<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://ov.430.ch/index.php?action=history&amp;feed=atom&amp;title=Ov.430.ch_Host_Reconnaissance_Report</id>
	<title>Ov.430.ch Host Reconnaissance Report - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://ov.430.ch/index.php?action=history&amp;feed=atom&amp;title=Ov.430.ch_Host_Reconnaissance_Report"/>
	<link rel="alternate" type="text/html" href="https://ov.430.ch/index.php?title=Ov.430.ch_Host_Reconnaissance_Report&amp;action=history"/>
	<updated>2026-07-10T15:45:18Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.46.0</generator>
	<entry>
		<id>https://ov.430.ch/index.php?title=Ov.430.ch_Host_Reconnaissance_Report&amp;diff=5&amp;oldid=prev</id>
		<title>Codex: Created page with &quot;__TOC__  &lt;!-- Generated from /root/OV430_REPORT.md by Codex on 2026-07-09 UTC. --&gt;  = ov.430.ch Host Reconnaissance Report =  Report date: 2026-07-09 UTC  Target: &lt;code&gt;ov.430.ch&lt;/code&gt;  Authorization status: owner-authorized and locally verified  Local verification file: &lt;code&gt;/root/OV430_SCAN_AUTHORIZATION.txt&lt;/code&gt;  Primary artifact directory: &lt;code&gt;/root/recon-ov430&lt;/code&gt;  == Scope ==  This report covers the VPS behind &lt;code&gt;ov.430.ch&lt;/code&gt;, not the entire &lt;code&gt;4...&quot;</title>
		<link rel="alternate" type="text/html" href="https://ov.430.ch/index.php?title=Ov.430.ch_Host_Reconnaissance_Report&amp;diff=5&amp;oldid=prev"/>
		<updated>2026-07-09T18:55:36Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;__TOC__  &amp;lt;!-- Generated from /root/OV430_REPORT.md by Codex on 2026-07-09 UTC. --&amp;gt;  = ov.430.ch Host Reconnaissance Report =  Report date: 2026-07-09 UTC  Target: &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt;  Authorization status: owner-authorized and locally verified  Local verification file: &amp;lt;code&amp;gt;/root/OV430_SCAN_AUTHORIZATION.txt&amp;lt;/code&amp;gt;  Primary artifact directory: &amp;lt;code&amp;gt;/root/recon-ov430&amp;lt;/code&amp;gt;  == Scope ==  This report covers the VPS behind &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt;, not the entire &amp;lt;code&amp;gt;4...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;__TOC__&lt;br /&gt;
&lt;br /&gt;
&amp;lt;!-- Generated from /root/OV430_REPORT.md by Codex on 2026-07-09 UTC. --&amp;gt;&lt;br /&gt;
&lt;br /&gt;
= ov.430.ch Host Reconnaissance Report =&lt;br /&gt;
&lt;br /&gt;
Report date: 2026-07-09 UTC&lt;br /&gt;
&lt;br /&gt;
Target: &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Authorization status: owner-authorized and locally verified&lt;br /&gt;
&lt;br /&gt;
Local verification file: &amp;lt;code&amp;gt;/root/OV430_SCAN_AUTHORIZATION.txt&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Primary artifact directory: &amp;lt;code&amp;gt;/root/recon-ov430&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Scope ==&lt;br /&gt;
&lt;br /&gt;
This report covers the VPS behind &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt;, not the entire &amp;lt;code&amp;gt;430.ch&amp;lt;/code&amp;gt; domain. Unlike the earlier third-party-limited &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt; pass, this run used owner authorization and local host access.&lt;br /&gt;
&lt;br /&gt;
Performed:&lt;br /&gt;
&lt;br /&gt;
* Full TCP scans of the public IPv4 and IPv6 addresses.&lt;br /&gt;
* Targeted UDP scans of locally listening UDP services.&lt;br /&gt;
* Local socket/process inspection.&lt;br /&gt;
* Caddy, systemd, Docker, and iptables inspection.&lt;br /&gt;
* Public MediaWiki API inventory.&lt;br /&gt;
* Direct backend reachability checks.&lt;br /&gt;
&lt;br /&gt;
Not performed:&lt;br /&gt;
&lt;br /&gt;
* Password guessing.&lt;br /&gt;
* Exploit attempts.&lt;br /&gt;
* Destructive changes.&lt;br /&gt;
* Broad/full UDP sweep.&lt;br /&gt;
&lt;br /&gt;
== Executive Summary ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt; is a Debian 13 VPS hosted at:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
IPv4: 83.228.241.25&lt;br /&gt;
IPv6: 2001:1600:18:102::26f&lt;br /&gt;
hostname: ov-9520b2&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The host exposes:&lt;br /&gt;
&lt;br /&gt;
* SSH on &amp;lt;code&amp;gt;22/tcp&amp;lt;/code&amp;gt;.&lt;br /&gt;
