Tekniquelly correctNov 22

Another new Let's Encrypt-secured website, another case of getting 82 hacking attempts in the first 30 seconds after it came online for the first time ever.

Do. Not. Kid. Yourself. "Oh, I'll delete the config files once I get it working." "Eh, I'm just some nobody. Who's going to care?" Yeah, I'll tell you who: people who watch for new sites come online and then immediately slam them with hacking probes.

"I'll get to it soon" means you better do it within 3 seconds.

https://honeypot.net/2024/05/16/i-am-not.html

Honeypot.net

I am not exaggerating this: I created a new hostname in DNS, …

Show threadPeter Bindels
@tek What about an ipv4 server without dns name, or ipv6 with letsencrypt? IE, is it CT or just ipv4 sweeps?
Nov 23 at 9:47amWeb
Show threadChris (Master of Potate) 🥔Dec 2
@dascandy @tek especially when you have a certificate from any authority you will get scanned. CAs have to provide a public log of every certificate they sign. This log is constantly scanned by malicious actors.