</h2>
</header>
</div>
<!-- MAIN CONTENT -->
<div id="main_content_wrap" class="outer">
<section id="main_content" class="inner">
<h3>
<a name="welcome-to-github-pages" class="anchor" href="#welcome-to-github-pages"><span class="octicon octicon-link"></span></a>Welcome to GitHub Pages.</h3>
<p>This automatic page generator is the easiest way to create beautiful pages for all of your projects. Author your page content here using GitHub Flavored Markdown, select a template crafted by a designer, and publish. After your page is generated, you can check out the new branch:</p>
<pre><code>$ cd your_repo_root/repo_name
$ git fetch origin
$ git checkout gh-pages
</code></pre>
<p>If you're using the GitHub for Mac, simply sync your repository and you'll see the new branch.</p>
<h3>
<a name="designer-templates" class="anchor" href="#designer-templates"><span class="octicon octicon-link"></span></a>Designer Templates</h3>
<p>We've crafted some handsome templates for you to use. Go ahead and continue to layouts to browse through them. You can easily go back to edit your page before publishing. After publishing your page, you can revisit the page generator and switch to another theme. Your Page content will be preserved if it remained markdown format.</p>
<h3>
<a name="rather-drive-stick" class="anchor" href="#rather-drive-stick"><span class="octicon octicon-link"></span></a>Rather Drive Stick?</h3>
<p>If you prefer to not use the automatic generator, push a branch named <code>gh-pages</code> to your repository to create a page manually. In addition to supporting regular HTML content, GitHub Pages support Jekyll, a simple, blog aware static site generator written by our own Tom Preston-Werner. Jekyll makes it easy to create site-wide headers and footers without having to copy them across every page. It also offers intelligent blog support and other advanced templating features.</p>
<h3>
<a name="authors-and-contributors" class="anchor" href="#authors-and-contributors"><span class="octicon octicon-link"></span></a>Authors and Contributors</h3>
<p>You can <a href="https://github.com/blog/821" class="user-mention">@mention</a> a GitHub username to generate a link to their profile. The resulting <code><a></code> element will link to the contributor's GitHub Profile. For example: In 2007, Chris Wanstrath (<a href="https://github.com/defunkt" class="user-mention">@defunkt</a>), PJ Hyett (<a href="https://github.com/pjhyett" class="user-mention">@pjhyett</a>), and Tom Preston-Werner (<a href="https://github.com/mojombo" class="user-mention">@mojombo</a>) founded GitHub.</p>
<h3>
<a name="support-or-contact" class="anchor" href="#support-or-contact"><span class="octicon octicon-link"></span></a>Support or Contact</h3>
<p>Having trouble with Pages? Check out the documentation at <a href="http://help.github.com/pages">http://help.github.com/pages</a> or contact <a href="mailto:support@github.com">support@github.com</a> and we’ll help you sort it out.</p>
</section>
</div>
<!-- FOOTER -->
<div id="footer_wrap" class="outer">
<footer class="inner">
<p>Published with <a href="http://pages.github.com">GitHub Pages</a></p>
</footer>
</div>
</body>
</html>
* Connection #0 to host octocat.github.io left intact
Thanks that's very interesting. It looks like the UK's name servers are
applying their own rules to the IP resolution.
Looks like I need to move the docs somewhere else.
…On Mon, Jun 5, 2023, 10:25 AM slatermethuen ***@***.***> wrote:
For comparison here is a request to octocat:
$ curl.exe -v https://octocat.github.io
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 185.199.108.153:443...* Connected to octocat.github.io (185.199.108.153) port 443 (#0)* ALPN: offers h2* ALPN: offers http/1.1* CAfile: C:/Users/ajs/AppData/Local/Programs/Git/mingw64/ssl/certs/ca-bundle.crt* CApath: none
} [5 bytes data]* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3050 bytes data]* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384* ALPN: server accepted h2* Server certificate:* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io* start date: Feb 21 00:00:00 2023 GMT* expire date: Mar 20 23:59:59 2024 GMT* subjectAltName: host "octocat.github.io" matched cert's "*.github.io"* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1* SSL certificate verify ok.* Using HTTP2, server supports multiplexing* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0} [5 bytes data]* h2h3 [:method: GET]* h2h3 [:path: /]* h2h3 [:scheme: https]* h2h3 [:authority: octocat.github.io]* h2h3 [user-agent: curl/7.84.0]* h2h3 [accept: */*]* Using Stream ID: 1 (easy handle 0x1661375fa90)} [5 bytes data]> GET / HTTP/2> Host: octocat.github.io> user-agent: curl/7.84.0> accept: */*> { [5 bytes data]* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):{ [193 bytes data]< HTTP/2 200< server: GitHub.com< content-type: text/html; charset=utf-8< permissions-policy: interest-cohort=()< last-modified: Sun, 27 Apr 2014 10:07:39 GMT< access-control-allow-origin: *< etag: "535cd6eb-f8c"< expires: Mon, 05 Jun 2023 17:27:44 GMT< cache-control: max-age=600< x-proxy-cache: MISS< x-github-request-id: E07E:11118:30E739F:32850A7:647E18B7< accept-ranges: bytes< date: Mon, 05 Jun 2023 17:19:37 GMT< via: 1.1 varnish< age: 113< x-served-by: cache-lhr7386-LHR< x-cache: HIT< x-cache-hits: 1< x-timer: S1685985577.467641,VS0,VE1< vary: Accept-Encoding< x-fastly-request-id: c311fcbd34868047cfb1a266f376efaa082096b6< content-length: 3980< { [975 bytes data]100 3980 100 3980 0 0 51501 0 --:--:-- --:--:-- --:--:-- 52368<!DOCTYPE html><html> <head> <meta charset='utf-8' /> <meta http-equiv="X-UA-Compatible" content="chrome=1" /> <meta name="description" content="Octocat.github.io : " /> <link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css"> <title>Octocat.github.io</title> </head> <body> <!