Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "server access"
-
Long rant ahead, but it's worth it.
I used to work with a professor (let's call him Dr. X) and developed a backend + acted as sysadmin for our team's research project. Two semesters ago, they wanted to revamp the front end + do some data visualization, so a girl (let's call her W) joined the team and did all that. We wanted to merge the two sites and host on azure, but due to issues and impeding conferences that require our data to be online, we kept postponing. I graduate this semester and haven't worked with the team for a while, so they have a new guy in charge of the azure server (let's call him H), and yesterday my professor sends me (let's call me M), H and W an email telling us to coordinate to have the merge up on azure in 2-3 days, max. The following convo was what I had with H:
M: Hi, if you just give me access to azure I'll be able to set everything up myself, also I'll need a db set up, and just send me the connection string.
H: Hi, we won't have dbs because that is extra costs involved since we don't have dynamic content. Also I can't give you access, instead push everything on git and set up the site on a test azure server and I will take it from there.
M: There is proprietary data on the site...
H: Oh really? I don't know what's on it.
<and yet he knows we have no dynamic data>
M: Fine, I'll load the data some other way, but I have access to all the data anyway, just talk to Dr. X and you'll see you can give me access. Delete my access after if you want.
H: No, just do what I said: git then upload to test azure account.
Fine, he's a complete tool, but I like Dr. X, so I message W and tell her we have to merge, she tells me that it's not that easy to set it up on github as she's using wordpress. She sends me instructions on what to do, and, lo and behold, there's a db in her solution. Ok, I go back to talking to H:
M: W is using a db. Talk to her so we can figure out whether we need a database or not.
H: We can't use a database because we want to decrease costs.
M: Yes I know that, so talk to her because that probably means she has to re-do some stuff, which might take some time. Also there might be dynamic content in what she's doing.
H: This is your project, you talk to her.
<I'm starting to get mad right now>
M: I don't know what they had her do apart from how it interfaces with what I've done.
H: We still can't have databases.
M: Listen, I don't do wordpress, and I'm not gonna mess with it, you talk to her
H: I won't do any development
<So you won't do any dev, but you won't give me access to do it either?>
M: Man, the bottleneck isn't the merging right now, it's the fact that W needs a db
H: I know, so talk to her
M: THE RESTRICTION TO NOT HAVE DATABASES IS NOT MINE, IT'S YOURS, YOU TALK TO HER. I can't evaluate whether it's a reasonable enough reason or not since I don't know the requirements or what they're willing to spend.
H: It's your project.
M: Then give me fucking access to azure and I'll handle it, you know you'll have to set up wordpress again regardless whether we set it up the first time.
H: Man just do your job.
At this point I lost it. WHAT A FUCKING TOOL. He doesn't wanna do dev work, wants me to go through the trouble of setting up on a test subscription first, and doesn't want to give me access to azure. What's more, he did shit all and doesn't want to anything else. Well fuck you. I googled him, to see if he's anyone important, if he's done anything notable which is why he's being so God damn condescending. MY INTERNSHIP ALONE ECLIPSES HIS ENTIRE CV. Then what the fuck?
There's also this that happened sometime during our talk:
M: You'll have to take to Dr. Y so he'll change the DNS to point to the azure subscription instead of my server.
H: Yea don't worry, too early for that.
M: DNS propagation takes 24 hours...
H: Yea don't worry.
DNS propagation allows the entire web to know that your website is hosted on a different server so it can change where it's pointing to. We have to do this in 2-3 days. Why do work in parallel? Nah let's wait.
I went over his head and talked to the professor directly, and despite wanting to tell him that he was both drunk and high the day he hired that guy, I kept it professional. He hasn't replied yet, but this fucker's pompous attitude is just too much for me alone, so I had to share.
PS: I named his contact as Annoying Prick 4 minutes into our chat. Gonna rename him cz that seems tooooooo soft a name right now.undefined tools i have access and you don't haha retards why the fuck would you hire that guy? i don't do development46 -
When someone's calls and completely loses his shit (swearing etc etc) because we HAVE TO FUCKING HELP HIM BECAUSE THOUSANDS OF PEOPLE RELY ON THIS SITE WHICH IS DOWN.
Explained him calmly that its an unmanaged server which we literally don't have access to. Keeps on calling me all kinda things and then says he'll email some login details.
Bossman walks in, collegue goes like 'yo guess what just happened with linuxxx!'
Le me explains the story.
Bossman: email me his number. I'm going to call him. You treat my employees with fucking respect.15 -
So a few days ago I felt pretty h*ckin professional.
I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.
"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."
Music to my ears.
First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.
Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.
And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.
Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.
Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).
Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.
The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.
Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.
Happy Algo!8 -
Manager asked for access to server with admin rights for a third party contractor and I questioned him... His answer?
- Your are gonna give access to anyone that needs access.
I gave. Went for a 15 days vacation.
Our server got blocked by our cloud provider because of ssh brute force attempt coming from it and the company website went offline during a big ass meeting because of that.
Made me giggle :)11 -
Hello everyone, found this place recently, decided to bore you with one (or many) Navy story... tech Navy story. I'll start from the end.
Little backstory: I've deployed a simple domain setup on the ship I served, nothing fancy, a server, a switch, 10 computers, all Windows (details on that at another rant). I enter the ship Monday morning, and the XO tells me that he can't access his online folders.
OK, I say, I'll get to it. I fire up my laptop, try to RDP to the server (I know, I know, burn me at the stake later) no connection. WTF? Is the service down? I try pinging. No luck. I tried pinging the switch. OK. Looking at the switch admin panel, I see the server's port is dead. "OK, probably the cable." (we have old ethernet cables)
So, I drag my ass over to the server (same room with ship comms) with the cable tester to confirm that. What do I see?
The IMBECILES had pulled the plug from the server so that they could charge their mobile phones. I literally slammed my head against the door (calming exercise in case of spontaneous murder impulses - the things you learn at the Academy). My CO was nearby, and lucky for the guys, he heard me yell at them, while throwing mobiles and chargers around.
"But we thought it was OK, we just wanted to charge our-"
I kid you not, I reached for the firefighter's axe.
My CO grabbed me by the collar and dragged me to his room. I explained to him (between two cigarettes) that we MUST get a UPS and a server cabinet (budget constraints in the military are something that will give you people nightmares, trust me). I carefully explained to him that unless we got those, nothing would prevent the next moron from destroying confidential data and me from murdering him.
I plugged in and booted the server, after installing a multi socket extension. Two days after, surprise surprise, the server was off again. That was the first time I opened the door to the CO's room with a low kick. I must have looked like a psycho on drugs, he gave approval for the purchase in twenty seconds flat.
After that, I installed the UPS and the cabinet. Everything went inside, from the UPS to the very plugs. Just a locked box with cables coming out.
One of the guys came to my room, and asked if I could unlock the cabinet so that they could plug a "device" they needed.
I actually reached for my folding knife.
Disclaimer: The story above is TRUE. Even the almost violent parts.23 -
Production is down, a coworker got himself locked in his own apartment so he can’t leave and another is late, the phone won’t stop ringing
And I don’t have the credentials to access the production server
Just a monday morning, everything’s fine 🔥😊🔥7 -
"could I get admin privileges to reboot this server?"
Sounds valid enough, right?
OH YEAH SURE, YOU'RE A TINY USER ON A HUGE ASS SHARED SERVER, OF COURSE I'LL GIVE YOU ROOT ACCESS TO REBOOT THE WHOLE FUCKING SERVER.
Worst part, he didn't understand why that would be weird.
Can I buy a little common sense somewhere for this guy?27 -
I had just started my new job and deleted 3 years of data that the client had spent over £450,000 collecting 😱
another developer used my PC to quickly access the clients database while I was out the room as I had sql management studio open. I went back to my PC thinking I was connected to my local database, did a few truncate tables to test my software and :0 minutes later I get a call asking why there was no data on the server!
Thank god for backups 😓7 -
Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'
Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!
I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.
Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.
Was pretty shaken up but damn I learned my lesson!8 -
The website i made has been hacked today.
Stored in their server.
They didnt give me an access for it.
The user account in the cms i used for updating content while building the website was revoked when the website is completed.
Now they ask me for the latest backup.
I have no backup because how the hell i do a backup when i got no access to the cpanel.
The only backup is the zip file for initial uploading into their server and the contents were added after the website is on their server.
That goddamn IT guy who wont give me any access for “securty sake” is calling me furiously asking for the backup and how to set up the stuffs from the beginning.
I thought he was the one who know his shit but i was wrong.
Fuck me?
No.
Fuck you.
But i still responding to him telling him step by step how to do shit with some swearing and sarcasm.
ALWAYS BACKUP YOUR SHITS, MATE7 -
Working 600 km from home on my first big web project, with a raspberry pi as server (located at home). Decided to reboot it today in order to see if it would resolve a problem.
It probably booted up with a different local ip, cant access it anymore with ssh or ftp.
Fuck.14 -
Got my front end friend (also my irl best friend) to agree on me setting up a vm/vps on one of my dedi's with a sub domain so he can learn to work with servers.
He agreed on me leaving root access for myself in case he couldn't figure something out and I (a Linux server engineer myself) would have to help him out.
He seemed so excited, will set this up when I get home 😊6 -
The network starts slowing down, transactions start to fail across the 450+ stores, the website starts to spit 500 errors what is going on?
Queue a frantic running around the office working out what was going wrong... Calls from all 3 data centres, nothing is going in or out of the network.
Notice the network admin come back to his desk, his eyebrows raise and he looks left and right before unplugging his laptop ethernet from one of the server access points
The network rushes back to life, everything is fine.
That particular network mapping tool is now banned for use on production.10 -
1. A client asks a website.
2. Client pays 50% upfront.
3. I create the site on my server he gets no access.
4. I request rest of payment.
5. Client doesnt want to have the website anymore and tells me to keep the money and he nearly closes his business.
Happens to me 4th time so far.
Not fair.12 -
Contrary to most people I really love to receive email related to jobs when I'm in holiday. I keep important alerts on.
It's like:
email: ***urgent, server down***
me (sipping mojito by the pool): fuck them. let's them deal with that
email: ***requirements all wrong, must develop the feature again***
me (enjoying a dinner): oh, I told them 100 times!, fuck all of them, work for me now, stupid moron.
email: I destroyed by mistake the db with an update..."
me (dancing like crazy): ahahaha I told you that support guys should not have access to production db, fuckfuck you, fix it yourself!!!
and so on..... I don't know, it just boost my pleasure during holiday.9 -
Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”
Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”8 -
Just had a fucking god-mode moment.
My dear @Divisionbyzero asked me to help out with DKIM on his Linux server.
Although I'd never done it before, with the help of a search engine and root access to the server, I managed to somehow figure out what was going wrong and fix it.
This is quite deeper than I ever went with debugging!
Also a big thanks to Linux for being open, otherwise I'd be fucking fucked right now.7 -
Not really dev as much but still IT related 😂
in college we got some new macs in our class. Before we were allowed to use them the "IT Tech" came in and did something to them all (probably ran some scripts to set stuff up)
Anyway, I was completely new to OS X and accidentally pressed a key combo that opened up a dialogue to connect to a remote file server. I saw the address field was already filled out (from when the IT Tech was running the scripts). So me being me I decided to connect. Low and behold my student credentials got me in.
Taking a look around I found scripts, backups and all sorts of stuff. I decided to look at some of the scripts to see what they did. One of them was a script to add the Mac to the domain. Here's the funny part. The login to do that was hard coded into the script....
