We already clarified hexbear is blocking it. Keep up. And this is an internal url. Good luck connecting to it. But ye, thanks for attacking my hosting capabilities. Very cool y’all are.
And I accessed it directly and was kindly trying to tell you you have a hosting issue.
And this is an internal url
It’s exactly my point you nincompoop: you publicly advertise that you have a “pictrs” local hostname and that your pictrs instance runs on it on port 8080. Do you think this is useless to an attacker ? do you even care about opsec ?
Look mate, I am hosting what the lemmy devs provided. I don’t think this is particularly useful to an attacker since this is an internal url not accessible outside of the internal network and all this is plainly open in the ansible code that deploys everything. Every lemmy is setup the same way. But do feel free to raise the security concern about it since practicallyt every lemmy server has a “pictrs” DNS.
I realize you’re probably pretty angry right now since you were getting piled on a bit and I should’ve taken that into account, sorry for calling you a nincompoop.
But to be clear: every single information about your server matters. Security flaws that might not look exploitable can suddenly thrive due to internal information leaked by badly obfuscated hosting. It is a small issue, admittedly.
And no, not every lemmy is set up the same way. If you’re serious about hosting an online forum that can potentially host activist-adjacent content (might not be the case ? but you do host a lot of piracy content at least), you need to think about opsec more. Starting with not just running ansible as-is to “deploy everything”.
“we won’t let you shoot anyone.”
-Liberals standing proudly in front of nazis while captain america music plays
lol tankies in real life protect the status quo from popular movements every chance they get. Fuck outta here.
I don’t see Canadian parliament clapping for no tankies
Yes, the canadian parliament, that famous hive of anarchist ideologues…
You said status quo.
Yep I did
how are you so confidently stupid
I have been watching a lot of tankies and libertarians is why
you are also just incoherent, on top of stupid
You’re not an anarchist, you’re a liberal who wants to wear torn up clothes and dye their hair
Hmmm, yes, we clearly can see here who has their back to the cops.
we can’t, the image is removed you fucking idiot
The image is fine. You just have a shit connection.
Or you have shit hosting
It’s already back up, FYI. But stop leaking internal details of your reverse proxy in error messages.
We already clarified hexbear is blocking it. Keep up. And this is an internal url. Good luck connecting to it. But ye, thanks for attacking my hosting capabilities. Very cool y’all are.
And I accessed it directly and was kindly trying to tell you you have a hosting issue.
It’s exactly my point you nincompoop: you publicly advertise that you have a “pictrs” local hostname and that your pictrs instance runs on it on port 8080. Do you think this is useless to an attacker ? do you even care about opsec ?
Look mate, I am hosting what the lemmy devs provided. I don’t think this is particularly useful to an attacker since this is an internal url not accessible outside of the internal network and all this is plainly open in the ansible code that deploys everything. Every lemmy is setup the same way. But do feel free to raise the security concern about it since practicallyt every lemmy server has a “pictrs” DNS.
I realize you’re probably pretty angry right now since you were getting piled on a bit and I should’ve taken that into account, sorry for calling you a nincompoop.
But to be clear: every single information about your server matters. Security flaws that might not look exploitable can suddenly thrive due to internal information leaked by badly obfuscated hosting. It is a small issue, admittedly.
And no, not every lemmy is set up the same way. If you’re serious about hosting an online forum that can potentially host activist-adjacent content (might not be the case ? but you do host a lot of piracy content at least), you need to think about opsec more. Starting with not just running ansible as-is to “deploy everything”.
deleted by creator
🤷