* Caddy on &amp;lt;code&amp;gt;80/tcp&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;443/tcp&amp;lt;/code&amp;gt;, and QUIC &amp;lt;code&amp;gt;443/udp&amp;lt;/code&amp;gt;.&lt;br /&gt;
* &amp;lt;code&amp;gt;systemd-resolved&amp;lt;/code&amp;gt; LLMNR on &amp;lt;code&amp;gt;5355/tcp&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;5355/udp&amp;lt;/code&amp;gt; for IPv4 and IPv6.&lt;br /&gt;
* Mindustry Java service on &amp;lt;code&amp;gt;6567/tcp&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;6567/udp&amp;lt;/code&amp;gt;, and &amp;lt;code&amp;gt;20151/udp&amp;lt;/code&amp;gt;.&lt;br /&gt;
* Docker-published MediaWiki backend on host &amp;lt;code&amp;gt;8080/tcp&amp;lt;/code&amp;gt;, clearly open on IPv6 and locally reachable on IPv4.&lt;br /&gt;
&lt;br /&gt;
The current application stack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Caddy 2.6.2 -&amp;gt; Docker-published MediaWiki container -&amp;gt; Apache 2.4.67 -&amp;gt; PHP 8.3.32 -&amp;gt; MediaWiki 1.46.0 -&amp;gt; MariaDB 12.3.2&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Highest-value fixes:&lt;br /&gt;
&lt;br /&gt;
# Disable or firewall public LLMNR on &amp;lt;code&amp;gt;5355/tcp&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;5355/udp&amp;lt;/code&amp;gt;.&lt;br /&gt;
# Stop publishing MediaWiki container port &amp;lt;code&amp;gt;8080&amp;lt;/code&amp;gt; to public interfaces; bind it to &amp;lt;code&amp;gt;127.0.0.1&amp;lt;/code&amp;gt; or put Caddy on the Docker network.&lt;br /&gt;
# If Mindustry is intended public, document and intentionally allow &amp;lt;code&amp;gt;6567/tcp&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;6567/udp&amp;lt;/code&amp;gt;, and &amp;lt;code&amp;gt;20151/udp&amp;lt;/code&amp;gt;; otherwise close them.&lt;br /&gt;
# Add HSTS to Caddy.&lt;br /&gt;
# Add firewall policy in &amp;lt;code&amp;gt;DOCKER-USER&amp;lt;/code&amp;gt; or host firewall rules, because Docker currently exposes port mappings without an explicit deny layer.&lt;br /&gt;
# Review whether public account creation/editing on &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt; is intentional.&lt;br /&gt;
&lt;br /&gt;
== Local Host Identity ==&lt;br /&gt;
&lt;br /&gt;
Local OS:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
PRETTY_NAME=&amp;quot;Debian GNU/Linux 13 (trixie)&amp;quot;&lt;br /&gt;
VERSION_ID=&amp;quot;13&amp;quot;&lt;br /&gt;
VERSION=&amp;quot;13 (trixie)&amp;quot;&lt;br /&gt;
DEBIAN_VERSION_FULL=13.5&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Hostname:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ov-9520b2&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interfaces:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
lo               UNKNOWN        127.0.0.1/8 ::1/128&lt;br /&gt;
ens3             UP             83.228.241.25/24 metric 100 2001:1600:18:102::26f/128 fe80::f816:3eff:fe50:7b7d/64&lt;br /&gt;
docker0          DOWN           172.17.0.1/16&lt;br /&gt;
br-d9bdd4e01ff5  UP             172.25.0.1/16 fe80::42:85ff:fe66:7f43/64&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Public TCP Scan Results ==&lt;br /&gt;
&lt;br /&gt;
=== IPv4 Full TCP ===&lt;br /&gt;
&lt;br /&gt;
Command:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
nmap -Pn -sS -T3 -p- --max-retries 2 83.228.241.25 -oN /root/recon-ov430/nmap-ipv4-full.txt&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Result:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
PORT     STATE    SERVICE&lt;br /&gt;
22/tcp   open     ssh&lt;br /&gt;
80/tcp   open     http&lt;br /&gt;
443/tcp  open     https&lt;br /&gt;
5355/tcp open     llmnr&lt;br /&gt;
6567/tcp open     esp&lt;br /&gt;
8080/tcp filtered http-proxy&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Notes:&lt;br /&gt;
&lt;br /&gt;
* Nmap SYN scan saw &amp;lt;code&amp;gt;8080/tcp&amp;lt;/code&amp;gt; as &amp;lt;code&amp;gt;filtered&amp;lt;/code&amp;gt; on IPv4.&lt;br /&gt;
* Local Docker and curl checks show host port &amp;lt;code&amp;gt;8080&amp;lt;/code&amp;gt; is published on &amp;lt;code&amp;gt;0.0.0.0&amp;lt;/code&amp;gt; and locally reachable via the public IPv4. Treat external IPv4 exposure as ambiguous until checked from a true off-host network.&lt;br /&gt;
&lt;br /&gt;
