I am not sure if this is the right sub, but yesterday I was having some issues with login with my user and was getting 403 error if I am not wrong and noticed that the NGINX version is exposed, which is a bad practice.

So if someone from the admins of Lemmy.world see this message, maybe they can change the NGINX config and hide the version flag by setting “server_tokens off;”.

  • squiblet@kbin.social
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    1 year ago

    Might as well hide the version, but if someone is going to try an exploit, they’ll just try it and see whether it works.

      • Midas@ymmel.nl
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Obscuring version numbers is best practice. Trying exploits isn’t always trivial and by knowing the exact version number of the software it can be made a whole lot easier. Good post by OP though I do think it should’ve been a DM to Ruud.