Now I just noticed sites like http://34-229-63-26-gh-263088647-branch-master.my.pullpreview.com/ pop up, which appear to be content farms running under my domain. What’s more, the user registered that website in the google search console (which is how I got notified of its existence).
Since I’m only using pullpreview.com as a marketing website, I didn’t think too much about the consequences of issuing subdomains of it to give to users, because I wasn’t too concerned about security. But I didn’t think about SEO and how malicious websites could potentially harm the reputation of the main website.
So for people knowledgeable:
1. Can bad content on subdomains harm the main domain’s reputation? 2. Is it always best to use a secondary domain whenever we allow arbitrary content to be posted by users? (think GitHub Pages switching from GitHub.com to GitHub.io, or herokuapps.com etc.) 3. Are there cases when it’s ok?
1. Yes - Google can safe-site ban the domain for hosting malicious content and it's difficult to get it unlisted once it happens.
2. Yes - it's always better to use a secondary domain, it just protects your brand.
3. There are cases where it's OK - e.g. when the majority of the site's content is private or substantially populated by an application (and therefore secured), or where you have a business or contractual relationship with the person hosting the content (and therefore can revoke their account on abuse).