this post was submitted on 29 Jan 2024
100 points (97.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54716 readers
187 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I'm not sure how secure it is, and I keep getting random requests from all over the world. It's my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.

My SSL/TLS encryption mode appears to be "Full".

you are viewing a single comment's thread
view the rest of the comments
[–] ares35@kbin.social 13 points 10 months ago* (last edited 10 months ago) (3 children)

bots will start hitting a brand new subdomain on my web server literally seconds after creating it. looking for exploitable scripts like wordpress, usually.

[–] domi@lemmy.secnd.me 5 points 10 months ago (2 children)

You can avoid these scans by only using wildcards on your DNS entries and SSL certificates.

Both of these are commonly used by bots to find new domains.

[–] lazynooblet@lazysoci.al 3 points 10 months ago (1 children)

Wildcard SSL subjects make sense as the certificate is public. But how does wildcard DNS help? They aren't public other than the requests coming from the client which don't use wildcard anyway.

[–] domi@lemmy.secnd.me 1 points 10 months ago

I would not depend on DNS records being private. On the off chance that one of the nameservers messes up, I would prefer if no subdomains are leaked.

But you're correct, most of the time those leaks happen somewhere else.