💾 Archived View for jacksonchen666.com › posts › 2023-06-17 › 14-49-40 › index.gmi captured on 2023-11-04 at 11:36:53. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-07-10)
-=-=-=-=-=-=-
2023-06-17 14:49:40Z (last updated 2023-10-16 08:55:03Z)
I recently received an email about a security vulnerability that was in my systems.
tl;dr: I'm pretty sure they have very little ideas of what they're doing. They could even be a skid.
(Sorry, but I only have 1 email to talk about today (mostly because I just do not receive emails). So the title is a misnomer because it implies multiple emails.)
An email arrived with the words "vulnerability" in the subject. NOW WHAT?
Rephrased email as follows:
hi i found vulnerability you have directory listing enabled on files.jacksonchen666.com you should disable it
No:
The actual reason I wanted to self host my website is to make Matrix homeserver delegation work again (it requires some specific headers), and see webserver logs.
So, of course, I looked into my webserver logs and found... nothing that could correlate to their activity. It's almost like they never looked at my website or the service with the "vulnerability".
It also seems like they never went on my website to get my contact info or even my security contact info, yet they got it right somehow.
So I'd say the way they got here is pretty odd, because there are 0 traces directly from them. Maybe some external website with contact info, along with "security" "issues"? I have no idea, but I do certainly see some bots crawling my websites and stuff for the security.txt.
(If you suggest they used Tor: Doubt. I saw no activity that has to do with the sender testing my stuff. Using Tor still means a request has to be sent, so it'll still show up in my logs.)