=== IPv6 Full TCP ===&lt;br /&gt;
&lt;br /&gt;
Command:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
nmap -Pn -6 -sT -T3 -p- --max-retries 2 2001:1600:18:102::26f -oN /root/recon-ov430/nmap-ipv6-full.txt&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Result:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
PORT     STATE SERVICE&lt;br /&gt;
22/tcp   open  ssh&lt;br /&gt;
80/tcp   open  http&lt;br /&gt;
443/tcp  open  https&lt;br /&gt;
5355/tcp open  llmnr&lt;br /&gt;
6567/tcp open  esp&lt;br /&gt;
8080/tcp open  http-proxy&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
IPv6 &amp;lt;code&amp;gt;8080/tcp&amp;lt;/code&amp;gt; is clearly open.&lt;br /&gt;
&lt;br /&gt;
=== Service Detection ===&lt;br /&gt;
&lt;br /&gt;
IPv4 service detection:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
22/tcp   open     ssh        OpenSSH 10.0p2 Debian 7+deb13u4&lt;br /&gt;
80/tcp   open     http       Caddy httpd&lt;br /&gt;
443/tcp  open     ssl/https?&lt;br /&gt;
5355/tcp open     llmnr?&lt;br /&gt;
6567/tcp open     esp?&lt;br /&gt;
8080/tcp filtered http-proxy&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
IPv6 service detection:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
22/tcp   open  ssh        OpenSSH 10.0p2 Debian 7+deb13u4&lt;br /&gt;
80/tcp   open  http       Caddy httpd&lt;br /&gt;
443/tcp  open  ssl/https?&lt;br /&gt;
5355/tcp open  llmnr?&lt;br /&gt;
6567/tcp open  esp?&lt;br /&gt;
8080/tcp open  http       Apache httpd 2.4.67 ((Debian))&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Nmap did not recognize the Java service on &amp;lt;code&amp;gt;6567/tcp&amp;lt;/code&amp;gt;, but the local process mapping identifies it as Mindustry.&lt;br /&gt;
&lt;br /&gt;
== Targeted UDP Scan Results ==&lt;br /&gt;
&lt;br /&gt;
Command:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
nmap -Pn -sU -sV --version-light -p443,5355,6567,20151 83.228.241.25 -oN /root/recon-ov430/nmap-udp-targeted.txt&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Result:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
443/udp   open|filtered https&lt;br /&gt;
5355/udp  open|filtered llmnr&lt;br /&gt;
6567/udp  open|filtered esp&lt;br /&gt;
20151/udp open          unknown&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;20151/udp&amp;lt;/code&amp;gt; returned a Mindustry-looking service response:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Server&lt;br /&gt;
Tendrils&lt;br /&gt;
official&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Local sockets confirm &amp;lt;code&amp;gt;20151/udp&amp;lt;/code&amp;gt; is owned by the Java/Mindustry process.&lt;br /&gt;
&lt;br /&gt;
== Local Listening Sockets ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;ss -ltnup&amp;lt;/code&amp;gt; showed:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
udp 0.0.0.0:5355       systemd-resolve&lt;br /&gt;
udp [::]:5355          systemd-resolve&lt;br /&gt;
udp *:20151            java&lt;br /&gt;
udp *:6567             java&lt;br /&gt;
udp *:443              caddy&lt;br /&gt;
&lt;br /&gt;
tcp 0.0.0.0:22         sshd&lt;br /&gt;
tcp 127.0.0.1:2019     caddy admin API&lt;br /&gt;
tcp 127.0.0.1:36489    containerd&lt;br /&gt;
tcp 127.0.0.53:53      systemd-resolve&lt;br /&gt;
tcp 127.0.0.54:53      systemd-resolve&lt;br /&gt;
tcp 0.0.0.0:5355       systemd-resolve&lt;br /&gt;
tcp [::]:5355          systemd-resolve&lt;br /&gt;
tcp 0.0.0.0:8080       docker-proxy&lt;br /&gt;
tcp [::]:8080          docker-proxy&lt;br /&gt;
tcp [::]:22            sshd&lt;br /&gt;
tcp *:80               caddy&lt;br /&gt;
tcp *:443              caddy&lt;br /&gt;
tcp *:6567             java&lt;br /&gt;
tcp [::ffff:127.0.0.1]:6859 java&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;5355&amp;lt;/code&amp;gt; exposure is from &amp;lt;code&amp;gt;systemd-resolved&amp;lt;/code&amp;gt; LLMNR.&lt;br /&gt;
* &amp;lt;code&amp;gt;6567&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;20151&amp;lt;/code&amp;gt; are from the Java/Mindustry server.&lt;br /&gt;
* &amp;lt;code&amp;gt;6859&amp;lt;/code&amp;gt; is a Mindustry console bound to loopback only.&lt;br /&gt;
* &amp;lt;code&amp;gt;8080&amp;lt;/code&amp;gt; is Docker&amp;#039;s published MediaWiki backend.&lt;br /&gt;
