Comment on How are people discovering random subdomains on my server?
Shimitar@downonthestreet.eu 5 weeks agoThis.
That’s why temping obscurity for security is not a good idea. Doesn’t take much to be “safe”, at least reasonably safe. But that not much its good practice to be done :)
sommerset@thelemmy.club 5 weeks ago
No. Not this.
Op is doing hidden subdomain pattern. Wildcard dns and wildcard ssl.
This way subdomain acts as a password and application essentially inaccessible for bot crawls.
Works very well
atzanteol@sh.itjust.works 5 weeks ago
Apparently it doesn’t.
sommerset@thelemmy.club 5 weeks ago
minimal setup is still required 🤷
fodor@lemmy.zip 5 weeks ago
Hmm. I feel like conflating a subdomain with a password is a particularly sketchy idea, but you do you.