This.
That’s why temping obscurity for security is not a good idea. Doesn’t take much to be “safe”, at least reasonably safe. But that not much its good practice to be done :)
Comment on How are people discovering random subdomains on my server?
androidul@lemmy.world 3 weeks ago
if you use Let’s Encrypt (ACME protocol) AFAIK you can find all domains registered in a directory that even has a search, no matter if it’s wildcard or not.
It was something like this crt.sh but can’t find the site exactly anymore
Shimitar@downonthestreet.eu 3 weeks ago
sommerset@thelemmy.club 2 weeks ago
No. Not this.
Op is doing hidden subdomain pattern. Wildcard dns and wildcard ssl.
This way subdomain acts as a password and application essentially inaccessible for bot crawls.
Works very well
atzanteol@sh.itjust.works 2 weeks ago
Apparently it doesn’t.
sommerset@thelemmy.club 2 weeks ago
minimal setup is still required 🤷
fodor@lemmy.zip 2 weeks ago
Hmm. I feel like conflating a subdomain with a password is a particularly sketchy idea, but you do you.
i_stole_ur_taco@lemmy.ca 3 weeks ago
Holy shit, this has every cert I’ve ever generated or renewed since 2015.
vf2000@lemmy.zip 3 weeks ago
Certificate Transparency makes public all issued certificates in the form of a distributed ledger, giving website owners and auditors the ability to detect and expose inappropriately issued certificates.en.wikipedia.org/wiki/Certificate_Transparency