BonkTheAnnoyedJan 11

How are people discovering random subdomains on my server?

https://lemmy.blahaj.zone/post/36861104

Blåhaj Lemmy - Choose Your Interface

Show thread4amJan 11

At the end of the day this is obscurity, not security; however obscurity is a good secondary defense because it buys time.

I too would be interested to learn how this leaked

Show threadchillpanzee
it’s not even obscurity; it’s logged publicly.
Jan 11 at 5:34amWeb
Show threadKeelhaulJan 11
How is it being logged publicly? Like OP said there is no specific subdomain registered in the DNS records (instead using a wildcard). Same for the SSL cert. Only things I can think of is the browser leaking the subdomains (through google or Microsoft) or the DNS queries themselves being logged and leaked. (Possibly by the ISP inspecting the traffic or logging and leaking on their own DNS servers?). I would hardly call either of those public.
Show threadFair FairyJan 11

It’s not. Wildcard DNS and wildcard cert. Domain is not logged publicly.

People that keep saying logged publicly simply don’t understand setup and technilogy