eh? *raises eyebrow*
"you have a security vulnerability on your website! it's, uh... your git directory being accessible publicly. Now please pay me in cryptocurrency."
(...how'd they get "frost@" for the email address?)
[transcript in reply]
This is the ENTIRE contents of that file that's supposedly a "security vulnerability", by the way:
0000000000000000000000000000000000000000 cf5a600bb5a02cc87d573a0dfd9bcfeadc400bb4 Frost <frost@brightfur.net> 1697961814 -0700 commit (initial): Initial commit
cf5a600bb5a02cc87d573a0dfd9bcfeadc400bb4 b73ad338b82a2a41cdffb420b14062a65a89cbb7 Frost <frost@brightfur.net> 1697961920 -0700 commit: Remove info on domain root
like, okay, I GUESS someone could download our git dir, poke at it, and see the stuff we used to have there mentioning our plurality.
Are we particularly worried about that? No.
We're more concerned about people we're not out to finding us out by poking the domain, and/or web scrapers. Neither of which are going to bother with all that.
spam scam ""security report"" email