I am not sure if this is the right sub, but yesterday I was having some issues with login with my user and was getting 403 error if I am not wrong and noticed that the NGINX version is exposed, which is a bad practice.

So if someone from the admins of Lemmy.world see this message, maybe they can change the NGINX config and hide the version flag by setting “server_tokens off;”.

  • Midas@ymmel.nl
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Obscuring version numbers is best practice. Trying exploits isn’t always trivial and by knowing the exact version number of the software it can be made a whole lot easier. Good post by OP though I do think it should’ve been a DM to Ruud.