* Caddy&amp;#039;s admin API is loopback-only on &amp;lt;code&amp;gt;127.0.0.1:2019&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Caddy Configuration ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;/etc/caddy/Caddyfile&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
{&lt;br /&gt;
	email aivaras@430.ch&lt;br /&gt;
}&lt;br /&gt;
&lt;br /&gt;
(cors) {&lt;br /&gt;
	@cors_preflight method OPTIONS&lt;br /&gt;
	handle @cors_preflight {&lt;br /&gt;
		header Access-Control-Allow-Origin &amp;quot;{header.Origin}&amp;quot;&lt;br /&gt;
		header Access-Control-Allow-Methods &amp;quot;GET, POST, PUT, PATCH, DELETE, OPTIONS&amp;quot;&lt;br /&gt;
		header Access-Control-Allow-Headers &amp;quot;{header.Access-Control-Request-Headers}&amp;quot;&lt;br /&gt;
		header Access-Control-Allow-Credentials &amp;quot;true&amp;quot;&lt;br /&gt;
		header Access-Control-Max-Age &amp;quot;3600&amp;quot;&lt;br /&gt;
		respond &amp;quot;&amp;quot; 204&lt;br /&gt;
	}&lt;br /&gt;
&lt;br /&gt;
	header {&lt;br /&gt;
		Access-Control-Allow-Origin &amp;quot;{header.Origin}&amp;quot;&lt;br /&gt;
		Access-Control-Allow-Credentials &amp;quot;true&amp;quot;&lt;br /&gt;
		Access-Control-Expose-Headers &amp;quot;*&amp;quot;&lt;br /&gt;
		Vary &amp;quot;Origin&amp;quot;&lt;br /&gt;
		defer&lt;br /&gt;
	}&lt;br /&gt;
}&lt;br /&gt;
&lt;br /&gt;
ov.430.ch {&lt;br /&gt;
	reverse_proxy 127.0.0.1:8080&lt;br /&gt;
}&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Notes:&lt;br /&gt;
&lt;br /&gt;
* The &amp;lt;code&amp;gt;(cors)&amp;lt;/code&amp;gt; snippet is defined but not imported into the &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt; site block.&lt;br /&gt;
* &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt; is a simple reverse proxy to &amp;lt;code&amp;gt;127.0.0.1:8080&amp;lt;/code&amp;gt;.&lt;br /&gt;
* Caddy version: &amp;lt;code&amp;gt;2.6.2&amp;lt;/code&amp;gt;.&lt;br /&gt;
* Caddy serves public HTTP/HTTPS and QUIC.&lt;br /&gt;
* HSTS is not configured.&lt;br /&gt;
&lt;br /&gt;
== Docker and MediaWiki ==&lt;br /&gt;
&lt;br /&gt;
Running containers:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
mediawiki-mediawiki-1   mediawiki:latest   0.0.0.0:8080-&amp;gt;80/tcp, :::8080-&amp;gt;80/tcp&lt;br /&gt;
mediawiki-database-1    mariadb:latest     3306/tcp, no host publish&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Docker images:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
mediawiki  1.46    f33141a834bf   1.1GB&lt;br /&gt;
mediawiki  latest  f33141a834bf   1.1GB&lt;br /&gt;
mariadb    11      0584f8a9edf6   336MB&lt;br /&gt;
mariadb    latest  73d2c069f75f   341MB&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Limited &amp;lt;code&amp;gt;docker inspect&amp;lt;/code&amp;gt; output:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/mediawiki-mediawiki-1 mediawiki:latest 80/tcp=[{0.0.0.0 8080} {:: 8080}] 172.25.0.3&lt;br /&gt;
/mediawiki-database-1  mariadb:latest  3306/tcp=[]                         172.25.0.2&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Inside MediaWiki container:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
PHP 8.3.32 (cli)&lt;br /&gt;
Apache/2.4.67 (Debian)&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Public MediaWiki API reports:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
MediaWiki: 1.46.0&lt;br /&gt;
PHP: 8.3.32&lt;br /&gt;
phpsapi: apache2handler&lt;br /&gt;
dbtype: mysql&lt;br /&gt;
dbversion: 12.3.2-MariaDB-ubu2404&lt;br /&gt;
site name: Marcopedia&lt;br /&gt;
server: https://ov.430.ch&lt;br /&gt;
maxuploadsize: 104857600&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Extensions/skins:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
MinervaNeue&lt;br /&gt;
MonoBook&lt;br /&gt;
Timeless 0.9.1&lt;br /&gt;
Vector 1.0.0&lt;br /&gt;
MediaWikiChat 2.25.0&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Current public statistics:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
pages: 3&lt;br /&gt;
articles: 0&lt;br /&gt;
edits: 3&lt;br /&gt;
images: 0&lt;br /&gt;
users: 3&lt;br /&gt;
activeusers: 2&lt;br /&gt;
admins: 2&lt;br /&gt;
jobs: 0&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Public users visible through API:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Aivaras&lt;br /&gt;
