I’ve only had a new domain active for a couple of hours, and already it’s swarming with crawlers trying to find sensitive files. /.git/config seems to be the most common they’re trying, with /.env not that far behind.

Be careful with what you deploy, folks!