Another update - Supabase domains have been accepted into the Public Suffix List. Over the next few days, we will be offering an alternate domain for affected users. Everyone affected please reach out to beta@supabase.io referencing this issue and I will set you up the alternate domain right away.

Hi all, the investigation is still ongoing but we have some updates. This was caused by user who signed up to host malicious content on Supabase storage. We took down the content within an hour and blocked the account - it looks like they were a very new GitHub account created specifically for this

We worked closely with our contact at Google to clear the subdomain: https://transparencyreport.google.com/safe-browsing/search?url=supabase.co

We are taking steps to mitigate this:

• We are adding supabase.co to the Public Suffix List which would indicate any site under supabase.co are to be treated as separate websites
• We are limiting Storage Hosting to a small subset of content types (we will even block HTML hosting until we are certain we can manage malicious actors at scale)
• We will implement support for custom domains so that you are not impacted by other users on the platform
• We’ve setup an abuse@supabase.io email to receive notifications when we receive abuse reports from upstream providers
• We will block suspicious Github accounts from creating new projects until they have been reviewed by a team member

Hi @MattWIP, another idea is to use a VPN. Not sure if the router is blocking at the DNS level, if it is changing your DNS resolver to a different resolver like 1.1.1.1 or 8.8.8.8 might work

Hey @inian Thanks for the response! Yeah I understand this is a possibility, but I can’t reasonably as my user(s) to access our site via VPN or changing DNS settings in order to access their content. I need a more blanket & reasonable resolution for our non-tech-savvy users. Do you think initializing a fresh project on Supabase might help?

@inian I came here for the same issue and luckily saw the comment @Danieltech99 about shutting off my advanced security on my xfinity router.

But it doesn’t really feel like a long term solution and I’d be happy to open a support ticket with my ISP. If you wouldn’t mind sharing a template for reaching out to our ISPs — I think that would be helpful for anyone else in the future who lands on this thread.

@conor-gaughan You want to look up / Google your router or internet provider router + “whitelist”. Some internet providers, like Xfinity, don’t allow you to whitelist or don’t have functionality to add a domain to a whitelist, so for these providers you will want to turn off “Advanced Security” (for example with Xfinity this is called “xFi Advanced Security”)/

Awesome, things are working for me now. I’ll close this for now, and if others experience this then I think follow w3b6x9’s original message about opening a support ticket.