I mean… literally every modern American car with a touch screen and an internet connection. Burning gass or spinning electrons, that part is the same regardless.

The funniest part is how many people have self identified as block-me in the replies to this comment.

Fucking love postmarketOS. First OS to improve on Maemo on an N900

Such an excellent thread for filling out my block list

JED checking in from out wherever Voyager is at the moment (sorry about the lag)

… doesn’t this just mean someone wrote a shit ton of code so you don’t have to?

That’s handy – thanks!

Well, the good news is that I at least think I’m doing all the right things.

I’ll spin up a new VM tomorrow and start from scratch.

It’s literally just a VM hosting Apache and nothing else.

I mean, it could be… I’ll try it with a 128 char base 52 name and see what happens

Yes, exactly. Super weird, shouldn’t happen. I wonder if I have a compromised box somewhere…

The random name is not in the public log. Someone else suggested that earlier. I checked CRT.sh and while my primary domain is there, the random one isn’t.

Previous experiments, yes, I sent a request. The random one, no.

As expected, it doesn’t show up. I had a couple of other subdomains configured before I switched to wildcard, but nothing matches the random one

Will do!

Shows up by name in the apache other_hosts…log, so yes

Nope, but that’s a good suggestion. I set this one up brand new for the experiment.

Mostly from AWS or the like, with occasional Chinese and Russian origins.

The scans look like requests to various WordPress endpoints, JavaScript files associated with known vulnerabilities etc

Even with a wildcard cert?

Yeah, this is interesting, I’ll dig more into this direction.

But the randomly generated subdomain has never seen a DNS registrar.

I do have *.mydomain.com registered though…hmmm