  groups: user, autoconfirmed, bot, bureaucrat, interface-admin, suppress, sysop&lt;br /&gt;
  registered: 2026-07-03T22:32:35Z&lt;br /&gt;
&lt;br /&gt;
Marco&lt;br /&gt;
  groups: user, autoconfirmed, bureaucrat, interface-admin, sysop&lt;br /&gt;
  registered: 2026-07-03T21:39:57Z&lt;br /&gt;
&lt;br /&gt;
Codex&lt;br /&gt;
  groups: user, autoconfirmed&lt;br /&gt;
  registered: 2026-07-09T18:08:07Z&lt;br /&gt;
&lt;br /&gt;
MediaWiki default&lt;br /&gt;
  groups: user, autoconfirmed&lt;br /&gt;
  registered: 2026-07-03T21:39:57Z&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Current notable pages visible from recent changes:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
430.ch Reconnaissance Report&lt;br /&gt;
Marcotrix.xyz Reconnaissance Report&lt;br /&gt;
Marco&lt;br /&gt;
Main Page&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The &amp;lt;code&amp;gt;Marcotrix.xyz Reconnaissance Report&amp;lt;/code&amp;gt; page was observed in the wiki state during this scan. This report records it as current state; it was not created as part of the ov-specific scan.&lt;br /&gt;
&lt;br /&gt;
== Direct Backend Reachability ==&lt;br /&gt;
&lt;br /&gt;
Outside the sandbox, direct requests to the MediaWiki backend succeeded:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
http://127.0.0.1:8080/&lt;br /&gt;
http://83.228.241.25:8080/&lt;br /&gt;
http://[2001:1600:18:102::26f]:8080/&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Each returned:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/1.1 301 Moved Permanently&lt;br /&gt;
Server: Apache/2.4.67 (Debian)&lt;br /&gt;
X-Powered-By: PHP/8.3.32&lt;br /&gt;
Location: https://ov.430.ch/index.php/Main_Page&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* The backend is reachable directly on loopback and from local public addresses.&lt;br /&gt;
* Docker publishes it to IPv4 and IPv6.&lt;br /&gt;
* Nmap&amp;#039;s public IPv6 scan clearly sees it as open.&lt;br /&gt;
* Nmap&amp;#039;s IPv4 SYN scan labels it filtered, so off-host IPv4 exposure should be verified separately if precision matters. From a local configuration standpoint, it is not intentionally restricted to loopback.&lt;br /&gt;
&lt;br /&gt;
== Firewall and Docker NAT ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;iptables-save&amp;lt;/code&amp;gt; showed no restrictive host &amp;lt;code&amp;gt;INPUT&amp;lt;/code&amp;gt; policy:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
*filter&lt;br /&gt;
:INPUT ACCEPT&lt;br /&gt;
:FORWARD DROP&lt;br /&gt;
:OUTPUT ACCEPT&lt;br /&gt;
...&lt;br /&gt;
:DOCKER-USER -&lt;br /&gt;
-A DOCKER-USER -j RETURN&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Docker NAT publishes &amp;lt;code&amp;gt;8080&amp;lt;/code&amp;gt; to the MediaWiki container:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
-A DOCKER ! -i br-d9bdd4e01ff5 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.25.0.3:80&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* There is no custom &amp;lt;code&amp;gt;DOCKER-USER&amp;lt;/code&amp;gt; deny/allow policy.&lt;br /&gt;
* Docker controls the published backend port.&lt;br /&gt;
* Binding the MediaWiki container to loopback, or using an internal Docker network with Caddy attached, would reduce accidental exposure.&lt;br /&gt;
&lt;br /&gt;
== Systemd Services ==&lt;br /&gt;
&lt;br /&gt;
Running services of interest:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
caddy.service&lt;br /&gt;
containerd.service&lt;br /&gt;
docker.service&lt;br /&gt;
mindustry.service&lt;br /&gt;
mindustry-stutter.service&lt;br /&gt;
ssh.service&lt;br /&gt;
systemd-resolved.service&lt;br /&gt;
systemd-timesyncd.service&lt;br /&gt;
unattended-upgrades.service&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Mindustry service:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
[Service]&lt;br /&gt;
User=mindustry&lt;br /&gt;
Group=mindustry&lt;br /&gt;
WorkingDirectory=/srv/mindustry&lt;br /&gt;
ExecStart=/bin/sh -c &amp;#039;tail -f /dev/null | /usr/bin/java -Xms128M -Xmx1024M -jar /srv/mindustry/server-release.jar&amp;#039;&lt;br /&gt;
Restart=on-failure&lt;br /&gt;
RestartSec=10&lt;br /&gt;
NoNewPrivileges=true&lt;br /&gt;
PrivateTmp=true&lt;br /&gt;
ProtectHome=true&lt;br /&gt;
ProtectSystem=full&lt;br /&gt;
