Bot scan (not from letsencrypt) immediately after cert issue

thanks, I didn't know wildcard were accepted by letsencrypt with dns challenge; I'll use them next time: that's the good idea.
The other ideas are just marketing monkeys things: google chrome to care about privacy, nope. And VPN nope too: I don't know for others countries, but in europe, most VPN "brands" (purevpn, nordvpn, etc..) are just connections to m247 (AS9009) network, who have dubious practices, and probably links to ru govt.

1 Like

just because, I have some private data behind these addresses (nextcloud, dolibarr); just for my personnal use. When setting up theses services I have only to cut and paste my urls to my laptop and my phone: no need to type nor remembers them. You can think of it about privacy and public separation: I take care of separation for a few decades (Yes I'm old ;-): I'll won't stop now.
Further more, searching a unique random 50chars string on google/qwant is fast to know if shodan or any bots have found and made theses hostnames publicly visible, and changes them on the fly (I own my own dns servers too). 99% Bots are useless and only stealing my bandwith: a good bot is a dead bot :wink:

1 Like

Ah, the good'old "security by obscurity" method. Not a fan.


I am a big fan. I works very well when using it as a secondary factor combined with other primary security factors. Your password is security by obscurity, RSA is security by obscurity, so its everywhere.

1 Like


I think perhaps you have a very different idea from @Osiris (and myself) of what "security by obscurity" is.

An unpublished (or proprietary) encryption algorithm is security by obscurity.

A secret equation (or the application of some esoteric concept) is security by obscurity.

Giving every thing and function in the human body a Latin term is (job) security by obscurity.

Understanding the RSA algorithm doesn't increase your ability to determine my private key. Thus, RSA is NOT security by obscurity.

There is no obscurity in not responding with sensitive content via HTTP on any port, which by definition is a form of security WITHOUT obscurity.

Steganography is not cryptography.