top | item 43289253

(no title)

melevittfl | 11 months ago

The OP is misunderstanding what's happened, based on what's been posted. The OP has a server with an IP address. They're seeing GET requests in the server's logs and is assuming people have found the server's DNS name.

In fact, the scanners are simply searching the IP address space and simply sending GET requests to any IP address they find. No DNS discovery needed.

discuss

alfiedotwtf|11 months ago

Are you sure that’s the case? IP addresses != domain, so I’m getting bots are including the Host header in their requests containing the obfuscated domain.

My guess is OP is using a public DNS server that sells aggregated user requests. All it takes is one request from their machine to a public machine on the internet, and it’s now public knowledge.

lxgr|11 months ago

That entirely depends on whether the GET requests were providing the (supposed to be hidden) hostname in the `Host` header (and potentially SNI TLS extension).