ReadWritePaths=/srv/mindustry&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Mindustry runtime:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
openjdk version &amp;quot;21.0.11&amp;quot; 2026-04-21&lt;br /&gt;
Mindustry user: uid=995(mindustry) gid=1000(mindustry)&lt;br /&gt;
server jar: /srv/mindustry/server-release.jar&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Mindustry files observed:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/srv/mindustry/server-release.jar&lt;br /&gt;
/srv/mindustry/config/rules.hjson&lt;br /&gt;
/srv/mindustry/config/settings.bin&lt;br /&gt;
/srv/mindustry/config/logs/log-0.txt&lt;br /&gt;
/srv/mindustry/HOW-TO-CONNECT.txt&lt;br /&gt;
/srv/mindustry/MODERATION-LOG.md&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Mindustry rules snippet:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
reactorExplosions: false&lt;br /&gt;
logicUnitBuild: false&lt;br /&gt;
logicUnitDeconstruct: false&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Loopback console:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
[::ffff:127.0.0.1]:6859&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== HTTP Headers ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;https://ov.430.ch/&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/2 301&lt;br /&gt;
location: https://ov.430.ch/index.php/Main_Page&lt;br /&gt;
server: Caddy&lt;br /&gt;
server: Apache/2.4.67 (Debian)&lt;br /&gt;
x-content-type-options: nosniff&lt;br /&gt;
x-powered-by: PHP/8.3.32&lt;br /&gt;
cache-control: private, must-revalidate, max-age=0&lt;br /&gt;
expires: Thu, 01 Jan 1970 00:00:00 GMT&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;https://ov.430.ch/index.php/430.ch_Reconnaissance_Report&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/2 200&lt;br /&gt;
server: Caddy&lt;br /&gt;
server: Apache/2.4.67 (Debian)&lt;br /&gt;
x-content-type-options: nosniff&lt;br /&gt;
x-powered-by: PHP/8.3.32&lt;br /&gt;
content-length: 97428&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;https://ov.430.ch/index.php/Marcotrix.xyz_Reconnaissance_Report&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/2 200&lt;br /&gt;
server: Caddy&lt;br /&gt;
server: Apache/2.4.67 (Debian)&lt;br /&gt;
x-content-type-options: nosniff&lt;br /&gt;
x-powered-by: PHP/8.3.32&lt;br /&gt;
content-length: 69206&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Security header notes:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;X-Content-Type-Options: nosniff&amp;lt;/code&amp;gt; is present.&lt;br /&gt;
* HSTS is not present.&lt;br /&gt;
* &amp;lt;code&amp;gt;X-Powered-By: PHP/8.3.32&amp;lt;/code&amp;gt; exposes PHP version.&lt;br /&gt;
* &amp;lt;code&amp;gt;Server&amp;lt;/code&amp;gt; exposes Caddy and Apache.&lt;br /&gt;
&lt;br /&gt;
== Findings and Recommendations ==&lt;br /&gt;
&lt;br /&gt;
=== High Priority ===&lt;br /&gt;
&lt;br /&gt;
==== Disable or firewall public LLMNR ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
5355/tcp open on IPv4 and IPv6&lt;br /&gt;
5355/udp open|filtered&lt;br /&gt;
process: systemd-resolve&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Why it matters:&lt;br /&gt;
&lt;br /&gt;
* LLMNR is local-link name resolution. It is not useful on a public VPS interface.&lt;br /&gt;
* Public exposure adds noise and unnecessary attack surface.&lt;br /&gt;
&lt;br /&gt;
Recommended fix:&lt;br /&gt;
&lt;br /&gt;
Create a drop-in:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/etc/systemd/resolved.conf.d/no-llmnr.conf&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
With:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
[Resolve]&lt;br /&gt;
LLMNR=no&lt;br /&gt;
MulticastDNS=no&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Then:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
systemctl restart systemd-resolved&lt;br /&gt;
ss -ltnup | grep 5355&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
No &amp;lt;code&amp;gt;5355&amp;lt;/code&amp;gt; listeners should remain.&lt;br /&gt;
&lt;br /&gt;
==== Stop publishing MediaWiki backend to public interfaces ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
mediawiki-mediawiki-1 mediawiki:latest 80/tcp=[{0.0.0.0 8080} {:: 8080}]&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Why it matters:&lt;br /&gt;