-- HEADER --> <div id="header_wrap" class="outer"> <header class="inner"> <a id="forkme_banner" href="https://github.com/octocat">View on GitHub</a> <h1 id="project_title">Welome to the Octocat homepage!</h1> <h2 id="project_tagline">Be sure to keep this page in mind to see all my latest updates.</h2> </header> </div> <!-- MAIN CONTENT --> <div id="main_content_wrap" class="outer"> <section id="main_content" class="inner"> <h3><a name="welcome-to-github-pages" class="anchor" href="#welcome-to-github-pages"><span class="octicon octicon-link"></span></a>Welcome to GitHub Pages.</h3> <p>This automatic page generator is the easiest way to create beautiful pages for all of your projects. Author your page content here using GitHub Flavored Markdown, select a template crafted by a designer, and publish. After your page is generated, you can check out the new branch:</p> <pre><code>$ cd your_repo_root/repo_name$ git fetch origin$ git checkout gh-pages</code></pre> <p>If you're using the GitHub for Mac, simply sync your repository and you'll see the new branch.</p> <h3><a name="designer-templates" class="anchor" href="#designer-templates"><span class="octicon octicon-link"></span></a>Designer Templates</h3> <p>We've crafted some handsome templates for you to use. Go ahead and continue to layouts to browse through them. You can easily go back to edit your page before publishing. After publishing your page, you can revisit the page generator and switch to another theme. Your Page content will be preserved if it remained markdown format.</p>
<h3><a name="rather-drive-stick" class="anchor" href="#rather-drive-stick"><span class="octicon octicon-link"></span></a>Rather Drive Stick?</h3>
<p>If you prefer to not use the automatic generator, push a branch named <code>gh-pages</code> to your repository to create a page manually. In addition to supporting regular HTML content, GitHub Pages support Jekyll, a simple, blog aware static site generator written by our own Tom Preston-Werner. Jekyll makes it easy to create site-wide headers and footers without having to copy them across every page. It also offers intelligent blog support and other advanced templating features.</p>
<h3><a name="authors-and-contributors" class="anchor" href="#authors-and-contributors"><span class="octicon octicon-link"></span></a>Authors and Contributors</h3>
<p>You can <a href="https://github.com/blog/821" ***@***.***</a> a GitHub username to generate a link to their profile. The resulting <code><a></code> element will link to the contributor's GitHub Profile. For example: In 2007, Chris Wanstrath (<a href="https://github.com/defunkt" ***@***.***</a>), PJ Hyett (<a href="https://github.com/pjhyett" ***@***.***</a>), and Tom Preston-Werner (<a href="https://github.com/mojombo" ***@***.***</a>) founded GitHub.</p> <h3><a name="support-or-contact" class="anchor" href="#support-or-contact"><span class="octicon octicon-link"></span></a>Support or Contact</h3> <p>Having trouble with Pages? Check out the documentation at <a href="http://help.github.com/pages">http://help.github.com/pages</a> or contact <a ***@***.******@***.***</a> and we’ll help you sort it out.</p> </section> </div> <!-- FOOTER --> <div id="footer_wrap" class="outer"> <footer class="inner"> <p>Published with <a href="http://pages.github.com">GitHub Pages</a></p> </footer> </div> </body></html> * Connection #0 to host octocat.github.io left intact
—
Reply to this email directly, view it on GitHub
<#680 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB7IKNKA6AWIUBF3CSKY7TXJYJBFANCNFSM6AAAAAAY2ZYLEI>
.
You are receiving this because you commented.Message ID:
***@***.***>
I’d be surprised if NCSC was blocking a documentation site unless it was actually hosting malware. Is it possible that the site has been hacked or that your GitHub account has been compromised?
There have been no security incidents on my account. The documentation is
published from compiled html files on the `gh-pages` branch, which can be
viewed publicly https://github.com/amoffat/sh/commits/gh-pages
My best guess is somebody reported the project maybe as a hacking tool. It
has never hosted malware or anything malicious.
…On Mon, Jun 5, 2023 at 12:59 PM slatermethuen ***@***.***> wrote:
I’d be surprised if NCSC was blocking a documentation site unless it was
actually hosting malware. Is it possible that the site has been hacked or
that your GitHub account has been compromised?
—
Reply to this email directly, view it on GitHub
<#680 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB7IKP3ZU6423V5T5XA7ADXJY3DHANCNFSM6AAAAAAY2ZYLEI>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Andrew M
Received an email from someone reporting that Avast is also blocking the sh documentation
It's strange that these reports are recent, since the docs haven't changed since Nov 2022 🤔
Docs are now hosted here https://sh.readthedocs.io/
@amoffat
thanks for your effort and I thinks you forgot update github settings.
I thinks it has to be chaged to https://sh.readthedocs.io/