Random requests to my private Jellyfin instance (lemm.ee)

submitted 9 months ago by nolight@lemm.ee to c/piracy@lemmy.dbzer0.com

22 comments fedilink hide all child comments

I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I'm not sure how secure it is, and I keep getting random requests from all over the world. It's my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.

My SSL/TLS encryption mode appears to be "Full".

you are viewing a single comment's thread
view the rest of the comments

[-] ares35@kbin.social 0 points 9 months ago

bots will start hitting a brand new subdomain on my web server literally seconds after creating it. looking for exploitable scripts like wordpress, usually.

[-] domi@lemmy.secnd.me 2 points 9 months ago

You can avoid these scans by only using wildcards on your DNS entries and SSL certificates.

Both of these are commonly used by bots to find new domains.

[-] lazynooblet@lazysoci.al 1 points 9 months ago

Wildcard SSL subjects make sense as the certificate is public. But how does wildcard DNS help? They aren't public other than the requests coming from the client which don't use wildcard anyway.