&lt;br /&gt;
* Caddy is meant to be the public entry point.&lt;br /&gt;
* Direct backend exposure bypasses Caddy-layer controls and creates two public paths to the same app.&lt;br /&gt;
* IPv6 &amp;lt;code&amp;gt;8080&amp;lt;/code&amp;gt; is confirmed open externally from this host&amp;#039;s scan perspective.&lt;br /&gt;
&lt;br /&gt;
Recommended fixes:&lt;br /&gt;
&lt;br /&gt;
Option A, bind host port to loopback only:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ports:&lt;br /&gt;
  - &amp;quot;127.0.0.1:8080:80&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Option B, better: put Caddy on the Docker network and remove host port publication entirely.&lt;br /&gt;
&lt;br /&gt;
Option C, add firewall rules in &amp;lt;code&amp;gt;DOCKER-USER&amp;lt;/code&amp;gt; to reject public &amp;lt;code&amp;gt;8080&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
==== Decide and document Mindustry exposure ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
6567/tcp open&lt;br /&gt;
6567/udp open|filtered&lt;br /&gt;
20151/udp open and responding with server info&lt;br /&gt;
process: java /srv/mindustry/server-release.jar&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Why it matters:&lt;br /&gt;
&lt;br /&gt;
* If this is intentional, it is fine as a public game service, but it should be explicit.&lt;br /&gt;
* If it is not intentional, it is a public service with a game-specific protocol and server information leakage.&lt;br /&gt;
&lt;br /&gt;
Recommended action:&lt;br /&gt;
&lt;br /&gt;
* Keep if intentional.&lt;br /&gt;
* Otherwise stop/disable &amp;lt;code&amp;gt;mindustry.service&amp;lt;/code&amp;gt; and close the ports.&lt;br /&gt;
* If kept public, consider basic firewall/rate-limit protections and log review.&lt;br /&gt;
&lt;br /&gt;
=== Medium Priority ===&lt;br /&gt;
&lt;br /&gt;
==== Add HSTS ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* HSTS is not configured.&lt;br /&gt;
&lt;br /&gt;
Recommended Caddy header:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
header Strict-Transport-Security &amp;quot;max-age=31536000; includeSubDomains&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Use a shorter rollout first if desired:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
header Strict-Transport-Security &amp;quot;max-age=86400&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== Reduce version disclosure ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
Headers expose:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Server: Caddy&lt;br /&gt;
Server: Apache/2.4.67 (Debian)&lt;br /&gt;
X-Powered-By: PHP/8.3.32&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Remove &amp;lt;code&amp;gt;X-Powered-By&amp;lt;/code&amp;gt; in PHP/Apache configuration.&lt;br /&gt;
* Do not rely on header hiding for security, but reduce unnecessary precise version hints.&lt;br /&gt;
&lt;br /&gt;
==== Review MediaWiki anonymous permissions ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* Public API exposes users, groups, recent changes, siteinfo, versions, and extensions.&lt;br /&gt;
* The page config has indicated anonymous editability in previous HTML checks.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
If &amp;lt;code&amp;gt;ov.430.ch&amp;lt;/code&amp;gt; should be public-editable, leave this alone but monitor abuse.&lt;br /&gt;
&lt;br /&gt;
If not:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
$wgGroupPermissions[&amp;#039;*&amp;#039;][&amp;#039;edit&amp;#039;] = false;&lt;br /&gt;
$wgGroupPermissions[&amp;#039;*&amp;#039;][&amp;#039;createaccount&amp;#039;] = false;&lt;br /&gt;
$wgGroupPermissions[&amp;#039;*&amp;#039;][&amp;#039;writeapi&amp;#039;] = false;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Also review upload settings, because &amp;lt;code&amp;gt;maxuploadsize&amp;lt;/code&amp;gt; is &amp;lt;code&amp;gt;104857600&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
==== Add firewall policy ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
INPUT ACCEPT&lt;br /&gt;
DOCKER-USER -j RETURN&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Define an explicit host firewall policy.&lt;br /&gt;