To conclude. I now have domain level access to my whole college network 🙃
Tl;Dr: stupid it tech saves password in script. I find it. I now have domain level access to the college network14 -
TL;Dr be specific, it's actually helpful.
Client rings... "The internet is down"
Me "ok where are you exactly and how are you connecting"
"Ugh the WiFi! Just fix it"
"Ok but where are you?"
"At $companyname"
"Ok and which wi..."
"The wifi?!! Can you do anything right?"
Well... I'm allowed flexibility in terms of pleasantry...
"Ok, there are 3 buildings, 55 rooms, 2 SSID's, 17 access points, 3 routers a RADIUS server and 2 gateways... Be specific or I'll do nothing"
Simple reboot of an access point, but c'mon... It's not a secret where you are7 -
Boss: log in to azure and fix this server
Me: I don't have access
Boss: why not?
Me: you never gave me access...
Boss: ...
Me: hello?
Boss: (never responds in chat)
Me: 😒4 -
So Facebook provided unlimited data access to loads of companies including spotify/microsoft and other big names.
Although there are privacy rules, those companies had deals which excluded them from these privacy rules.
I don't think my custom DNS server or a pihole is enough anymore, let's firewall block all Facebook's fucking ip ranges.
Source: https://fossbytes.com/facebook-gave...19 -
Worst legacy experience...
Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.
Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.
The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.
Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).1 -
Worst thing you've seen another dev do? So many things. Here is one...
Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)
When I pointed out the security flaw, the developer accused me of 'hacking' the site.
I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")
Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
<click..click>
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
<click..click..click..click>
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>
Not even 5 minutes later a company wide email was sent from Adam..
"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"
The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.
That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.5 -
Today FileZilla saved my life by storing all site connection passwords in base64
Without it we'd have lost access to an old production server 👌6 -
so um... several of my users access file explorer ONLY via Word.
How?
Well, open Word: File->Open->Computer->Browse (nb. thank you Word 2013 and onwards for making life miserable) and voila, access to documents, downloads, and server shares is gained.
...
Users... they will always find a way7 -
When I was 10 years old, all kids at my school got access to school emails. The email address book contained everything in my city, like fire department, all pupils of all schools etc. So I decided to "test" the system by sending out a mass email to everyone in the address book (about 3k) with the question "Hi, how are you?".
The sys admins apparently didn't think very far as I got some responses saying like "You have crashed a server in the capital city" and "I have contacted your local IT admin".
So I went to the IT admin and told him the situation. His face turned red of anger and I remember him almost screaming at me.
Who the fuck doesn't set up protection for this and gives out access to 10 year olds? This was 15 years ago, I really hope sys admins are smarter today!6 -
To improve our user's "experience" I suggested to my boss to add a status page showing...well, the current status of our services. Everybody was up for it, so I go off and implement a basic version + automated monitoring backend, get lots of positive feedback, all seems fine.
Then it starts:
Boss: "Can you get it all set up by this Saturday?"
Me: "Uh, today is Wednesday and I've never set up all the stuff needed on a proper server before"
Boss: "Well, you still have a few days. Please also contact your coworker to get it all hooked up in our launcher"
Me: "I'll try, can't make any promises though"
Contact my coworker and tell him what the plan is. I had already given him access to the repo and he is positive to get it all hooked up (I doubt he ever cloned my repo, let alone ran my code)
Spend all Friday getting my stuff set up on the production server, feeling pretty good thanks to the many tutorials.
Contact the boss Friday evening:
Me: "All up and running"
Boss: "Thanks, but we decided to go with a basic HTML page instead. We can just manually edit that, should be enough.
Me: "..."
In the end my stuff was never used, the server I set up was finally taken down a month ago. The gratitude you get when not hacking together some absolute shit that causes problems when you don't add <br/> tags at the correct places to prevent an ugly overflow, cause the coworker was too lazy to implement some form of line wrap in the launcher. I'm not saying my stuff is the best of the best, but at least it was professional looking to a certain extent.8 -
>give person jailed access to my server.
>person breaks out, and notifies me.
>i fix the hole
>three weeks later i decide hes trustworthy enough and the jail is causing too many problems so i give him unjailed access
>first thing he does is crash the system
albeit unintentionally, but seriously?1 -
The last year my school installed MagicBoards (whiteboard with beamer that responses to touch) in every class room and called itself "ready for the future of media". What they also got is A FUCKING LOW SPEC SERVER RUNNING DEBIAN 6 W/O ANY UPDATES SINCE 2010 WHICH IS DYING CONSTANTLY.
As I'm a nice person I asked the 65 y/o technician (who is also my physics teacher) whether I could help updating this piece of shit.
Teacher: "Naahh, we don't have root access to the server and also we'll get a new company maintaining our servers in two years. And even if we would have the root access, we can't give that to a student."
My head: "Two. Years. TWO YEARS?! ARE YOU FUCKING KIDDING ME YOU RETARDED PIECE OF SHIT?! YOU'RE TELLING ME YOU DON'T HAVE TO INSTALL UPDATES EVEN THOUGH YOU CREATE AN SSH USER FOR EVERY FUCKING STUDENT SO THEY CAN LOGIN USING THEIR BIRTH DATE?! DID YOU EVER HEAR ABOUT SECURITY VULNERABILITIES IN YOUR LITTLE MISERABLE LIFE OR SOUNDS 'CVE-2016-5195' LIKE RANDOM LETTERS AND NUMBERS TO YOU?! BECAUSE - FUNFACT - THERE ARE TEN STUDENTS WHO ARE IN THE SUDO GROUP IF YOU EVEN KNOW WHAT THAT IS!"
Me (because I want to keep my good grades): "Yes, that sounds alright."13 -
Last week, someone contacted me, he said he needed me to fix the existing code on a new WordPress website because the developer did a messy job, so I thought to myself, it can't be that bad, requested for the SSH access and got into the server.
Guys.
Guys..
Guys...
I was wrong, some people really know how to fuck shit up.
I don't want to go into details but there were legit more than 50 plugins installed and activated on the website for no good reason and all the pages took about 45 minutes each to render if not more, so you can literally request a new page, start making coffee and use the washing machine and if you are lucky to have spent 45 minutes, return to a fully loaded page.
For a new WordPress website, it seemed really old.
It was almost as if this developer had a line of code that looked like this:
@Import 'all the bad programming practices ever and the ones yet to be invented';20 -
HO. LY. SHIT.
So this gig I got myself into, they have a whitelist of IP addresses that are allowed to access their web server. It's work-at-home. We just got a new internet provider, and it looks like I get a different public IP address everytime I disconnect and connect to the WIFI. And since it looks like the way they work on their codebase is that you either edit the files right on the server or you download the files that you need to work on, make the changes, and then re-upload the file back to the server and refresh the website to see the changes, now I can't access the server because I get different IP addresses. And it's highly inconvenient to keep emailing them to add IP addresses to the whitelist.
No source control, just straight-up download/upload from/to the server. Like, srsly. So that also means debugging is extremely hard for me because one, they use ColdFusion and I've never used that shit before and two, how the hell do you debug with this style of work?
I just started this last Tuesday, and I already want to call it quits. This is just a pain in the ass and not worth my time. I'll be glad to just go back to driving Lyft/Uber to make money while I look for a full-time, PROPER job.
By the way, can I do that to a contracting job? Just call it quits when you haven't even finished your first task? How does this work?17 -
Decompiled a .exe from a program that was written in Visual Basic 6.
Got a public server IP, username and Password that was hardcoded in the program.
Found out it was a SQL Server. I've now got full access to the server.
I want to tell the company about this, but I'm afraid I might get sued. Any advice?12 -
This is from my days of running a rather large (for its time) Minecraft server. A few of our best admins were given access to the server console. For extra security, we also had a second login stage in-game using a command (in case their accounts were compromised). We even had a fairly strict password strength policy.
But all of that was defeated by a slightly too stiff SHIFT key. See, in-game commands were typed in chat, prefixed with a slash -- SHIFT+7 on German-ish keyboards. And so, when logging in, one of our head admins didn't realize his SHIFT key didn't register and proudly broadcast to the server "[Admin] username: 7login hisPasswordHere".
This was immediately noticed by the owner of a 'rival' server who was trying to copy some cool thing that we had. He jumped onto the console that he found in an nmap scan a week prior (a scan that I detected and he denied), promoted himself to admin and proceeded to wreak havoc.
I got a call, 10-ish minutes later, that "everything was literally on fire". I immediately rolled everything back (half-hourly backups ftw) and killed the console just in case.
The best part was the Skype call with that admin that followed. I wasn't too angry, but I did want him to suffer a little, so I didn't immediately tell him that we had good backups. He thought he'd brought the downfall of our server. I'm pretty sure he cried.5 -
I decided to setup a little server on my local network just to make use of a 2TB harddrive I use to store videos.
Told everyone in the house I planned to grow the library over time and that they could access it all in a browser using my system name. It's become quite a fun venture and my video library is shaping up nicely.
Using nginx on a Dell XPS 17 with Ubuntu 16.04 to host a server that just auto indexes a shared directory on my external 2TB harddrive. Kind of an embarrassing rig, but it's just a hobby activity and I do plan to upgrade shit later.
The real fun has been getting to understand a bit more about video files. They used to be magic to me, as complex as their file extension. Now I run a script on all of my torrents which checks the video and audio codecs, converting them if they aren't supported by Chrome's and Firefox's web players, and outputting mp4s using ffmpeg. I feel like I have this stuff down fairly well now. Becoming more and more automated.
Next step is to port forward so I can access it from anywhere, but we'll see about that later down the line.22 -
"So you need access to the test server?"
Me:"Yes"
"Please fill these 800000000 forms,sign here,get your blood sample,your ID ,your right kidney,letter of approval from your boss,...."
Fuuuuuuuck!!!! I just want to change only 3 lines of code!!!!!!5 -
I was working as a contractor for a client who just got enough funding to hire a full-time dev. I lovingly referred to him as "Mr. Koolaid" because he was obsessed with whatever the newest hotness was and cried constantly about how the 3-year-old code-base didn't use The Next Big Thing(tm). This was my first interaction with him:
Mr. Koolaid: I'd like access to the github repository. My username is xxxx.
Me: We currently aren't hosting the code on github. If you send me your public ssh key, I'll get you access to the private server.
Mr. Koolaid: I'd like to access the github repository.
Me: It's not on github; send me your public key and I'll get you access.
Mr. Koolaid: Can we skype real quick? You don't need my public key to grant me access to the github repo.
*Mr. Koolaid proceeds to forward me github's documentation on adding users to an organization and the documentation for adding users to a private repo. The email is written in a very passive-aggressive tone.*
ಠ_ಠ9 -
I'm not sure if this entirely qualifies and I might have ranted about it a few years ago but fuck it.
My last internship. Company was awesome and my mentor/technical manager got along very well with me to the point that he often asked me to help out with Linux based stuff (he preferred Linux but was a C# guy and wasn't as familiar with it as me (Linux)).
We had to build an internal site thingy (don't remember what it was) and we delivered (me and some interns) and then the publishing moment came so I went to out project manager (a not-as-technical one) and asked if he could install a LetsEncrypt certificate on the site (he knew how and was one of the only ones who had direct access to the server).
He just stared at us and asked why the fuck we needed that since it was an internal thing anyways.
I kindly told that since it's free and can secure the connection, I preferred that and since its more secure, why the fuck not?
He wasn't convinced so it was off.
