How to block rawgit.com to access my website ?

Question

How to block rawgit.com to access my website ?

crossing1 opened this issue 6 years ago · comments

Hello,

I think some hacker injected some script that is using rawgit.com. Recently my website is connected for some reason with rawgit.com, I noticed my website is slower lately and then I sow the bottom browser message "Transferring data from rawgit.com" or "Read rawgit.com" right when my website is slower/ frozen. I have never used rawgit.com so I'm pretty sure something is wrong. I would like to totally block my website from getting data from rawgit.com, cdn.rawgit.com, can you tell me the full hataccess content to achieve that ? Thank you.

Pavel · Answer 1 · Thu Jul 19 2018 18:27:50 GMT+0800 (China Standard Time)

That can also be some browser plugin which uses rawgit internally

crossing1 · Answer 2 · Thu Jul 19 2018 18:41:17 GMT+0800 (China Standard Time)

I have tried on 3 browsers with the same result.

Pavel · Answer 3 · Thu Jul 19 2018 19:34:39 GMT+0800 (China Standard Time)

Well, any 3rd party script (gallery plugin, whatever) can load something from rawgit.

crossing1 · Answer 4 · Thu Jul 19 2018 19:37:18 GMT+0800 (China Standard Time)

So you're saying that the chances are very slim that someone is actually attacking my website.

Pavel · Answer 5 · Thu Jul 19 2018 19:45:37 GMT+0800 (China Standard Time)

I am saying that it is better to check 3rd party stuff on your website first. In devtools you can see which script initiated the request to rawgit.

Ryan Grove · Answer 6 · Fri Jul 20 2018 01:35:49 GMT+0800 (China Standard Time)

@crossing1 If you let me know the URL of your website, I can find and ban the offending script.

Meghan Denny · Answer 7 · Fri Aug 03 2018 06:55:09 GMT+0800 (China Standard Time)

@crossing1 also look into Subresource Integrity and Content Security Policy and make sure to let rgrove which script is causing your issue, as it may be causing others trouble as well.