More

gsich · 2026-02-18T19:40:35 1771443635

The account is the same as you create in any acme client. I don't see potential for a reverse lookup.

Ayesh · 2026-02-18T20:16:49 1771445809

I think the previous post is talking about a search that will find the sibling domain names that have obtained certificates with the same account ID. That is a strong indication that those domains are in the same certificate renewal pipeline, most likely on the same physical/virtual server.

mschuster91 · 2026-02-18T21:32:14 1771450334

Run ACME inside a Docker container, one instance (and credentials) for each domain name. Doesn't consume much resources. The real problem is IP addresses anyway, CT logs "thankfully" feed information to every bad actor in real time, which makes data mining trivially easy.

cortesoft · 2026-02-18T23:35:58 1771457758

you dont even need a docker container to do that.

mschuster91 · 2026-02-18T23:38:01 1771457881

Agreed, that's just a personal preference thing of me. Harder to mess up and easier to route.

TrueDuality · 2026-02-20T22:10:27 1771625427

This is publicly publishing the account ID. There is an optional extension in RFC8659 that extends it but it isn't required by any implementer. This puts that ID into a public well known location that is easy to scrape and will be (this is exactly the kind of opsec info project like Maltego love to go lookup and pull in).

gsich · 2026-02-10T07:56:03 1770710163

All of those alternatives don't have voice chat in the way discord has (or Teamspeak/Mumble).

gsich · 2026-02-09T22:20:31 1770675631

Good bye. Discord is not trustworthy with this kind of data. As proven recently.

gsich · 2026-02-03T21:54:12 1770155652

Depending on what you configured. It can also keep the mail on the server.

gsich · 2026-01-28T11:46:48 1769600808

who would use this?

ZiiS · 2026-01-28T12:02:03 1769601723

Very resource constrained systems, systems where consistent admin between *BSD and Linux is important. Containers where you have reasons to break the single process practice.

junaru · 2026-01-28T12:08:33 1769602113

Your phone. Haven't looked into Android images for at least a decade but it was just simple bash scripts back then.

gsich · 2026-01-28T20:29:47 1769632187

My phone does not run Devuan.

fmlpp · 2026-01-28T14:43:19 1769611399

People who hate idiots that put the verb before the noun.

gsich · 2026-01-25T22:05:51 1769378751

I have never seen this happen.

I have however experienced that a ISP will write to you because you have a faulty modem (some Huawei device) and asks you to not use it anymore.

TehCorwiz · 2026-01-25T22:08:57 1769378937

Visit eBay and search for "blocked IMEI" or variants. There are plenty of used phones which are IMEI locked due to either: reported lost, reported stolen, failed to make payments, etc.

gsich · 2026-01-25T22:10:41 1769379041

All offers seem to be from the US.

ddtaylor · 2026-01-25T22:58:03 1769381883

I the lines between IMEI banning or blacklisting and the modern unlocking techniques they use have been blurred a little bit and so some carriers and some manufacturers don't really want to do or spend time doing the IMEI stuff and would prefer to just handle it all via their own unlocking and locking mechanisms.

gsich · 2026-01-16T22:42:46 1768603366

it's all lowercase anyway at parse time.

hk1337 · 2026-01-16T23:14:55 1768605295

rate-limit-remaining would be nicer than ratelimit-remaining

gsich · 2026-01-13T22:41:15 1768344075

only if looping information is stored inside the container.

gsich · 2026-01-13T18:28:56 1768328936

Bug tracker where they lied about "not enough interest".

gsich · 2026-01-12T08:02:35 1768204955

change port.

lee_ars · 2026-01-12T11:55:10 1768218910

After years of cargo-culting this advice—"run ssh on a nonstandard port"—I gave up and reverted to 22 because ssh being on nonstandard ports didn't change the volume of access attempts in the slightest. It was thousands per day on port 22, and thousands per day on port anything-else-i-changed-it-to.

It's worth an assessment of what you _think_ running ssh on a nonstandard port protects you against, and what it's actually doing. It won't stop anything other than the lightest and most casual script-based shotgun attacks, and it won't help you if someone is attempting to exploit an actual-for-real vuln in the ssh authentication or login process. And although I'm aware the plural of "anecdote" isn't "data," it sure as hell didn't reduce the volume of login attempts.

Public key-only auth + strict allowlists will do a lot more for your security posture. If you feel like ssh is using enough CPU rejecting bad login attempts to actually make you notice, stick it behind wireguard or set up port-knocking.

And sure, put it on a nonstandard port, if it makes you feel better. But it doesn't really do much, and anyone hitting your host up with censys.io or any other assessment tool will see your nonstandard ssh port instantly.

wasmitnetzen · 2026-01-12T12:39:26 1768221566

Conversely, what do you gain by using a standard port?

Now, I do agree a non-standard port is not a security tool, but it doesn't hurt running a random high-number port.

lee_ars · 2026-01-12T12:41:15 1768221675

> Conversely, what do you gain by using a standard port?

One less setup step in the runbook, one less thing to remember. But I agree, it doesn't hurt! It just doesn't really help, either.

gsich · 2026-01-13T22:48:51 1768344531

it did for me.

Rebelgecko · 2026-01-12T19:32:29 1768246349

I've tried using a nonstandard port but I still see a bunch of IPs getting banned, with the added downside of if I'm on the go sometimes I don't remember the port

sally_glance · 2026-01-12T08:59:02 1768208342

Underrated reply - I randomize the default ports everywhere I can, really cuts down on brute force/credential stuffing attempts.

Maledictus · 2026-01-12T11:35:54 1768217754

or keep the port and move to IPv6 only.