I am not sure if this is the right sub, but yesterday I was having some issues with login with my user and was getting 403 error if I am not wrong and noticed that the NGINX version is exposed, which is a bad practice.
So if someone from the admins of Lemmy.world see this message, maybe they can change the NGINX config and hide the version flag by setting “server_tokens off;”.
Might as well hide the version, but if someone is going to try an exploit, they’ll just try it and see whether it works.
Yeah, this post is giving me “security through obscurity” vibes.
Obscuring version numbers is best practice. Trying exploits isn’t always trivial and by knowing the exact version number of the software it can be made a whole lot easier. Good post by OP though I do think it should’ve been a DM to Ruud.