What I did is use a wildcard subdomain and certificate. This way, only pierre-couy.fr and *.pierre-couy.fr ever show up in the transparency logs. Since I’m using pi-hole with carefully chosen upstream DNS servers, passive DNS replication services do not seem to pick up my subdomains (but even subdomains I share with some relatives who probably use their ISP’s default DNS do not show up)

This obviously only works if all your subdomains go to the same IP. I’ve achieved something similar to cloudflare tunnels using a combination of nginx and wireguard on a cheap VPS (I want to write a tutorial about this when I find some time). One side benefit of this setup is that I usually don’t need to fiddle with my DNS zone to set up a new subdomains : all I need to do is add a new nginx config file with a server section.

Some scanners will still try to brute-force subdomains. I simply block any IP that hits my VPS with a Host header containing a subdomain I did not configure

Thanks for the details ! Still curious to know how a new instance, with an old domain and fresh keys, would be handled by other instances.

There is even a “Ignore cache” box in the devtools network tab

Yeah, this probably has to do with the cache. You can try opening dev tools (F12 in most browsers), go to the network tab, and browse to pathfinder.social. You should see all requests going out, including “fake requests” to content that you already have locally cached

That’s really really weird, I cannot resolve the domain to an IP, even after trying a bunch of different DNS servers. If you’re on linux, can you run nslookup pathfinder.social and paste the output here ?

The fact that it has not been bought as soon as the domain expired makes me believe this instance went down before the trend started

These services usually use either or both of passive DNS replication (running public recursive DNS resolvers and logging lookup that returns a record) and certificate transparency logs (where certificate authorities publish the domain names for which they issue certificates). A lot of my subdomains are missing from these services

It does not seem to be the case. Was it the full domain for this instance ?

never stopped POSTing, even though I configured nginx to always respond 403 to anything from them for about a year now.

Lol, there are definitely some stubborn user agents out there. I’ve been serving 418 to a bunch of SEO crawlers - with fail2ban configured to drop all packets from their IPs/CIDR ranges after some attemps - for a few months now. They keep coming at the same rate as soon as they get unbanned. I guess they keep sending requests into the void for the whole ban duration.

Using 418 for undesirable requests instead of a more common status code (such as 403) lets me easily filter these blocks in fail2ban, which can help weed out a lot of noise in server logs.

Your sensitive data and logins are tied to email addresses, which are tied to domains. Lose your domain, someone can access everything.

I recently stumbled upon an article showing how bad this can be when the expired domains were used for important/serious stuff

I think they do get marked as dead after the Bodis subdomain does not act as a Lemmy instance. But I was wondering if a large number of instances “waking up from the dead” and acting maliciously could cause some trouble. Or would such “undead” instances pose no more threat to the fediverse than the same number of newly created malicious instances ? I’m mainly thinking about stuff like being in a privileged position to DoS most instances at once, or impersonation of accounts that used to actually exist on these “undead” instances

I don’t know if you’re referring to me, but I’ve previously discussed this idea several times in similar posts’ comments.

I think we could implement it as a separate server software that generically allows aggregation of ActivityPub feeds under separate ActivityPub feeds.

I found the durability system annoying in BotW because I constantly had to consider the “economics” of engaging in a fight (weapons that will break during the fight VS. weapons that I will loot at the end of the fight)

On the other end, the new weapons system is a lot more enjoyable thanks to fusing monster parts to the weapons : killing monsters with larger health bars consistently gives you better monster parts to fuse with your weapons. I also enjoy the “base weapons” all having a special effect, it leads to nice combos. For instance, I love fusing good parts to Zora weapons and throwing a water fruit at my feet during a fight to double its damage.

Somebody shared a blog post of mine on hackernews a few months ago, which got to the front-page. I participated in the comment section and as far as I can remember I had a lot of really interesting technical feedback. I did not notice any of the issue you’re mentioning, but there was nothing to censor or anything political about my post, and apart from this post, I do not frequently browse hackernews

I would have loved to get my hands on one of your cheap pre-built PCs, while helping you help others at the same time.

Anyway, what you’re doing is awesome! Thanks for the positive energy :)

I guess you’re operating from the US?

I guess you’re only selling them in the US?