Finding Repl from link

This only doesn’t work when the Repl is private for the time I’ve used it (lol)

No, because using memblu.live/__repl as an example, it’s still able to be accessed even on a custom domain. Which kinda sucks for businesses and stuff, but it’s not like people will know you can go to /__repl if the URL doesn’t say repl anywhere (unlike the free domains).

You can tell if a website uses Replit if it sends the Replit-Cluster header. (If it’s “global”, the user is on the free plan. If it’s “hacker”, then they’re on either hacker or pro)

that’s part of the “if /__repl somehow doesn’t work” step

1 Like

You can check if a custom domain is using Replit (using the native custom domain linking) by checking the TXT records for replit-verify (assuming they didn’t delete it after linking). If they don’t use Cloudflare as a proxy, then they might have the replId.id.repl.co CNAME or IPs.

3 Likes

That’s actually way faster than making an HTTP request. Here’s the output of dig memblu.live TXT:

...

;; ANSWER SECTION:
memblu.live.		300	IN	TXT	"replit-verify=a8e4fffe-33fb-4a0e-abdf-b391cd6f3c0d"
memblu.live.		300	IN	TXT	"v=spf1 include:_spf.mx.cloudflare.net ~all"

;; Query time: 36 msec
...
2 Likes

Founder of the company behind Memblu here, I actually didn’t even know I could delete it without unlinking the domain! I’ll be doing that soon.

That header is overwritable by Cloudflare (I think)

True. (You can also likely block requests to /__repl)

As long as you have cloudflare proxying enabled then the A/CNAME record won’t even point to replit

This is especially easy when you use Cloudflare’s built-in reverse proxy. You just need to configure the rule in the domain settings and it should work like magic.

1 Like