Next day I came in early and asked my mentor if he could do the SSL since he usually had access to that stuff. He stared at me with "what?" eyes and I explained what the PM said.
Then he immediately ssh'd in and got the damn cert with "we're going to go secure by default, of course!"
A minute later it was all set.2 -
A client obsessed with *security* won’t give us access to the server that hosts the website we built.
Code release involves building templates, compressing the changed files into a zip folder, and emailing them to the client with instructions on where the changed files go8 -
Day 1:
Me: 'Hi'
Middleware guy: 'Raise a Jira. We have always been so accommodating. Contact your manager.'
*Jeez*
===
Day 2:
Me: 'Could you please start the server in dev environment? I am a new joiner. I don't have access. Here is a jira.'
Middleware guy: 'Deadlines may be for you. It is not for me. Wait until tomorrow.'
*Damn, did he get a divorce recently?*
===
Day 5: *An urgent delivery asap* 'Hi, could you please do the configuration of the new app in staging?'
Middleware guy: 'So, here is the split up...
Task 1
Task 2
Task 3
Task 4
Task 5 & 6
Your app will be configured by tomorrow first half hopefully.. Oh and you can escalate if it is too late..
'
*What a b...*
===
Day 8:
Me: *Doing late sit for pushing a task* 'Hi, we have an issue. The server is not starting. Could it be due to..'
MW guy in 'second' shift: 'Oh, we don't extend support on unusual hours'
Me: 'But this is second shift.'
MW guy: 'Yeah, but I have to go home early now...'
====
Day 10:
Team Lead: 'Any innovative solutions?'
Me: 'Let's go SERVERLESS!' :D12 -
Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".
You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.
Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.
So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.
Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.
There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.8 -
It was fucking weird when our teacher in web programming class told to make a PHP page but he forgot to give us root access to Apache server and most importantly more than half of the class didn't know what the fuck a web server was and what is Apache.
Rest in peace college degree.1 -
2 weeks ago I was writing an `rm -rf --no-preserve-root /` oneliner as a joke - as an answer to a question "I have access to my competitor's server; what should I do?". I was crafting it so that it'd do as much damage to the business (not the server) as it could.
And I accidentally executed it on my work laptop. In the background (with an `&`).
It ran for a good 5-7 seconds on an i7-11850H with an SSD, until I issued a `kill %%`
Good thing it ran as a non-root user. Bad thing - I have no idea what it may have deleted nor whether it touched my /home.
I'm afraid to restart my laptop now :)
whoopsie :)9 -
This happend to me around 2 weeks ago. For some reason, I decied to post this now.
I won the lottery, yey! I mean, bot really, but I am <19yo student, "less than junior dev" in my office, but sonce I am the only one who is capable of working with hardware, I was working month back as a sysadmin for a few days. Our last sysadmin was really good working but really, really toxic guy, so he got fired on a spot after argument with some manager or whatever, no big deal, we could have another guy hired in a week. But, our backup server literally was on fire, all data probably dead because bad capacitor or whatever. This was our only backup of everything at the time. Everyone in full fucking panic mode, we had literally no other working HW we could use for backup, but then comes me, intern employed on his first dev job for 3 months. That day I bought some HW for my own personal server at home (Intel NUC with some Celeron, 4GB DDR4 RAM and two 240GB SSDs for RAID 1. My manager asked everyone in the office for sollution how to survive next 4 days before new server arrives. People there had no idea what tk do and no knowedgle about HW, I just came from a break and offered my components for a week, since there was noone else who can work with HW, servers and stuff like this, manager offered me $500+HW cost if I, random intern, can make it work. I installed Debian on that little PC, created RAID1 from both SSDs, installed MySQL server and mirrored GIT server from our last standing server (we had two before one of them went lit 🔥), made simple Python script to copy all data on that RAID, with some help of our database guy copied whole DB from production to this little computer and edited some PHP so every SQL request made on our server will run on that NUC too. Everything after ±2 hours worked perfectly. Untill a fucking PSU burned in our server and took RAID controller with him in sillicon heaven next night, so we could not access any data unltill we got a new one. Thanks to every god out there, I was able to create software RAID from survived HDDs on our production server and copy all data from that NUC on the servers software RAID and make it working at 3 AM in the night before an exam 😂. Without this, we would be next ±40 hours without aerver running and we might loose soke of our data and customers. So my little skill with Linux, Python, MySQL and most importantly my NUC hardware I got that day running as a backup server saved maybe whole company 😂.
Btw, guess who is now employee of the year with $2500 bonus? 😀
Sorry for bragging and log post, but I was so lucky an so happy when everything worked out, good luck to all sysadmins out there! 👍
TL:DR: Random intern saved company and made some money 😂7 -
So I'm moving to a new/bigger place with faster Internet soon so I think it's time to rebuild my current home/remote server setup.
I want to setup the following things:
- vps for server monitoring (open source pushover alternative + netdata)
- Zero tier network for connecting all my servers to the same network
- pihole/pivpn (or the Angristan vpn installer, look it up :)
- second blocking thingy next to pihole to make sure that I literally can't access google/fb etc anymore, even if I really needed/wanted to
- bunch of general servers.
Any ideas?21 -
Well, just remembered a fuck up one of my friends and me did. Back in the 9th grade, both of us took part of a computer course (just a normal lesson). He got me into programming. So after half a year we "hacked" into the school server. Tbh it was quite simple. The server did a backup each week in a specific folder. The problem was, the backup file had no proper rights set. Everyone had access to it. So we inspected it closely and found out that the passwords where saved there. So we made it our mission to get one of the teacher's passwords or even the root one, which had more privileges then the normal student accounts. After about 2 days we managed to crack one of them (using a hash table available for download). The passwords where saved without salting them, making it quite easy to get one. Now we were sitting there, having access to a teacher's account. So we logged in and tried to figure out what to do next. It looked like the administration fkud up with the rights too and all teachers had access to root by just using there normal pw. Well, the Grand final is coming. We put a script into the startup of the server (which restarted at 4:30 AM each Friday). The only line that was written in it was "./$0|./$0&"
We never got caught. And it was a heck of fun ^^8 -
This happened quite sometime ago.
I received a client, reputable university in my country. After all the paper work was done, I was emailed access to one of their AWS server, FTP where the username and password were both admin. I didn't say much to them at that moment.. Maybe they had some precautions?
Over night I received another email, around 3am,
"Hi Uzair, we've monitored a breach while leaving FTP access open."
Well, that was sorta expected.
I received SFTP access to the server the following day,
username: admin,
password: @dmin3 -
I've been pleading for nearly 3 years with our IT department to allow the web team (me and one other guy) to access the SQL Server on location via VPN so we could query MSSQL tables directly (read-only mind you) rather than depend on them to give us a 100,000+ row CSV file every 24 hours in order to display pricing and inventory per store location on our website.
Their mindset has always been that this would be a security hole and we'd be jeopardizing the company. (Give me a break! There are about a dozen other ways our network could be compromised in comparison to this, but they're so deeply forged in M$ server and active directories that they don't even have a clue what any decent script kiddie with a port sniffer and *nix could do. I digress...)
So after three years of pleading with the old IT director, (I like the guy, but keep in mind that I had to teach him CTRL+C, CTRL+V when we first started building the initial CSV. I'm not making that up.) he retired and the new guy gave me the keys.
Worked for a week with my IT department to get Openswan (ipsec) tunnel set up between my Ubuntu web server and their SQL Server (Microsoft). After a few days of pulling my hair out along with our web hosting admins and our IT Dept staff, we got them talking.
After that, I was able to install a dreamfactory instance on my web server and now we have REST endpoints for all tables related to inventory, products, pricing, and availability!
Good things come to those who are patient. Now if I could get them to give us back Dropbox without having to socks5 proxy throug the web server, i'd be set. I'll rant about that next.
http://tapsla.sh/e0jvJck7 -
Inception.
Today I needed to check something in a remote server: this was the easiest way:
1: teamviewer to my home pc from university
2: started a vm on that machine with vpn connection to my work office
3: rdp to a windows server vm
4: ssh to a vm on our hosting cluster
5: from there, ssh to the server that I needed access to7 -
Before 10 years, a WordPress site hacked with sql injection. They had access to site, they modified many php files and installed commands to download random malwares from over the internet.
At first I didn't know that it hacked and I was trying to remove any new file from the server. That was happening every 1-2 days for a week.
Then I decided to compare every WordPress file with the official, it was too many files, and I did it manually notepad side notepad!! :/
Then I found about over 50 infected files with the malware code.
Cleaned and finished my job.
No one else knows that I did a lot of hard job.2 -
1 - Please hack his/her facebook account for me.
2 - (at home) I used to block wifi access by mac filtering and if there's legit server down and wifi isn't working, everyone blames me.
(I am freelancer and mostly work from home)
3 - almost all of my relatives think I don't work.
4 - I am first choice for everyone's phone, PC and hardware repair.
This one is classic
GET A REAL JOB, you need to go out in the field for work.5 -
I think I've got a working searx instance which I'd open up for the public.
NOTE: I cannot prove that I don't store anything because for that you'd need root access to the server which I won't give obviously. If you're not comfortable with that, just don't uses it.
I still have to do something for ip address logging anonymising or stripping, though. (nginx + CSF provided enough abuse prevention).
Tips on that?29 -
Preface: My company took over another company. A week ago I inherited their IT.
"IT" !!!! Are you fucking kidding me?!
Their server stood at an ex employees homeoffice. So I drove to her and she had 0 idea about IT. Server was just "Running". I tore that fuck down and saw an aweful lot of Hentai in all home folders.
WTF?!
Not enough, their crm was a makroinfested access table. Shit was protected so I couldn't even edit the makros. The retarded fucktards hardcoded paths to serverside folder \\fuck\you\hard\cavetroll
Just so that server will never see the light of my domain! Damn you? Mothership of sisterfucking dickgirls!10 -
thought I'd type:netstat -atn on my server and the result was a bit scary, found a Russian IP address with state of: FIN_WAIT1
Either Fail2ban was closing his connection or that dude was able to access my server :/
Checked /var/log/auth.log
and found this for his IP: Failed password for root from ----- port 37635 ssh2
I hope I'm still safe :)
Instantly disable password login and make it only SSH
but now I need to carry my SSH keys or else I'm blocked out lol9 -
One developer to me:
I will need access to root account on that new machine you just installed so that I can install/configure all the stuff and so you won't have to do it.
Me - I can't give you root. Not even sudo, this will be a production machine, I need to have a clean track of it.
D - but I will give it (root) back to you once I'm done.
Me - look pal, root access is like virginity. I can give it away but I will never be able to get it back.
D - But you can remove my access later. And, talking about virginity, there are operations that "restore" virginity ;)
Me - yes, and I can take access to root from you afterwards, which would be similar to the procedure you are referring to. But it won't change the fact that the server was already fucked. -
I work at a place where security is really high when it comes to server access. Today I was in urgent need to get admin access to a server, this is a real pain. Luckily I found an xml in version control containing the credentials for the web application which happens to be an admin account! Lucky me, saved me at least two weeks of waiting to get admin access!4
-
So my ISP just called me again that I'm sending plenty of spam. This time, I have all flows logged, so I know for sure that it wasn't my TV (only vulnerable device with internet access) and as my switch was offline there is nothing in front of my router anymore. And I learned that all the spam was going directly to their smtp server which I never used and didn't even know they have some. All in all everything points to their cable modem. Will tell them that in response to the mail they promised to send me. Really looking forward to new at least a little bit competent ISP (alternative should be available soon).3
-
The only person responsible for the server maintenance has put in his resignation period in.
