Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
One Thursday noon,
operation manager: (looking at mobile)what the.....something is wrong i am getting bunch of emails about orders getting confirmed.
Colleague dev: (checks the main email where it gets all email sent/received) holy shit all of our clients getting confirmation email for orders which were already cancelled/incomplete.
Me: imediately contacting bluehost support, asking them to down the server so just that we can stopp it, 600+ emails were already sent and people keep getting it.
*calls head of IT* telling the situation because he's not in the office atm.
CEO: wtf is happening with my business, is it a hacker?
*so we have a intrusion somebody messed the site with a script or something*
All of us(dev) sits on the code finding the vulnerabilities , trying to track the issue that how somebody was able to do that.
*After an hour*
So we have gone through almost easch function written in the code which could possibly cause that but unable to find anything which could break it.
Head asking op when did you started getting it actually?
Op: right after 12 pm.
*an other hour passes*
Head: (checking the logs) so right after the last commit, site got updated too?. And....and.....wtf what da hell who wrote this shit in last commit?
* this fuckin query is missing damn where clause* 🤬
Me: me 😰
*long pause, everyone looking at me and i couldn't look at anyone*
The shame and me that how can i do that.
Head: so its you not any intrudor 😡
Further investigating, what the holy mother of #_/&;=568 why cronjob doesn't check how old the order is. Why why why.
(So basically this happened, because of that query all cancelled/incomplete orders got updated damage done already, helping it the cronjob running on all of them sending clients email and with that function some other values got updated too, inshort the whole db is fucked up.)
and now they know who did it as well.
*Head after some time cooling down, asked me the solution for the mess i create*
Me: i took backup just couple of days before i can restore that with a script and can do manual stuff for the recent 2 days. ( operation manager was already calling people and apologising from our side )
Head: okay do it now.
Me: *in panic* wrote a script to restore the records ( checking what i wrote 100000000 times now ), ran...tested...all working...restored the data.
after that wrote an apology email, because of me staff had to work alot and it becomes so hectic just because of me.
* at the end of the day CEO, head, staff accepted apology and asked me to be careful next time, so it actually teached me a lesson and i always always try to be more careful now especially with quries. People are really good here so that's how it goes* 🙂2 -
Okay so here are a few lessons that I have learned from being an intern to a junior developer (who’s just 2 years out of college).
- every ninja engineer starts off as a noob. There’s nothing to be ashamed of if you don’t know “everything” about coding
- Respect everyone’s opinion (including the one that shouts your design is crap in a meeting). Don’t process them too much.
- leave things that happen at work, in the workplace
- Keep yourself up to date even after you’ve bagged the 100,000$ offer. Never.stop.learning.
- Be polite to your interns (been there). They look up to you and treat their juniors the way you treat them.
- Be honest. Including your tiny scrum updates. If you need more time, tell it. If you’ve screwed up something , own it up.
- Never blame or point fingers.
- Nothing is irreversible.(except things like sudo rm -rf/)
- There’s always a way out(of any mess).
- Respect what came before.
- Respect what comes after (before you push badly written code)
- It’s ok to point out mistakes but Be kind. (Else you’ll end up in someone else’s rant ;-) )3 -
i remember doing this stupid thing in java which would instantiate some object every frame or something like that which would make your computer run out of memory in a few seconds
do you want to know what my genius solution was
run System.gc() every frame
i was like 8 fucking years old i didn't know what i was doing6 -
TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.
The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...
So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.
After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...
I guess I learnt how to properly secure a server from this attack 💪3
Top Tags
Weekly Rant
View