Comment on Confused about bot scanning my domain
lemann@lemmy.dbzer0.com 7 months agoIf anyone is interested in mitigation, the only way around this AFAIK is to start with a brand new domain, only use wildcard certs (with DNS validation), and don’t bundle multiple renewals into a single cert.
Also, don’t enter your domain or related IP address into dns reverse engineering tools (like dnsdumpster), and check certificate transparency logs (crt.sh) to see what information related to your cert renewals has been published.
This won’t stop automated bots from scanning your ip for domains, but should significantly reduce the amount of bots that discover them
NateNate60@lemmy.world 7 months ago
I think it is generally okay to bundle the root domain certificate and the wildcard for its subdomains into a single renewal.
So for example:
lemann@lemmy.dbzer0.com 7 months ago
Yepp sorry - what I meant was bundling multiple different root domains, e.g.
example.com&example1234567.orgin the same cert.I currently do as you mentioned above, renewing with just one root and its accompanying subdomain wildcard.