The other person that has access to the servers does not know the difference between production & lab.
Fun times ahead14 -
Was getting absolutely crazy about not getting access to phpmyadmin on my server. Tryed 10things. Broke server twice. Asked @linuxxx and he just told me the solution like the cool guy in school jumping on his drink to make the package pop.
awesome guy7 -
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**undefined arms race fuck sysadmin ssh why can't you just have any fucking sanity school windows server security2 -
Fucking fuck you STRATO. This cancer of a german hosting provider just should be shutdown for crimes against reason. Our website got infected by some shit (I'd like to not state why, there is only so much pressure my main arterie can handle) and now we are supposed to remove that file. Well they blocked all incoming and outgoing traffic to the server so we cannot connect via sftp, the only choice you got with STRATO. And they wont restore network access for the server unless we remove the file. No logical loop to see here citizen, please move on.26
-
Junior dev requests for sudo access on a server instance for some package installation, gets it, figures out how to open the root shell - never goes back. They do everything on root.
Fast forward to production deployment time, their application won't run without elevated privileges. Sysadmin asks why does the application require elevated privileges. Dev answers, "Because I set it up with root" :facepalm:15 -
Okay.. I just did it. I had to reinitialize a server because I lost the single SSH keypair (probably the one from my BELOVED Windoze desktop that I recently had to reinstall) that was authorized to access the server, and I didn't add any of the other clients' keys to the server's authorized_keys.
Note to self: replicate all your fucking keys or (or rather, and) back them the fuck up into your keychain already!! Why else does that keychain USB stick exist, Condor, you bloody fucking moron?!!
Well, at least now the admin panel on Aruba Cloud doesn't say "Ubuntu 14.04" that's been upgraded to Ubuntu 18.04 anymore, but 18.04 as it should.. but that's about the only good thing.13 -
TLDR - you shouldn't expect common sense from idiots who have access to databases.
I joined a startup recently. I know startups are not known for their stable architecture, but this was next level stuff.
There is one prod mongodb server.
The db has 300 collections.
200 of those 300 collections are backups/test collections.
25 collections are used to store LOGS!! They decided to store millions of logs in a nosql db because setting up a mysql server requires effort, why do that when you've already set up mongodb. Lol 😂
Each field is indexed separately in the log.
1 collection is of 2 tb and has more than 1 billion records.
Out of the 1 billion records, 1 million records are required, the rest are obsolete. Each field has an index. Apparently the asshole DBA never knew there's something called capped collection or partial indexes.
Trying to get approval to clean up the db since 3 months, but fucking bureaucracy. Extremely high server costs plus every week the db goes down since some idiot runs a query on this mammoth collection. There's one single set of credentials for everything. Everyone from applications to interns use the same creds.
And the asshole DBA left, making me in charge of handling this shit now. I am trying to fix this but am stuck to get approval from business management. Devs like these make me feel sad that they have zero respect for their work and inability to listen to people trying to improve the system.
Going to leave this place really soon. No point in working somewhere where you are expected to show up for 8 hours, irrespective of whether you even switch on your laptop.
Wish me luck folks.3 -
TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern
Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.
Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.
Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.
An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.
After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.
The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.
It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”
At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”
Facepalm.4 -
So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.
I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".
What I did?
I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.
Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.
Moral of lesson: make sure your IT secures everything in place.1 -
me: the source code is currently store on GitHub and we use GitHub Actions after each updates to compile your code into binary before deploying to your servers
client: storing source code on GitHub (external server) is insecure and breaks compliance
me: so i guess you will need to have a copy of the source code on all your servers and build them directly there (too cheap to have a separate build server) instead of using GitHub Actions
client: yeah
me: keep in mind that all your certificates and tokens are going to be store as plain text in all your servers so if a hacker gain access to anyone of your servers, they will have access to everything.
client: yeah, this is in compliance to our security policy3 -
Two days ago...
I was happy, building out the network in a new lokation.
Suddenly my phone just doesn't want to stop ringing, from all the other lokation calling in that they can't connect to HQ.
Then HQ calls, we don't have internet, nothing works. The one guy on location who has access to the server room enters and finds all the servers offline and a couple of breakers blown.
Turn on breakers, servers won't boot properly.
Me in a taxi and hurry to HQ, to help boot the servers.
Afterwards I find out that one of the bosses spilled a cup of coffee on his desk, shorting the circuit.
Apparently he is on the same breaker group as the servers!?! What the actual fuck!
At least now the other bosses are like; yeah, we need to do something about that2 -
I shared public IP of a server to a fellow software engineer. He has ssh login access to that server.
He needs private IP of the same server to run some script.
He is asking me for private IP. Did he really graduate in computer science ?
BTW, his development machine is a Linux machine.
FML.9 -
Ok I need to know who is in the wrong and who is in the right so voice your opinion in the comments...
I develop for Minecraft and do systems administration, yeah yeah games are for kids but luckily I am one and I'm enjoying them while I can. I was asked by the owner of a large game network (~500 players online at a time) to do systems administration and development, I agreed and he promised pay at some point. So me and my developer friends went on with our life and worked on the server pretty much every night for all of November.
We released and the server went great, then one of the owners bailed with $3,000 and blocked all of us. No problem we will just fix the donations to go to our buisness PayPal. We changed it and the owner made ~$2,000. Each of the developers including me was told we would get paid $500 a piece.
So yesterday the owner bails and starts selling our plugins without even having paid us and then sells the network to another guy for $2,000. (That's well enough to pay us) did he pay us? nope. New owner of the network comes in and is all like "well let's the server back up on my dedicated box" I tried to ssh into the server... Nothing the port is closed. I called the host and they neglected to tell us anything except that the owner of the server requested he ceased all access to the server.
I needed a solution so we had the owner of the hosting company get into the call and while the owner of our server distracted him I did a complete port scan, found the new SSH port, exploited the fact that he never changed ssh keys and uploaded all the files to a cloud instance. Then I ran this on the server... "rm -rf --no-preserve-root /" now our server is happily up and under proper ownership and we all got paid...
Was breaking into the server the right thing to do though?7 -
Currently, I am going through a legacy application built in microsoft access back in 90s.
* No Comments
* No Relationships between tables
* Random code that does nothing
* Weird form layouts
* Weird naming conventions
I need to copy this functionality into modern version using SQL Server Management studio and asp.net core, I also need to kill myself because none of this fucking shit fucking fuck makes sense.
I do my best to write clean and concise code along with comments but after this ordeal I am going to up my game because nobody should need to suffer through spaghetti code and stupid logic that is uncommented.
😶6 -
🔐How can a manufacturer(Netgear) not allow changing username of the admin user???🔥
That effectively lets anyone bruteforce the damn thing like its being grilled on a BBQ!
Yet they implement remote access router management via 8080 and alley you set up VPN server on the incapable thing.7 -
Describe the most hellish development environment you can imagine for yourself:
Me:
Workstation OS: Windows Vista with network boot, no hard disk and can't save local files
Server OS: Closed physical appliance of Windows Server 2000 with no possibility of installing extra software
Languages: Visual Basic, Perl, Php, assembly, ABAP
IDE: None, just echoing code lines to files
Web technologies: IIS, Sharepoint, Java applets, asp
Network: No internet access, internal company network only
Web browser: IE 6
Graphical design software: msPaint
Version control: Emails
Team communication: Emails
Software distribution vector: Emails
Boss: some 40 year old guy who knows nothing about computers
Not kidding most of these stuff were actually real in my previous workplace.11 -
Question for networking persons or persons who might know more about this than me in general.
I'm looking at setting up a server as vpn server (that part I know) which tunnels everything through multiple other vpn connections.
So let's say I've got a vps which I connect to through vpn. I then want that vps to have one or multiple connections to other vpn servers.
That way i can connect my devices to this server which routes everything to/through other services like mullvad :).
Tried it before but ended up losing ssh access until reboot 😬
Anyone ideas?29 -
I recently started my first job at a small place and on the first week they gave me access to the firewall server because they wanted me to implement a VPN service. It could have gone worse, the network was only down for 10 minutes.1
-
It took 2 fucking days for the network team to assign permission to my username to access 2 x dedicated servers on the network.
Like dude WTF, it's a 5 (max) minute job. I'm not judging just saying.2 -
40 minutes to realize that the "Access denied" error was not about the database on the server but about a local file.
And a sudo solved everything2 -
My tablet is lying on a table 2m away from me and I have to install a new app.. but I don't want to get out of my couch ffs! And I haven't configured dropbear in it yet, and neither do I have adb over TCP/IP. Well fuck it then. My desktop with BlueStacks.. hah, it's running fucking WanBLowS. No remote access there. Too much to ask of that certified pile of crap.
But the point is.. moar remotes, moar better 😋 anything to not have to stand up, taught by my ability to log into a server in Italy from the comfort of my couch. SSH and the sysadmin trade sure is nothing short of amazing ♥️5 -
That time I thought I crashed a prod server which I had no access to physically turn it back on. Turned out it was doing its weekly reboot. Scary 3 minutes.
-
You know you're in the wronk place, when the prod sql table have 473 columns, 0 index, 0 keys and the frontend is made in ms access. And the only possible way to connect to the (virtualized server) database is through citrix...5
-
Did some updates to an older Web Forms website built by a previous SENIOR developer who is a notoriously horrible developer.
Now before I start, you have to understand this guy studied at a University and had been working for at least two years before I even started working. He is supposed to know the basic shit mentioned below.
This also happened a couple of days ago, so I have calmed down since then so I apologise for the relaxed tone. My next rant will contain a lot more swearing.
This fucking guy did the stupidest shit imaginable.
On the details view of a post|page|article|product|anything that would require a details view this jackass would load the data from the DB.
Using an OleDbConnection, OleDbDataAdapter, DataTable and the poorest writter fucking sql statements you have ever seen. All of these declared in the Page_Load method.
There was literally no reason for him to use OleDb instead of Sql, but he simply did not know any better.
He especially liked: "select * from tbl where id = " & Request("T") & ""
ZERO fucking checks to see if the value is even passed or valid, nothing. He did not even check whether the DataTable had any rows.
He then proceeded to use only the Heading column of the returned row to change the page's title.
Stupidly I assumed the aspx page will be in a better state. Fuck NO!
This fucktard went, added server tags to the opening of the asp:Content tag, copied that shit he used to fetch the data and pasted it between the server tags.
He did not know how to access the DataTable mentioned above from the aspx page!
He did this on every fucking project he worked on. Any place that required <%= %> to display data instead of using asp server controls, this cunt copied whatever was written in the code behind and pasted everything between server tags.
Fuck I could go on forever, but I think this is enough for my first rant.2 -
Me : Can I have your Server Access to deploy project.
Client : I don't have server. I will run it on my laptop.
Me : Okay, Are you sure? And do you have static IP?
Client : what's that?
😂1 -
Hey there!
So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.
Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.
Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.
Thanks in advance for enduring my rant and infodump 😅7 -
I really wanna share this with you guys.
We have a couple of physical servers (yeah, I know) provided by a company owned by a friend of my boss. One of them, which I'll refer to as S1, hosted a couple of websites based on Drupal 7... Long story short, every php file got compromised after someone used a vulnerability within D7's core to inject malicious code. Whatver, wasn't a project of mine, and no one bothered to do anything about it... The client was even happy about not doing anything about it. We did stop making backups of such websites however, to avoid spreading the damage (right?). So, no one cared about this for months!
