fiona2d ago
now the "bug bounty hunters" even spam you for having the ssh port open to the internet, begging for a bug bounty.
adding a security.txt was a mistake. we really can't have nice things on the internet anymore, huh?
Show threadRuss Garrett
@fionafokus Definitely not a new thing - I once made the mistake of launching a bug bounty program on HackerOne without firewalling our SSH first, and ended up absolutely buried in these reports.
Apr 4 at 7:20pmWeb
Show threadRuss Garrett2d ago
@fionafokus meanwhile the BSI is currently emailing me once a month about EMF's (correctly secured) PostGIS server on Hetzner