General Discussion

12038 readers

294 users here now

Welcome to Lemmy.World General!

This is a community for general discussion where you can get your bearings in the fediverse. Discuss topics & ask questions that don't seem to fit in any other community, or don't have an active community yet.

🪆 About Lemmy World

🧭 Finding Communities

Feel free to ask here or over in: [email protected]!

Also keep an eye on:

For more involved tools to find communities to join: check out Lemmyverse!

💬 Additional Discussion Focused Communities:

[email protected] - Note this is for more serious discussions.
[email protected] - The opposite of the above, for more laidback chat!
[email protected] - Into video games? Here's a place to discuss them!
[email protected] - Watched a movie and wanna talk to others about it? Here's a place to do so!
[email protected] - Want to talk politics apart from political news? Here's a community for that!

Rules

Remember, Lemmy World rules also apply here.

0. See: Rules for Users.

No bigotry: including racism, sexism, homophobia, transphobia, or xenophobia.
Be respectful. Everyone should feel welcome here.
Be thoughtful and helpful: even with ‘silly’ questions. The world won’t be made better by dismissive comments to others on Lemmy.
Link posts should include some context/opinion in the body text when the title is unaltered, or be titled to encourage discussion.
Posts concerning other instances' activity/decisions are better suited to [email protected] or [email protected] communities.
No Ads/Spamming.
No NSFW content.

founded 1 year ago

MODERATORS

Jessica

ElectroVagrant

fubo

175

Lemmy.world is exposing the NGINX version (self.general)

submitted 1 year ago by filister to c/general

17 comments fedilink hide all child comments

I am not sure if this is the right sub, but yesterday I was having some issues with login with my user and was getting 403 error if I am not wrong and noticed that the NGINX version is exposed, which is a bad practice.

So if someone from the admins of Lemmy.world see this message, maybe they can change the NGINX config and hide the version flag by setting "server_tokens off;".

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 16 points 1 year ago (1 children)

Might as well hide the version, but if someone is going to try an exploit, they'll just try it and see whether it works.

[–] [email protected] 18 points 1 year ago (1 children)

Yeah, this post is giving me "security through obscurity" vibes.

[–] [email protected] 10 points 1 year ago

Obscuring version numbers is best practice. Trying exploits isn't always trivial and by knowing the exact version number of the software it can be made a whole lot easier. Good post by OP though I do think it should've been a DM to Ruud.