BonkTheAnnoyed

@BonkTheAnnoyed@lemmy.blahaj.zone

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨BYD Reveals the ‘World’s Longest-Range EV’ as American Auto Industry Struggles to Keep Pace⁩ ⁨⁨7⁩ ⁨hours⁩ ago⁩:
I mean… literally every modern American car with a touch screen and an internet connection. Burning gass or spinning electrons, that part is the same regardless.
⁨Comment⁩ on ⁨The same people who rage against authority love moderating communities where their ideology is the only one allowed⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯
⁨Comment⁩ on ⁨The same people who rage against authority love moderating communities where their ideology is the only one allowed⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Okay, that’s just funny. Hi friend
⁨Comment⁩ on ⁨The same people who rage against authority love moderating communities where their ideology is the only one allowed⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Just to let you know before I block you, I didn’t read your “reasonable disagreement” of a wall of text
⁨Comment⁩ on ⁨The same people who rage against authority love moderating communities where their ideology is the only one allowed⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Okay, I’ll bite. I need to add to my block list anyway.

Y’all have heard of the Nazi Bar problem, right? Paradox of intolerance? Which turns out not to be a paradox after all? You should def look that one up rather than waiting for me to type it all out.
⁨Comment⁩ on ⁨Dbzero has Defederated from Feddit.org following its Governance post about the later's Zionist Bar Problem⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
The funniest part is how many people have self identified as block-me in the replies to this post.
⁨Comment⁩ on ⁨Android will become a locked-down platform in 194 day⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Fucking love postmarketOS. First OS to improve on Maemo on an N900
⁨Comment⁩ on ⁨Dbzero has Defederated from Feddit.org following its Governance post about the later's Zionist Bar Problem⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Such an excellent thread for filling out my block list
⁨Comment⁩ on ⁨VS Code for Linux may be secretly hoarding trashed files⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
JED checking in from out wherever Voyager is at the moment (sorry about the lag)
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Well, the good news is that I at least think I’m doing all the right things.

I’ll spin up a new VM tomorrow and start from scratch.
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
It’s literally just a VM hosting Apache and nothing else.
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I mean, it could be… I’ll try it with a 128 char base 52 name and see what happens
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Yes, exactly. Super weird, shouldn’t happen. I wonder if I have a compromised box somewhere…
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
The random name is not in the public log. Someone else suggested that earlier. I checked CRT.sh and while my primary domain is there, the random one isn’t.
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Previous experiments, yes, I sent a request. The random one, no.
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Will do!
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Shows up by name in the apache other_hosts…log, so yes
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Nope, but that’s a good suggestion. I set this one up brand new for the experiment.
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Mostly from AWS or the like, with occasional Chinese and Russian origins.

The scans look like requests to various WordPress endpoints, JavaScript files associated with known vulnerabilities etc
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Yeah, this is interesting, I’ll dig more into this direction.

But the randomly generated subdomain has never seen a DNS registrar.

I do have *.mydomain.com registered though…hmmm
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Nope
⁨Comment⁩ on ⁨How are people discovering random subdomains on my server?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I don’t have any subdomains registered with DNS.

I attempted dig axfr example.com @ns1.example.com returned zone transfer DENIED
How are people discovering random subdomains on my server?
Submitted ⁨⁨1⁩ ⁨month⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨78⁩ ⁨comments⁩
⁨Comment⁩ on ⁨200 million records exposed in massive Pornhub data breach — here’s what we know so far⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Release the pornhub files!
⁨Comment⁩ on ⁨F*** You! Co-Creator of Go Language is Rightly Furious Over This Appreciation Email⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
R Pike is legend. His videos on concurrent programming remain reference level excellence years after publication. Just a great teacher as well as brilliant theoretical programmer.
⁨Comment⁩ on ⁨Self hosting with subdomains⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Interesting! I’m going to look into this. Not sure my provider has this in their UI
⁨Comment⁩ on ⁨Self hosting with subdomains⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Actually, wait. Something you a said might actually be just what I’m looking for: you mean that I can have DNS entry for mydomain.com and no additional AAA records, and have a cert for nextcloud.mydomain.com (or wildcard maybe?) and somehow still be able to use name based virtual servers?

Hmmm. I thought I was going to be limited to path-based.

Explain more?
⁨Comment⁩ on ⁨Self hosting with subdomains⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Okay. Yup, that’s probably true. I’m not that deep into network stuff. But, if you’re just doing the basic, ‘ha.mydomain.com => 121.41.38.9’ that works out of the box with host based b-hosts, then yeah, you’ll get traffic on that within 24 hours.

I reckon if a person understands what you’re talking about though, they’re already doing better than most.
⁨Comment⁩ on ⁨Self hosting with subdomains⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
It trivial to get a list of all registered domains and subdomains and the IP addresses they map to. There are any number of paid services to make it easy (e.g. subdomainfinder.c99.nl) but I’m pretty sure there’s also a way to do it yourself.
⁨Comment⁩ on ⁨Self hosting with subdomains⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Very cool, great work!

Worth noting about this approach is that the globel list of subdomains is publicly searchable. So, you’ll see vulnerability and AI scans on those endpoints.

If that’s a concern for you, using path-based routing (e.g. Apache VirtualHost) allows you to use difficult to guess paths to your cloud.