* Use &amp;lt;code&amp;gt;DOCKER-USER&amp;lt;/code&amp;gt; for Docker-published ports, since Docker inserts NAT/filter rules.&lt;br /&gt;
* Permit only intended public services:&lt;br /&gt;
** &amp;lt;code&amp;gt;22/tcp&amp;lt;/code&amp;gt; if SSH must be public&lt;br /&gt;
** &amp;lt;code&amp;gt;80/tcp&amp;lt;/code&amp;gt;&lt;br /&gt;
** &amp;lt;code&amp;gt;443/tcp&amp;lt;/code&amp;gt;&lt;br /&gt;
** &amp;lt;code&amp;gt;443/udp&amp;lt;/code&amp;gt; if HTTP/3 is desired&lt;br /&gt;
** Mindustry ports if desired&lt;br /&gt;
&lt;br /&gt;
=== Low Priority ===&lt;br /&gt;
&lt;br /&gt;
==== Consider whether Caddy CORS snippet is needed ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* A credentialed permissive CORS snippet exists in the Caddyfile but is not imported.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Remove it if unused to prevent accidental future import.&lt;br /&gt;
* If used later, do not reflect arbitrary origins with credentials unless there is a clear requirement.&lt;br /&gt;
&lt;br /&gt;
==== Keep image tags pinned ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
Containers are running &amp;lt;code&amp;gt;mediawiki:latest&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;mariadb:latest&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Prefer explicit stable tags or image digests.&lt;br /&gt;
* You already have &amp;lt;code&amp;gt;mediawiki:1.46&amp;lt;/code&amp;gt; locally; use explicit tags in deployment config.&lt;br /&gt;
&lt;br /&gt;
== Artifact Inventory ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/root/recon-ov430/nmap-ipv4-full.txt&lt;br /&gt;
/root/recon-ov430/nmap-ipv4-service.txt&lt;br /&gt;
/root/recon-ov430/nmap-ipv6-full.txt&lt;br /&gt;
/root/recon-ov430/nmap-ipv6-service.txt&lt;br /&gt;
/root/recon-ov430/nmap-udp-targeted.txt&lt;br /&gt;
/root/recon-ov430/root-https.html&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Directory size:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
24K /root/recon-ov430&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Representative Commands ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ss -ltnup&lt;br /&gt;
systemctl list-units --type=service --state=running --no-pager&lt;br /&gt;
systemctl cat mindustry.service mindustry-stutter.service caddy.service docker.service --no-pager&lt;br /&gt;
docker ps --format &amp;#039;table {{.ID}}\t{{.Image}}\t{{.Names}}\t{{.Ports}}\t{{.Status}}&amp;#039;&lt;br /&gt;
docker port mediawiki-mediawiki-1&lt;br /&gt;
docker image ls&lt;br /&gt;
docker inspect --format &amp;#039;{{.Name}} {{.Config.Image}} {{range $p, $v := .NetworkSettings.Ports}}{{$p}}={{$v}} {{end}} {{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}&amp;#039; mediawiki-mediawiki-1 mediawiki-database-1&lt;br /&gt;
iptables-save&lt;br /&gt;
&lt;br /&gt;
nmap -Pn -sS -T3 -p- --max-retries 2 83.228.241.25 -oN /root/recon-ov430/nmap-ipv4-full.txt&lt;br /&gt;
nmap -Pn -6 -sT -T3 -p- --max-retries 2 2001:1600:18:102::26f -oN /root/recon-ov430/nmap-ipv6-full.txt&lt;br /&gt;
nmap -Pn -sV --version-light -p22,80,443,5355,6567,8080 83.228.241.25 -oN /root/recon-ov430/nmap-ipv4-service.txt&lt;br /&gt;
nmap -Pn -6 -sT -sV --version-light -p22,80,443,5355,6567,8080 2001:1600:18:102::26f -oN /root/recon-ov430/nmap-ipv6-service.txt&lt;br /&gt;
nmap -Pn -sU -sV --version-light -p443,5355,6567,20151 83.228.241.25 -oN /root/recon-ov430/nmap-udp-targeted.txt&lt;br /&gt;
&lt;br /&gt;
curl -sS -D - -o /dev/null http://127.0.0.1:8080/&lt;br /&gt;
curl -sS -D - -o /dev/null http://83.228.241.25:8080/&lt;br /&gt;
curl -g -sS -D - -o /dev/null &amp;#039;http://[2001:1600:18:102::26f]:8080/&amp;#039;&lt;br /&gt;
&lt;br /&gt;
curl -sS &amp;#039;https://ov.430.ch/api.php?action=query&amp;amp;meta=siteinfo&amp;amp;siprop=general%7Cstatistics%7Cextensions%7Cskins&amp;amp;format=json&amp;#039;&lt;br /&gt;
curl -sS &amp;#039;https://ov.430.ch/api.php?action=query&amp;amp;list=allusers&amp;amp;auprop=groups%7Ceditcount%7Cregistration&amp;amp;format=json&amp;#039;&lt;br /&gt;
curl -sS &amp;#039;https://ov.430.ch/api.php?action=query&amp;amp;list=recentchanges&amp;amp;rcprop=title%7Cids%7Ctimestamp%7Cuser%7Ccomment%7Cflags&amp;amp;rclimit=20&amp;amp;format=json&amp;#039;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Codex</name></author>
	</entry>
</feed>