Ask HN: Things to consider (Security, SEO) when issuing subdomains to SaaS users
Now I just noticed sites like http://34-229-63-26-gh-263088647-branch-master.my.pullpreview.com/ pop up, which appear to be content farms running under my domain. What’s more, the user registered that website in the google search console (which is how I got notified of its existence).
Since I’m only using pullpreview.com as a marketing website, I didn’t think too much about the consequences of issuing subdomains of it to give to users, because I wasn’t too concerned about security. But I didn’t think about SEO and how malicious websites could potentially harm the reputation of the main website.
So for people knowledgeable:
1. Can bad content on subdomains harm the main domain’s reputation? 2. Is it always best to use a secondary domain whenever we allow arbitrary content to be posted by users? (think GitHub Pages switching from GitHub.com to GitHub.io, or herokuapps.com etc.) 3. Are there cases when it’s ok?
2 comments
[ 1.8 ms ] story [ 17.2 ms ] thread1. Yes - Google can safe-site ban the domain for hosting malicious content and it's difficult to get it unlisted once it happens.
2. Yes - it's always better to use a secondary domain, it just protects your brand.
3. There are cases where it's OK - e.g. when the majority of the site's content is private or substantially populated by an application (and therefore secured), or where you have a business or contractual relationship with the person hosting the content (and therefore can revoke their account on abuse).