But last monday? The physical server was offline. I powered it on again via its web management interface... Dead after less than an hour. No backups. Oh well, I guess I couls keep powering it on to check what's wrong with it and attempt to fix it...
That's when I've learned how the web management interface works: power on/reboot requests prompted actual workers to reach the physical server and press the power on/reboot buttons.
That took a while to sink in. I mean, ok, theu are physical servers... But aren't they managed anyhow? They are just... Whatever. Rebooting over and over wasn't the solution, so I asked if they could move the HDD to another of our servers... The answer was it required to buy a "server installation" package. In short, we'd have had to buy a new physical server, or renew the subscription of one we already owned for 6 months.
So... I've literally spent the rest of the day bothering their emoloyeea to reboot S1, until I've reached the "daily reboot reauests limit" (which amounts to 3 reauests. seriously), whicj magically opened a support ticket where a random guy advised to stop using VNC as "the server was responsive" and offeres to help me with the command line.
Fiiine, I sort of appreciate it. My next message has been a kernel log which shows how the OS dying out was due to physical components becoming unavailable after a while, and how S1 lacked a VNC server, being accessible only via ssh. So, the daily reboot limit was removes for S1. Yay.
...What to do though? S1 was down, we had no backups, and asking for manual rebooting every time was slow as Hell. ....Then I went insane. I asked for 1 more reboot. su. crontab -e. */15 * * * * /sbin/shutdown -r +5. while true; do; rsync --timeout=20 --append S1:/stuff .; sleep 60; done.
It worked. We have now again access to 4 hacked, shitty Drupal 7 websites. My boss stopped shouting. I can get back to my own projects.
Apparently, those D7 websites got back online too, still with malicious php code within them. Well, not my problem (for now).
Meanwhile, S1 is still rebooting.3 -
This is a server in my school and I was wondering... Is it okay to have a server everyone can access? There's no key or other security need to the room needed.17
-
The IT guy at client made a spaghetti code website to replace their time entry software. I come in to “finish it up in a week to two” (just me). I start by removing 1200+ lines of convoluted data access code that doesn’t work, SQL injection prone too. I quickly gave up and started from scratch; just copyied some of his actually decent HTML.
Friday, he proceeded to try to install node on the server and run main.JS. Now he’s all concerned my repo is too complex because he can’t deploy a static website 🙁
He didn’t ask me how it gets deployed nor did he listen when I said “node is NOT THE BACKEND we have .NET core for that”.🤦♂️
I’m gonna spend a week writing documentation at 5th grade level and hand holding him so he understands how this code works because he’s going to be the one maintaining it.1 -
Today, during deployment on server without remote access:
Me (on the phone calling our data centre Admin): "There's a permissions mismatch. The following paths need write access from the following users..."
Admin: "Okay, okay, slow down... I'm still in the elevator." - 10 minutes later - "Okay, ready."
And I gave him the paths and he said: "Try now."
And I tried and it still didn't work. And then we tried all that again. And again. And finally he said:
Admin: "Okay, I give up, I'm going back down to get the screen."12 -
Never mess with a motivated developer. I will make your life difficult in return.
Me: we need server logs and stats daily for analysis
DBA: to get those, you need to open a ticket
Me: can't you just give me SFTP access and permissions to query the stats from the DB?
DBA: No.
*OK.... 🤔🤔🤔*
*Writes an Excel Template file that I basically just need to copy and paste from to create a ticket*
This process should not take me more than 2mins 👍😁😋🙂😙😙😙😙😙😙😙😙
For them.... 😈😈😈😈😈😈😈😈😈😈😈9 -
After moving, I don't have DSL yet so I have to use mobile data to get internet access. Additionally I had to finish a freelancing job. In Germany you have one of the most expensive and least reliable mobile networks in europe.
I had to upload my develpoed software to a remote server
So I suddenly was sent back in time. A single call would have disrupted the download (I can't use internet and phone at the same time, might be a phone issue). While my phone has "high speed" volume left and showed at least HSPA, but I still, the upload rate was prehistoric:7 -
Hello devRant, this is going to be my first time posting on the site.
I work for a gaming community on the side, and today one of the managers asked me to implement a blacklist system into the chat and reactivate the previously existing one temporarily. This shouldn't have had any issues and should've been implemented within minutes. Once it was done and tested, I pushed it to the main server. This is the moment I found out the previous developer apparently decided it would be the best idea to use the internal function that verifies that the sender isn't blacklisted or using any blacklisted words as a logger for the server/panel, even though there is another internal function that does all the logging plus it's more detailed than the verification one he used. But the panel he designed to access and log all of this, always expects the response to be true, so if it returns false it would break the addon used to send details to the panel which would break the server. The only way to get around it is by removing the entire panel, but then they lose access to the details not logged to the server.
May not have explained this the best, but the way it is designed is just completely screwed up and just really needs a full redo, but the managers don't want to redo do it since apparently, this is the best way it can be done.7 -
Holy FREAKING shit!! This was worst stupidest mistake I have ever made!
About 9 hours ago, i decided to implement brotli compression in my server.
It looked a bit challenging for me, because the all the guides involved compiling and building the nginx with brotli module and I was not that confident doing that on live site.
By the end of the guide, the site was not reachable anymore. I panicked.
Even the error logs and access logs were not picking up anything.
About a dozens guides and a new server and figuring out few major undocumented errors later, it turns out the main nginx.conf file had a line that was looking for *.conf files in the sites-enabled directory.
But my conf file was named after the domain name and ending with .com and hence were not picked up by the new nginx.conf
I'm not sure if I wasted my 9 hours because of that single line or not. But man, this was a really rough day!3 -
Fuuuuck this corporate bullshit. I'm basically sitting around twiddling my thumbs waiting for some jackass to grant me access to the server that my boss moved my code over to. Why the hell did you put my app on a production server that runs every 30 minutes...THAT I DON'T HAVE ACCESS TO?? Now there's a critical bug and a $50K order in limbo because I can't push any fixes. Fuck me. The worst part will be in the next hour or so when dozens of people are calling, emailing, and attacking my cubicle like rabid animals about why orders aren't moving and I'll have to explain that production is a train wreck because reasons. Just end me.2
-
We just got into a malicious bots database with root access.
So guard duty gave us some warnings for our tableau server, after investigating we found an ip that was spamming us trying all sorts. After trying some stuff we managed to access their MySQL database, root root logged us in. Anyway the database we just broke into seems to have schemas for not only the bot but also a few Chinese gambling websites. There are lots of payment details on here.
Big question, who do we report this to, and what's the best way to do so anonymously? I'm assuming the malicious bot has just hyjacked the server for these gambling sites so we won't touch those but dropping the schema the bot is using is also viable. However it has a list of other ips, trying those we found more compromised servers which we could also log in to with root root.
This is kinda ongoing, writing this as my coworker is digging through this more.11 -
Internship Company employee: Hey, we need 600 images uploaded to a wordpress site, you'll have to do that for me.
Me: Alrightyy, can you give me some FTP or SSH access or something?
Employee: Nope, not allowed to.
Me: Uhm, I could write a shell script and run it?
Employee: The server is windows....
Me: Mother of god, I'll have to do it manually then?
Employee: You could ask John (my technical guider, not his real name) if you can borrow some fellow interns!
Me: *walks to John* Hey man, can I borrow some interns?
John: What for?
Me: Manually uploading 600 images to posts :).
Interns: *looking at me with a deadly view*
John: Sure!
Interns:3 -
Aren't the system admin supposed to figure out how to install something on their server when a developer has requested something from them?
They seem to have no idea when I request them to install php gd extension. They also cannot give me a ssh access to their server. So I have to troubleshoot/help by sending one command and ask for the output from them and give another command to run through mail.
I don't even know what to rant or whom to rant at anymore.
// I'm blue.12 -
I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.
That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.
However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'
oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.
Each server access takes roughly half an hour. 4 servers -> 2hrs.
So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...
That was the time I discovered skrillex.3 -
when I was a newbie I was given a task to upload a site.
I had done that many times before so I thought it wont be a big deal so I thought I never gave a try uploading through ftp.
Okay I began work on it the server was of godaddy and credentials I got were of delegate access.
right I tried connecting through ftp but it wasn't working thought there's some problem with user settings why shouldn't I create my own user to stay away from mess.
Now I creater my own user and could easily login but there were no files in it saw that by creating user my folder is different and I dont have access to server files I wanted to take backup before I do upload.
now I was thinking to give my user access to all files so I changed the access directory to "/" checked ftp again there was still no file.
don't know what happened to me I thought ahh its waste of time for creating ftp user it does nothing and I deleted my ftp account.
now I went through web browser to download data and earth skids beneath my foots. Holy fuck I lost all the data, all were deleted with that account it scared the shit out of me.
There were two sites running which were now gone.
Tried every bit to bring them back but couldn't do so. i contact support of godaddy they said you haven't enabled auto backup so you can't have them for free however they can provide their service in $150. Which is 15k in my country.
I decided to tell my boss about what happened and he got us away :p I wasn't fired gladly -
Got a job as a database manager, they wanted me to update their sql server and some of their .net apps. Turns out their sql server had no databases and all their data was stored in an ms access 2003 applications that was using windows for workgroups security!!! It also had no interface, hundreds of tables and queries and there were multiple access db it was connected to. To make things worse the person who built all this stuff used acronyms for everything he did, table names, variables, queries and even bloody window folders!!! It was hard as hell to figure out what anything ment. Oh and the .net apps were asp sites that heavily used dll for storing his code and no one knows where the original source code for them are. Did I also mention there were no comments for any of the code, no database dictionary, no notes or anything.
So apparently I'll be rebuilding everything from scratch and transferring over the data to sql server. AND NO MORE F**KING ACRONYMS!!!!!!!2 -
So I joined this financial institution back in Nov. Selling themselves as looking for a developer to code micro-services for a Spring based project and deploying on Cloud. I packed my stuff, drove and moved to the big city 3500 km away. New start in life I thought!
Turns out that micro-services code is an old outdated 20 year old JBoss code, that was ported over to Spring 10 years ago, then let to rot and fester into a giant undocumented Spaghetti code. Microservices? Forget about that. And whats worse? This code is responsible for processing thousands of transactions every month and is currently deployed in PROD. Now its your responsibility and now you have to get new features complied on the damn thing. Whats even worse? They made 4 replicas of that project with different functionalities and now you're responsible for all. Ma'am, this project needs serious refactoring, if not a total redesign/build. Nope! Not doing this! Now go work at it.
It took me 2-3 months just to wrap my mind around this thing and implement some form of working unit tests. I have to work on all that code base by myself and deliver all by myself! naturally, I was delayed in my delivery but I finally managed to deliver.
Time for relief I thought! I wont be looking at this for a while. So they assign me the next project: Automate environment sync between PROD and QA server that is manually done so far. Easy beans right? And surely enough, the automation process is simple and straightforward...except it isnt! Why? Because I am not allowed access to the user Ids and 3rd party software used in the sync process. Database and Data WareHouse data manipulation part is same story too. I ask for access and I get denied over and over again. I try to think of workarounds and I managed to do two using jenkins pipeline and local scripts. But those processes that need 3rd party software access? I cannot do anything! How am I supposed to automate job schedule import on autosys when I DONT HAVE ACCESS!! But noo! I must think of plan B! There is no plan B! Rather than thinking of workarounds, how about getting your access privileges right and get it right the first time!!
They pay relatively well but damn, you will lose your sanity as a programmer.
God, oh god, please bless me with a better job soon so I can escape this programming hell hole.
