Nice, but the bots may not understand the joke.
And not only that but they will tag the domain with ”there is something here”, and maybe some day someone will take a closer look and see if you are all up-to-date or would there maybe be a way in. So better to just drop everything and maybe also ban the IP if they happen to try poke some commonly scanned things (like /wp-admin, /git, port 22 etc.) GoAccess is a pretty nice tool to show you what they are after.
Not at hand no, but I’m sure any of the LLMs can guide you through the setup if googling does not give anything good.
Nothing very special about all this, well maybe the subdir does require some extra spells to reverse proxy config.
Use a reverse proxy (caddy or nginx proxy manager) with a subdomain, like myservice.mydomain.com (maybe even configure a subdir too, so …domain.com/guessthis/). Don’t put anything on the main domain / root dir / the IP address.
If you’re still unsure setup Knockd to whitelist only IP addresses that touch certain one or two random ports first.
So security through obscurity :) But good luck for the bots to figure all that out.
VPN is of course the actually secure option, I’d vote for Tailscale.
Don’t know why exactly are you downvoted but this is exactly what is going on as cars get more ”connected”, following Tesla & BYD lead. Just like with phones at the moment, everything tries to spy on you a little to tap into that sweeet targeted ad revenue, or something else.
For example I bet the insurance companies love to have some driver behaviour data about you, and the big retail likes to know where/what time you are on the move (though they already get it from the dozens of apps on your phone that have access to location data, like Google Maps).
UTM is the way to go on modern Macs, and even iOS/iPadOS too! Free, built on QEMU and super easy to spin up virtual machines with any architecture.
Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.
I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:
Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.
You recon the copyright mafia cares much about what’s illegal or not? Google has played ball with them for years and slowly sided with them more and more. It’s all about the ad money and google wanting to keep the big players happy. All things related to ”owning content” in this era of just renting is going to get flagged. Ripping, selfhosting, torrenting, data hoarding…whatever undermines the content monopoly.
”Pretty fast” after they tuned those automations to the current setting. And they will keep turning it that way unfortunately.
Saw the video… It mentions ”ripping” and even shows clips of some blockbuster movies. No wonder any copyright-sensitive automation gets triggered pretty fast. This will only get worse.
Dont know much about anything but it would not surprise me if it was some Bosch engineers who originaally hinted all those engineers of what could be done with their systems if they just listen some states of other car systems. Afterall, it’s their injection systems etc. almost every diesel manuf used/uses.
This thing happened 2009-> and they got caught around 2015. Justice system is slow.
Forgot WhatsApp there, de facto messaging app in my part of globe, be it young or old…