Comment on How are people discovering random subdomains on my server?
Shimitar@downonthestreet.eu 21 hours agoThis.
That’s why temping obscurity for security is not a good idea. Doesn’t take much to be “safe”, at least reasonably safe. But that not much its good practice to be done :)
sommerset@thelemmy.club 14 hours ago
No. Not this.
Op is doing hidden subdomain pattern. Wildcard dns and wildcard ssl.
This way subdomain acts as a password and application essentially inaccessible for bot crawls.
Works very well
fodor@lemmy.zip 1 hour ago
Hmm. I feel like conflating a subdomain with a password is a particularly sketchy idea, but you do you.
atzanteol@sh.itjust.works 13 hours ago
Apparently it doesn’t.
sommerset@thelemmy.club 13 hours ago
minimal setup is still required 🤷