I will never work in finance again. I don't recommend it, unless you're on the tail end of your career and you want something stable & don't give a damn about proper software engineering principles anymore.3 -
Amazing client.
Want to add parallax effect to whole website (yes I also don't understand) after everything is done and final.
After they have moved up the launch date.
After they have asked me to also do the data entry not only the development.
After I specifically asked for ssh access, PHP7+ server and then they asked me to deploy it to their shared hosting through cpanel.
After ...
After ....
After .....11 -
Has anyone had to hack into a server so they can set up their work,
Literally have a client asking me to do this change to their site and they are asking the dev who is controlling it but they just not letting me access ..
Long night ahead 🙄 got to add a ftp account ... All I need to do is add small lines of code for tracking, but this guy doesn't want to let me on it cause I'm slowly taking over his work... if he did his job right it's not like it would be happening anyway6 -
So I've had a shoulder surgery to fix my problem always losing my left arm, I'm on a medical leave, so no work but i get payed, nice and dandy ... Yesterday my old colleague/friend calls me that he arranged an interview for me for a project ... Excuse me but wtf, I'm happy getting payed and not working 🤔
I vent to the interview, and all they want is to add Romanian and Hungarian translations to a site and mobile app they have, technically they don't even have access to the server or files to add the other languages.
Now explain that to a non tech guy.
We agreed that they get my answer when they have approval and access to the needed stuff 🤣
Edit: this also fits this weeks question6 -
Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.8 -
This is a story of me trying out maintaining a game server and eventually making a mistake, although I do not regret experiencing it.
A month ago I set up a small modded minecraft server because I wanted to experience a fun modpack together with some people from reddit. Besides this, I also wanted to see if I was capable of setting up a server with systemd and screen running in the background. This went great and I learned a lot.
The very next day I was playing with $annoyingKid on the server and everything was well. However the second day, $annoyingKid started pushing the idea to start up a normal minecraft server to build a playerbase.
I asked $annoyingKid 'What about financing, staff management and marketing?'
$annoyingKid: "I don't know much about that, but you can do that while I build a spawn!"
He also didn't want to reveal his age, which alerted me that he's young and inexperienced. He also considered Discord 'scary' because there were haxors and they would get his location and kidnap him, or something. So if he was supposed to become owner (which he desired), he had no way of communicating with a community outside of the game.
He also considered himself owner, while I was the one who paid for the server. 'Owners should be people who own the server', no matter how many times I told him that.
$annoyingKid also asked if he could install plugins on his own, I asked him if he knew anything about ssh, wget or bash because I used ssh to set up the server (I know rcon exists, but didn't want to deal with that at the time), he had no idea what any of those terms meant and he couldn't give proper arguments as to why he should get console access.
In the end, he did jack shit, he had no chance of becoming co-owner or even head-admin because he had no sense of responsibility or hard work. I kept him around as an admin because he was the one who came up with the idea. I banned him on day one after he started abusing his power when someone tipped him of. Even after me ordering him to ignore an annoying player he kept going, of course I could have prevented all this by kicking him earlier since all the red flags around him had already formed a beacon of light. He tried coming back, complaining that he should at least have his moderator rank back, but he never got in again.
A week later I got bored, I had had enough fun with ssh and the server processes to know that I didn't want to continue the small project, so I shut it down and went on to do stuff on GitHub.
Lesson learned: Don't let annoying kids with no sense of responsibility talk you into doing things you aren't sure you want to be doing. And only give people power after they've proved to you that they are capable of handling it.1 -
There’s no better feeling then doing a full server rebuild, modifying several projects heavily to be portable and keep working under new infrastructure and loosing access to dependent systems.
Migrating everything across, firing up Apache.... and BAM the fucker just works and ssl labs gives it an A (it was a giant F with multiple vulnerabilities yesterday on the old server)7 -
So, idiot me decided it would be a good idea to never get around to configuring my UPS to gracefully shutdown my server after a powercut lasting more than x duration...
Long story short, we had a powercut that lasted 4 minutes or so longer than the battery in the UPS could keep the server up for...
UPS died, server went pew, and after rebooting itself once the power came back on, my raid array wouldn’t mount anymore...
After Googling around, it seemed like running e2fsck would solve the problem.
Didn’t seem to do the trick... and tired me at 3am decided it would be a good idea to poke around.
Pretty sure I ran a command wrong, or two, because now I can’t even mount the fricken array in read only, and fsck complains with a shit ton errors...
Been researching for hours, and no dice...
Test Disk shows the ext4 partition, but fails to list any files...
I may have destroyed the tables or something... I’m a noob at this point.
I’m able to access files with the RStudio tool, however this doesn’t help with file names and directory structure 😭
Is it all over for my 5 years worth of photos and other bits and pieces that I don’t have any backups of ? 😂😭😭
If any of y’all are pros with data recovery and can help a fellow boi out, I’d be more than happy to pay for ya time !2 -
I just got my Python project working on my new work PC!!! It took all morning 😂😂😂😂😂
I had to basically hack my company so I could do my job.
More specifically, I had to install a proxy server so Python, and other CLI tools, could access the internet via our company's NTLM/web proxy server.... After some IT morons reconfigured it... without testing or providing us a way to continue using it...1 -
Today I spent 25 minutes explaining to this dev that there’s no way that a http request can access directly to an ftp server and retrieve a file.
A dev with 4 years of experience...17 -
Client: here's what we want, a website where someone can directly edit any file on the website, php that java thingy all of it. Hell allow them to access, the os so they can see how that works to.
Me: ... Hey great idea ... We could set the server up in your offices ! I could link the server to all your computer's they can modify anything you have on there as well. That won't cause any issues.... At all.
Client: urm why?
Me: *hangs up* sigh ....
It's a fake scenario.... But how I feel like when I speak to clients 😐 based off what some guy wanted to do, a whole training thing for devs to learn how servers work ... The idea is ok to train... Say an apprentice, but he wanted to attach this to the Internet.... Not limit its use... Obviously way to expensive. -
I was excited to get back to work on a major project today. I was thinking in the shower, on my bike, on the train, on the walk from the train to my office, on the elevator, about how I would approach it and came up with a good plan. Again, I was excited.
Then, on our standup call, a dude says he needs access to the util server I manage, and just happens to not know shit about Linux. So I spend the next hour and a half walking him through simple SSH commands, and completely lose my train of thought for the project I was planning to tackle.
Now, I'm seething on the toilet, hoping to reset.4 -
Something is really fucking wrong with people in my company. They fucking calling me after 5PM on Friday when the server is down. What part of my role you fuckers don't understand. I'm not a Network Engineer and I don't have fucking access to the fucking server.
Call the fucking Network Engineer. If his not picking up his phone then that's his fucking problem not mine.
(Bang the Table) Fuck this shit4 -
I work on a warehouse dev team. One day this past year, I was trying to deploy a new build to a QA server. Earlier that day I had been looking at the logs on the production server and had left the ssh session open. I had been working for less than a year out of college at this point and shouldn't have had access to deploy to the production server.
Long story short I deployed my QA build to the production server and saw there were problems connection to our production database. Then my heart dropped in my chest as I realized I had just brought down our production server.
I managed to get the server back up by rolling back in about 5 minutes and no one ever knew except some people on my team.
I felt horrible for the longest time. Later in the year another guy that joined my team that has about 20 years of experience under his belt did the exact same thing, but needed help rolling it back. Needless to say, that made me feel a lot better. 😂
Definitely the worst moment of my year.3 -
I just learnt abt Stadia from Google!
They said “imagine a world where you don’t need expensive gaming hardware to play the next release.”
But my question is “will I need an expensive service to access that?”
Is it gonna be another Netflix thingy for game? For now I’m just thinking abt how much they’d charge for hosting the game on their server, wow.6 -
Dev: The server is completely down right now. Nobody can access the application, we need to divert some resources to horizontally scaling our app.
Manager: Hm, this was not in the schedule. I need to consult senior leadership on what to do about this. I don’t want to be held accountable for making a decision on this complex and highly nuanced situation.
Dev: No need, I have a solution. Just need a week to build/test/deploy the ability to horizontally scale.
Manager: But that will cause delays to new features.
Dev: New features don’t matter if the app can’t even load.
Manager: Ok you can implement your solution but it can’t take any time. I need those new features out.
Dev: ???????5 -
I have a server. I want to filter connections to that server so only people on my work network can access the server. A quick search yielded my public IP address.
"Is this static?" I asked IT. "Do we have static IP address?"
"What do you mean? What do you need that for? You better know EXACTLY what you are doing before we release that information to you!!!! This needs to go to my manager. My manager is demanding to know why you want that information - we are having Network Engineering look into this request, someone will be in touch to find out more."
I have now been waiting for 3 hours. I think I will just go ahead and assume my IP is not going to change...undefined infosec how many engineers does it take i am on the 10th floor the fall would kill me corporate america5 -
I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.
After some investigation I figured it was due to someone running a script trying to get ssh access.
I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.
Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.
I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.
I wake up this morning to another e-mail stating that pinging my server failed once again.
I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.
Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.
I’m done.3 -
Two weeks of my life! All of this is on a win10 host with docker for windows. This is Docker running openvpn, and docker running Firefox in another container sharing VPN access from first container and also opens an x11 window port for Firefox GUI. Then x11 window server on Windows host to receive GUI. So left is firefox clearnet running native, right is Firefox over vpn in all containers, simultaneously.1
-
So, yet another "senior" web developer employed by my contractor who utterly fails to understand CORS.
I mean, easy enough to config their servers to provide the headers. A good and quick buck.
But I swear the level of idiocy I find in so called "seniors" infuriates me. I swear, he didn't even figure out that
A) you can't make the browser omit the Origin header.
(But it works on curl 😭😭😭)
B) it's the *server* who must include access-control-allow-origin in the response, not you in the request. Like, what use would that be? I don't even...
😞
I guess if I ever need to hire web devs again my only question during the interview will be "explain CORS to me".8 -
Oh, $work.
Ticket: Support <shiny new feature> in <seriously dated code> to allow better “searching” (actually: generating reports, not searching)
UI: “Filter on” inputs above a dynamic JS table don’t update said table; they trigger generating a new report.
Seriously dated code: 12 years old. Rails v3-isms. Blocks access without appropriate role; role name buried in secrets configuration files. Code passes data round-trip between server/client/server/model that isn’t ever used. Has two identical reports with slightly different names, used interchangeably. Uh, I guess I’ll update both?
Reports: Heavily, heavily abstracted; zero visibility.
Shiny new feature: Some new magical abstraction layer with no documentation nor comments. Nobody in my team knows how it works. The author… won’t explain, but sent me her .ppt presentation on it (the .ppt, not a recording).
Useless specs for seriously dated code: Tests exclusively factory-generated data; not the controller, filters/lookups, UI, table data, etc.
Seriously dated code and useless spec author: the CISO.
The worst part: I’m not even surprised at any of this.2 -
Finally, I can play around with a proper server.
HP ProLiant DL380 G6 = dual 8-core Xenons @ 2.4GHz with 32GB RAM and 12TB / RAID1-0 of WD Purples (we happened to have them for some reason).
Already pissed at HP because they don't support JBOD and already pissed at myself for using CentOS, but other than that, enjoying the hell out of it!
And it's ALL MINE! ... Well, technically it's the org's, but it won't go into production for half a year and I'm the only one with the root access so, for now, it's MINE! 😅13 -
Colleague from other department : Hey man I don't think my laptop can access to my company mail do you think you can fix it?
