BonkTheAnnoyed
@BonkTheAnnoyed@lemmy.blahaj.zone
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Well, the good news is that I at least think I’m doing all the right things.
I’ll spin up a new VM tomorrow and start from scratch.
- Comment on How are people discovering random subdomains on my server? 1 week ago:
It’s literally just a VM hosting Apache and nothing else.
- Comment on How are people discovering random subdomains on my server? 1 week ago:
I mean, it could be… I’ll try it with a 128 char base 52 name and see what happens
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Yes, exactly. Super weird, shouldn’t happen. I wonder if I have a compromised box somewhere…
- Comment on How are people discovering random subdomains on my server? 1 week ago:
The random name is not in the public log. Someone else suggested that earlier. I checked CRT.sh and while my primary domain is there, the random one isn’t.
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Previous experiments, yes, I sent a request. The random one, no.
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Will do!
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Shows up by name in the apache other_hosts…log, so yes
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Nope, but that’s a good suggestion. I set this one up brand new for the experiment.
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Mostly from AWS or the like, with occasional Chinese and Russian origins.
The scans look like requests to various WordPress endpoints, JavaScript files associated with known vulnerabilities etc
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Yeah, this is interesting, I’ll dig more into this direction.
But the randomly generated subdomain has never seen a DNS registrar.
I do have *.mydomain.com registered though…hmmm
- Comment on How are people discovering random subdomains on my server? 1 week ago:
Nope
- Comment on How are people discovering random subdomains on my server? 1 week ago:
I don’t have any subdomains registered with DNS.
I attempted
dig axfr example.com @ns1.example.comreturned zone transfer DENIED - Submitted 1 week ago to selfhosted@lemmy.world | 78 comments
- Comment on 200 million records exposed in massive Pornhub data breach — here’s what we know so far 2 weeks ago:
Release the pornhub files!
- Comment on F*** You! Co-Creator of Go Language is Rightly Furious Over This Appreciation Email 2 weeks ago:
R Pike is legend. His videos on concurrent programming remain reference level excellence years after publication. Just a great teacher as well as brilliant theoretical programmer.
- Comment on Self hosting with subdomains 2 weeks ago:
Interesting! I’m going to look into this. Not sure my provider has this in their UI
- Comment on Self hosting with subdomains 2 weeks ago:
Actually, wait. Something you a said might actually be just what I’m looking for: you mean that I can have DNS entry for mydomain.com and no additional AAA records, and have a cert for nextcloud.mydomain.com (or wildcard maybe?) and somehow still be able to use name based virtual servers?
Hmmm. I thought I was going to be limited to path-based.
Explain more?
- Comment on Self hosting with subdomains 2 weeks ago:
Okay. Yup, that’s probably true. I’m not that deep into network stuff. But, if you’re just doing the basic, ‘ha.mydomain.com => 121.41.38.9’ that works out of the box with host based b-hosts, then yeah, you’ll get traffic on that within 24 hours.
I reckon if a person understands what you’re talking about though, they’re already doing better than most.
- Comment on Self hosting with subdomains 2 weeks ago:
It trivial to get a list of all registered domains and subdomains and the IP addresses they map to. There are any number of paid services to make it easy (e.g. subdomainfinder.c99.nl) but I’m pretty sure there’s also a way to do it yourself.
- Comment on Self hosting with subdomains 2 weeks ago:
Very cool, great work!
Worth noting about this approach is that the globel list of subdomains is publicly searchable. So, you’ll see vulnerability and AI scans on those endpoints.
If that’s a concern for you, using path-based routing (e.g. Apache VirtualHost) allows you to use difficult to guess paths to your cloud.
- Comment on Anybody out there self hosting Searxing? 3 weeks ago:
Oh wouldn’t that be sweet, a federated web crawler
- Comment on Humans May Be Able to Grow New Teeth Within Just 4 Years 3 weeks ago:
Grow them… where?
- Submitted 3 weeks ago to selfhosted@lemmy.world | 47 comments
- Comment on Quick post about AI-free FireFox Based Browsers (Keep your Adds and avoid the Bloat) 3 weeks ago:
Right now the hold up for me is session sharing and password syncing better mobile and Linux.
Passwords I have a clear path forward, with either offline mgr + manual sync, or self-hosted online. But I it’s weirdly hard to walk away from session sharing.
- Comment on Happy Public Domain Day everyone 4 weeks ago:
Ewww…
- Comment on Recommended email providers? 5 weeks ago:
Runbox (Norway) is a good option, good privacy protection and outside of EU chat control zone
- Comment on Wireshark LAN access fails when router VPN client is active 1 month ago:
Thank you, this is really helpful, a good place to start.
- Comment on Wireshark LAN access fails when router VPN client is active 1 month ago:
Yep. Edited. Definitely autocorrect’s fault, noty morning brain fog.
- Comment on Wireshark LAN access fails when router VPN client is active 1 month ago:
No, actually you’re right. I meant wire guard.