Investigating Web Site Leaks: How to Find the Source
As a customer of a cloud hosting provider, you may encounter situations where your newly created web site receives unexpected hits from unknown IP addresses. In this article, we will explore how you can investigate and find the source of these web site leaks.
Understanding Certificate Transparency Logs
One common way how domain names become publicly known is through Certificate Transparency Logs. When you request a certificate for HTTPS/TLS, the Certificate Authority will publish information about this certificate on a transparency log. This is a security measure to ensure that no unexpected certificates have been issued.
To inspect these logs, you can use the crt.sh search engine. It allows you to search for certificates and view information about them.
Managing the Impact of Certificate Transparency Logs
While certificate transparency logs are essential for security, they can also attract the attention of other actors who may crawl new domains that appear. Here are some tips to manage their impact:
- Assume that everything on the internet is public – there is no security by obscurity.
- If you don’t want to broadcast the existence of a domain, consider using self-signed certificates for development purposes. However, remember that this is not a foolproof security measure.
- For subdomains, you can use a wildcard certificate to cover multiple domains. This can be more cost-effective and efficient. However, be aware that wildcard certificates may have different fees or challenges from Certificate Authorities.
By following these guidelines, you can better understand and mitigate the risks associated with web site leaks. Remember, it is crucial to stay vigilant and take proactive measures to protect your web site’s security.