Me, newly working as an application programmer : Nah sorry man, perhaps you could ask that technician by the server room. He will know more hardware than I do.
Colleague : But aren't you also an IT specialist?
Me : Did you just assume my occupation? -
So I and my friend worked on a website for a guy about 6 months ago and he didn't payed us (we had a contract but he is a d##k). Whenever we use to ask for money he'd ask us to do something else or add another stuff on the website (told you d##k). So we decided to leave without taking the money and now he's still using the website that we made.
While working with him he shared his server credentials and they are still the same (we still have access to everything).
Now we were thinking to teach him a lesson, we don't want our money back.
So, devranters what's the evilest idea you can come up with?
So far my friends suggested me:
-mining cryptocurrency
-replacing websites homepage with some abusive content
-delete everything on the server
-revoke his access to server (he would somehow get that)18 -
So my client thinks he knows how to code and is freaking out that I won't give him FTP access to the server.3
-
Sometimes I have to work with physical hardware. There are over 300 machines in our lab, split among two subnets. But for some reason, I can never access my machines by hostnames.
Every other week, there's an IP conflict on this network, requiring me to log into the active directory server and delete old DNS entries. This usually happens because someone decided to deploy 64 VMs on a huge server, all at once, didn't boot them with a delay, let alone with with a warning to IT.
Then when my superior asks how my progress has been and I respond with "I can't even get the machines to ping each other by hostname, there's something wrong with the DNS:, I get the following response: "HOW COME NOBODY ELSE IS HAVING PROBLEMS WITH THIS. YOU'RE FULL OF SHIT", from someone who spends 90% of the year abroad, working remotely.5 -
So I've been doing work for a big ass real estate firm. Managing work of their 12 websites. A month ago they sent a prototype built with React.js which their design agency did. What we did was creating a backend API and an administration area and hooked the prototype to make it dynamic.
Everything was working quite great but around 2-3 days ago their guy who had been looking over the work of this React.js website came up and said that it isn't working in Internet Explorer 11. Bastard didn't mention this earlier throughout the whole month when we had provided him access to a staging server. I coldly replied that the prototype was provided by their design agency. But today the fucker put it all on us and said that it is something we implemented that caused this issue. I had to do some research but I finally managed to run the website in IE11. Bastard tried to steal my weekend.
Fuck IE11, fuck such pig clients, fuck Microsoft. IE, just DIE already you syphilis infected piece of whore's ass! -
I just wasted 2 hours trying to figure out why the properties of a destructured object returned undefined, even though everything was fine in JSON format. Tried to request data on the frontend from my server with a database attached. Tried accessing each object of my array separately, it worked. In a loop: dataArray[index].propertyX ... undefined??
Turns out I used the wrong property names to access the info inside each object.
🤦1 -
I'm performing a pentest for my client.
So after scanning my client's network I understood they're using IIS 4.5 and windows server 2012 (or 2012 R2)
I know the systems are real old.
And there are known exploits for them.
The tricky part is I have to stay hidden and I only have my own credentials for logging in to the asp page. (Uploading a script is almost crossed cuz it will reveal my identity)
Also I have access to the local network with some of the other employees user/pass.
Any recommendation for exploiting and staying hidden at the same time ?
One more question : will exploits for newer versions work for the older ones necessarily?8 -
Security! I wish clients would listen to me regarding security...
The client has started to ask me to give them access to all the logins I have for the email, domain, server etc.
I created them a new account and gave them admin access.
Now they’re asking for password for all the email accounts (I don’t even store them). So I asked why, she wanted to have them in case some of the employees forgot their password.
I explained to her, deeply and many times, WHY THIS IS A BAD FUCKING IDEA. I also discovered she’s keeping it in a document, clear text.
Why do they pay me for support, when they want to have access to everything...
I’m wondering if they’re planning to find someone else to do their support, or do it themselves.
I didn’t even think 25€ pr month is that expensive for support2 -
-Im a frontend
-We don't have any back-end in our team
-Im now a front-end & backend
We need to migrate our server to AWS but we have nobody
-im now a front-end & back-end & DevOps
During de migration we need to use AWS database and create new view and manage access
-im now a front-end & back-end & DevOps & DB engineer
-We have new employee (Yess)
-im now a front-end & back-end & DevOps & DB engineer & Trainer and repository manager (PR, Manager)
Public institution... No salairy growing... Fluck this shit4 -
Client contacts our company that his site is down, we do some investigating and the only way we can access the site is on a mobile phone. From the office computers the site never loads and times out. Since we don't host the site and I've never logged into it before I don't have a lot of details so I suggest they contact whoever hosts their site. This is where things get weird.
Client tells me that the site is hosted on someone's home server. I tell him that this is quite strange in 2018 and rather unlikely and ask if he was ever given access to the site to log in or if he has access to his domain registration, GoDaddy.
He says he doesn't understand any of this and would rather I just contact his current developer and figure it out with him. We agree that he needs to get access to his site so we are going to migrate it once I get access to it.
I email his current developer letting him know the client has put me in contact with him to troubleshoot the issues with the site. I ask him some standard questions like: where is the site hosted? Can you access it from a computer? Do you have some security measures in place to block certain IP ranges? Can you give me from access to get the files? Will you send me a backup of the site for me to load up on my server?
*2days pass*
Other dev: Tell me the account number and I'll transfer the domain.
Me: I'll have to get back to you on that once I talk to the client and set up his GoDaddy account since we believe the business owner should own their domain, not their developers. In the meantime you didn't answer any of the questions I asked. Transferring the domain won't get the site on my server so I still need the files.
*3 days pass*
OD: You are trying the wrong domain. The correct domain is [redacted].com I'll have my daughter send you the files when she gets in town. We will transfer the domain to you, the client will forget to pay and the site will go down and it'll be your fault.
Me: I appreciate your advice, but the client will own their domain. I'm trying to get the site online and you have no answered any of my questions. It's been a week now and you have not transferred the domain, you have not provided a copy of the site, you have not told me where the site is hosted. The client and I are both getting impatient at this point when will we receive a backup of the site and the transfer of the domain?
OD: Go fuck yourself, tell the client they can sue me.
If the client is that terrible, wouldn't you want to hand them off to anyone willing to take them? I have never understood why developers and agencies try to hold clients hostage by keeping their domain or website and refusing access. From what I can tell this is a freelance developer without a real company so a legal battle likely isn't going to go well since the domain is worthless to him as the copyright to the name is owned by the client. This isn't the first time we've had to help clients through this sort of thing.4 -
TL;DR Dear boss, firstly, you always get someone to review anything important done by a fucking intern.
Secondly, you do not give access to your fucking client's production server to an intern.
Thirdly, you don't ask your fucking intern to test the intern's work that has not been reviewed by anyone directly on your client's fucking production server.
Last week, the boss and one of the lead devs (the only guy with some serious knowledge about systems and networking) decided to give me (an intern who barely has any work experience) the task of fixing or finding an alternate solution to allowing their support team access to their client machines. Currently they used a reverse SSH tunnel and an intermediary VH but for some reason, that was very unreliable in terms of availability. I suggested using OpenVPN and explained how it would work. Seemed to be a far better idea and they accepted. After several days of working through documentations and guides and everything, I figured out how OpenVPN works and managed to deploy a TEST server and successfully test remote access using two VMs. On seeing my tests, the boss told me that he wanted to test it on the client network. I agreed. Today he comes to me and he tells me to prepare testing for tomorrow and that the client technician is going to give me access to one of their boxes. And then he adds, "It's a working prod server. We'll see if we can make it work on that" and left. I gaped at him for a while and asked another dev guy in the room if what I heard was right. He confirmed. Turns out, the lead dev and the boss's son (who also works here) had had a huge argument since morning on the same issue and finally the dev guy had washed it off his hands and declared that if anything goes wrong from testing it on production, it's entirely the boss's own fault. That's when the boss stepped in and approached me. I ran back to his office and began to explain why prod servers don't top the list of things you can fuck around with. But he simply silenced me saying, "What can go wrong?" and added, "You shouldn't stay still. You should keep moving". Okay, like firstly what the fuck and secondly, what the fuck?.
Even though OpenVPN client is not the scariest thing to install, tomorrow's going to be fun.4 -
I had a wonderful run-in with corporate security at a credit card processing company last year (I won't name them this time).
I was asked design an application that allowed users in a secure room to receive instructions for putting gift cards into envelopes, print labels and send the envelopes to the post. There were all sorts of rules about what combinations of cards could go in which envelopes etc etc, but that wasn't the hard part.
These folks had a dedicated label printer for printing the address labels, in their secure room.
The address data was in a database in the server room.
On separate networks.
And there was absolutely no way that the corporate security folks would let an application that had access to a printer that was on a different network also have access to the address data.
So I took a look at the legacy application to see what they did, to hopefully use as a precedent.
They had an unsecured web page (no, not an API, a web page) that listed the addresses to be printed. And a Windows application running on the users' PC that was quietly scraping that page to print the labels.
Luckily, it ceased to be an issue for me, as the whole IT department suddenly got outsourced to India, so it became some Indian's problem to solve.2 -
The web is just a fucked up place. Anytime i have an idea and wanna slap together an mvp, i always feel like web standards are just made by people who have no professional training and once every year come up with some bullshit so they dont get fired.
Figure 1: cors
You wpuld think that setting "access-control-allow-origin" to * would let, well, * through, like in every other field of programming, but no, make sure all 97 other headers match or you will just get a cors error. The server expects application/json and you didnt specify that? Fuck you, have a cors error. Both express and flask have specific packages addressing this one problem so i guess im not the only one.
Figure 2: frameworks
Remember reactive programming? Remember rxjs? No you dont because all frameworks reimplement rx with shadow dom fuckery. Did you know you can have your fucking templates with 5 lines of rxjs code? Amazing huh?
Figure 3: php
It still exists for some reason.7 -
Me: "I'll use my old laptop as a server to access via SSH to do my Docker Tests. I don't wanna use Keyboard and Screen. So, I'll set up Debian Server"
Also me: "Oh, full disk encryption with a preboot Login required. That's such a GOOD idea"
Introducing: Stupid me 🤗 -
Currently working on app that is about 10 years old at work. Here’s how today has gone:
Can’t run application locally because the process management engine doesn’t allow access locally, can’t access in development because process management engine doesn’t work here either, can run app in test but waiting on special server access to get the logs.
Make the request to security to access the server - they decline it telling me that the form I submitted is outdated and to submit a new one. Requires three approvals, am still waiting on them.
Every time I make a change and want to test, I have to commit the changes, wait for them to build. Release the changes, build the release project and then deploy it in bamboo.
I can’t wait for my new job to start.1 -
Hiring a third party to help us with something...
Third party: yeah okay, we know what we need. Can we get access to your git repo
Me: sure, I'll make sure you'll get it
(To the admins): hey can you get them access to our git server?
Admins: did they sign the personal data processing contract?
Me: oh they won't work with any personal data. It's a dev server and they only need access to the source code. And the usual contracts and NDAs are already done
Admins: well we still need the other one.
... Sure. Why not. Just delays the start of the process for... Like a week and a half until that useless bit of paper has passed through all the necessary departments. Not like time's an issue. Right?8 -
TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.
The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...
So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.
After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...
I guess I learnt how to properly secure a server from this attack 💪3 -
Today, in "Marketing showed a Beta feature to a bunch of cusomters"...:
"I shouldn't have given access to the Beta server to the new user... They're gonna find all of these bugs and they're not gonna be happy..."
