I generated 16 character (upper/lower) subdomain and set up a virtual host for it in Apache, and within an hour was seeing vulnerability scans.

How are folks digging this up? What’s the strategy to avoid this?

I am serving it all with a single wildcard SSL cert, if that’s relevant.

Thanks

Edit:

  • I am using a single wildcard cert, with no subdomains attached/embedded/however those work
  • I don’t have any subdomains registered with DNS.
  • I attempted dig axfr example.com @ns1.example.com returned zone transfer DENIED

Edit 2: I’m left wondering, is there an apache endpoint that returns all configured virtual hosts?

Edit 3: I’m going to go through this hardening guide and try against with a new random subdomain https://www.tecmint.com/apache-security-tips/

  • Shimitar@downonthestreet.euEnglish
    20·
    1 day ago

    This.

    That’s why temping obscurity for security is not a good idea. Doesn’t take much to be “safe”, at least reasonably safe. But that not much its good practice to be done :)

    • Fair Fairy@thelemmy.clubEnglish
      65·
      21 hours ago

      No. Not this.

      Op is doing hidden subdomain pattern. Wildcard dns and wildcard ssl.

      This way subdomain acts as a password and application essentially inaccessible for bot crawls.

      Works very well