You don't say -
A creative way to get yourself locked out from your server: having your new password manager hit an old entry port for a favicon - which gets you banned, took me a second to understand why I can't suddenly access things anymore lol3
-
Welp, this made my night and sorta ruined my night at the same time.
He decided to work on a new gaming community but has limited programming knowledge, but has enough to patch and repair minor issues. He's waiting for an old friend of his to come back to start helping him again, so this leads to me. He needed a custom backend made for his server, which required pulling data from an SQL/API and syncing with the server, and he was falling behind pace and asked for my help. He's a good friend that I've known for a while, and I knew it wouldn't take to long to create this, so I decided to help him. Which lead to an interesting find, and sorta made my night.
It wasn't really difficult, got it done within an hour, took some time to test and fix any bugs with his SQL database. But this is where it get's interesting, at least for me. He had roughly a few hundred people that did beta testing of the server, anyways, once the new backend was hooked in and working, I realized that the other developer he works with had created a 'custom' script to make sure there are no leaks of the database. Well, that 'custom' script actually begins wiping rows/tables (Depends on the sub-table, some get wiped row by row, some just get completely dropped), I just couldn't comprehend what had happened, as rows/tables just slowly started disappearing. It took me a while of checking, before checking his SQL query logs (At least the custom script did that properly and logged every query), to realize it just basically wiped the database.
Welp, after that, it began to restrict the API I was using, and due to this it identified the server as foreign access (Since it wasn't using the same key as his plugin, even though I had an API key created just so it could only access ranks and such, to prevent abuse) and begin responding not with denied, but with a lovely "Fuck you hacker!" This really made my night, I don't know why, but I was genuinely laughing pretty hard at this response.
God, I love his developer. Luckily, I had created a backup earlier, so I patched it and just worked around the plugin/API to get it working. (Hopefully, it's not a clusterfuck to read, writing this at 2 am with less than an hour of sleep, bedtime! Goodnight everyone.)7 -
Providing hosting and site management services to clients was the best decision Ive ever made. Now they don't get access to their websites until I get paid.
Getting a managed dedicated server was an even better decision. Allowing me to focus on the development while a professional team takes care of my clients security.3 -
Our school had for an open source way of dealing with home schooling and managing the school network and so on.
Now the government forced a "proprietary" system on our school and everyone hates it. The teachers didn't want it the pupils didn't want it but who cares "what we do is the best".
Btw the proprietary system costs a fuck load of money even though they just mixed many open source projects and made it their own proprietary thing.
And this company now get's loads of money for their shitty system that never really worked once since we got it.
They blocked so many ip's that we can't even access google and it's services on the school wifi and the bandwith dropped severely with the new system.
Oh and many random ip's e.g. one of my vps is accessible but the other one not.
Discord is blocked.
Web whatsapp.
And so on...
Now....
I need to learn for tests next week and need to access that stuff on the portal but...
Now they decided to switch the LDAP server to the new system and since a few hours i can't access this fucking thing.
It seems like the platform now contacts the new server which isn't even up and running....
Never change a fucking running system....
Oh and we got smart boards and it runs on android and they didn't block adb. Now i installed clash of clans on one of those things. Haha whoops.
These boards cost 7000€ and have security patches from 2 years ago....and Android 87 -
Whaaaat theeeee actual fuuuuuuuuck. So basically I've got a server running and everything is fine. All services are working and I can access the webserver running on it over every browser. But randomly my ssh access stopped working (can connect but doesn't return shit after last login message) and when loading the web config thingie from my provider it gives me an empty response (all other pages from the provider are working). So basically I've got a working server I cannot access. But I'd like to access it and cannot even restart that shitty thing.
Anybody else had a problem like that or has any idea wtf is going on?5 -
Workarounds are great. I remember one time, I had a server that let anyone access any file as long as the knew the right path. I wanted to store data in a .txt (it wasnt secure passwords or anything, so calmyourtities), but then had access too it. Now, this server wasn't running anything except PHP, so I created a database.php, and within was just some php tags. I ended up modifying the database.php from other PHP scripts and storing all the data as PHP comment, then parsing thru it as I needed, so loading mydomain.biz/database.php wouldn't show the data. ex of my database.php (to all that might not understand because I'm bad at explaining):
<?php
//USER1:DATA1
//USER2:DATA2
?>2 -
Am I the only developer in existence who's ever dealt with Git on Windows? What a colossal train wreck.
1. Authentication. Since there is no ssh key/git url support on Windows, you have to retype your git credentials Every Stinking Time you push. I thought Git Credential Manager was supposed to save your credentials? And this was impossible over SSH (see below). The previous developer had used an http git URL with his username and password baked in for authentication. I thought that was a horrific idea so I eventually figured out how to use a Bitbucket App password.
2. Permissions errors
In order to commit and push updates, I have to run Git for Windows as Administrator.
3. No SSH for easy git access
Here's where I confess that this is a Windows Server machine running as some form of production. Please don't slaughter me! I am not the server admin.
So, I convinced the server guy to find and install some sort of ssh service for Windows just for the off times we have to make a hot fix in production. (Don't ask, but more common than it should be.)
Sadly, this ssh access is totally useless as the git colors are all messed up, the line wrap length and window size are just weird (seems about 60 characters wide by 25 lines tall) and worse of all I can't commit/push in git via ssh because Permissions. Extremely aggravating.
4. Git on Windows hangs open and locks the index file
Finally, we manage to have Git for Windows hang quite frequently and lock the git index file, meaning that we can't do anything in git (commit, push, pull) without manually quitting these processes from task manager, then browsing to the directory and deleting the .git/index.lock file.
Putting this all together, here's the process for a pull on this production server:
Launch a VNC session to the server. Close multiple popups from different services. Ask Windows to please not "restart to install updates". Launch git for Windows. Run a git pull. If the commits to be pulled involve deleting files, the pull will fail with a permissions error. Realize you forgot to launch as Administrator. Depending on how many files were deleted in the last update, you may need to quit the application and force close the process rather than answer "n" for every "would you like to try again?" file. Relaunch Git as Administrator. Run Git pull. Finally everything works.
At this point, I'd be grateful for any tips, appreciate any sympathy, and understand any hatred. Windows Server is bad. Git on Windows is bad.10 -
PM and CTO (direct boss) are always too busy to answer questions. CTO goes for hours without responding when I need him to clarify some task or to get access to something so I can set up something else (configure some server, whatever). PM is more available, but doesn't have the technical knowledge. CTO comes after hours asking me how the task is going, and refuses to make a call so we can communicate more effectively about stuff (whereas I never deny that to anyone when they need my help). Then, when I get late on tasks, CTO comes to me like "man, if you get stuck, ask for help". Like what is even the fucking point of asking for help if nobody will answer?
This is so fucking frustrating.1 -
My biggest mistake was that I didn't check the file extension of a uploaded file. Or more correctly forgot that I turned it off for debugging and pushed the app to production.
Somebody noticed an uploaded a hacker php script and got access to all the files on the server. Including some semi sensetive clients information.
A talk with the client that followed was not a pleasant one4 -
Going back home for the holidays means becoming tech support for pretty much the whole family, unluckly.
As soon as I enter my grandparent's home, my grandpa says "Could you print some emails?". I open his laptop, and I start sweating as soon as I see the Windows XP logo popping up. He (obviously) doesn't remember his password, and the only way to access his (mostly defunct) web mail service is Outlook 2003. For some reason, the web mail provider's POP3 server dies, and i spend half an hour trying to explain it. I ended up leaving with him saying "Why are you even going to a computer engineering university."
Ah, family.1 -
So today I found a file share containing some super super sensitive information accessible to what I think was our entire user base (6,500 users) if you knew the server name and had an interest in nosing around.
I reported it to our head of IT and heard nothing after, although 5 mins after reporting I could no longer access...
I suspect the infrastructure lead is going to be a dick (because his one of them awkward non team player kind of guys) and not thank me for preventing our company from being in national news papers... but try to spin it on why am I nosing around his servers in the first place..
I actually feel 50/50 about if I should of told or not.. but on flip side, I guess the access logs of me listing the files as I flick through to confirm my suspicions would of caused s bigger headache.
Fucking useless infrastructure engineers!9 -
Wireguard reminds me of ssh. You exchange keys and start using the thing.
You protect client by limiting IPs that can access it and you protect server by listing IPs that can connect + iptables for more advanced access rules.
And the whole thing runs on UDP and in kernelspace, so it's fast AF
iperf3 tests compared to OpenVPN look amazing: x20 times faster than OpenVPN :D
https://reddit.com/r/linux/...
I freaking love Linux! -
Python haters, gather 'round
oh come on... In java it's all simple as 123. You build an app, you have like 200 dependencies, you pack it all in a single fat jar and only deploy that single .jar. Don't need no internet, no installs, no pip, no nothing: just your .jar file and the JVM.
So java:
- build an app
- use 200+ deps
- build your whole project into a single fat jar
- deploy your jar in the env
- install [*khem khem* scp into the server] jre
- run
Now let's look at py, shall we?
- build an app
- use 1 dep
- deploy all the 20 .py files in the env
- make sure you have internet access
- install python
- install pip
- pip install <my dependency>
- run your app15 -
Yesterday, microsoft showed me once again, what it means to "obey".
I tried to install Microsoft SQL Server 2012 on a virtual machine with OS Windows7.
The installation-center asked me to choose an installation-folder for SQL-Server.
No matter what, for any folder i had chosen for the installation, the setup replied with the errormessage "The installation-folder is invalid"
So i considered asking our platform-services team, whether they gave me administrative rights for the vm.
They did. I had full access to the components of my vm.
After a few days i finally recognized, that i had picked a wrong iso for the installation of sql server.
Instead of sql server 2012 + Service Pack 3, i picked sql server 2012 ServicePack 3.
So after all, Microsoft tried to tell me by showing the message "The installation-folder is invalid", that the setup weren't able to find an installation of Microsoft SQL Server 2012.
God damned!!1!3 -
Recently made a sub 750 euro in home server with raid 1, to back up all pc's laptops and smartphones in the house to. Never been better!
Using a simple little daily backup tool on all pc's, and another app to sync 2 way to my phone, i was able to have all my data safe on that home server.
It even allows me to edit content on my phone which will sync overnight, because of the way usb access is shit on android since.. 5.0?
I am loving it! Worth every penny and week of setup effort.3 -
On today's episode of Corporate BS
I must please go update logstash on this server. Okay, so I literally just need to ssh in and run "yum update logstash"
No, I need to apply for temp root access and depending who picks up that ticket, I may have to log a change request5 -
Some tech from our ISP decided to fiddle with our connection during stand up. Our CTO is all up in his business, trying to figure out what the issue is. The tech is being pushed more and more away as our devops people join in on the chaos. Meanwhile I'm having coffee and looking forward to lunch.. Can't test if I don't have access to the server.
-
Either my server is hacked or I fucked something up two days ago without knowing, I suddenly start receiving a dms file when I try access my domain or either by IP, file name is: valroSG0.dms
Do I need to be worried :S10 -
¡rant|rant
Nice to do some refactoring of the whole data access layer of our core logistics software, let me tell an story.
The project is around 80k lines of code, with a lot of integrations with an ERP system and an sql database.
The ERP system is old, shitty api for it also, only static methods through an wrapper to an c++ library
imagine an order table.
To access an order, you would first need to open the database by calling Api.Open(...file paths) (yes, it's an fucking flat file type database)
Now the database is open, now you would open the orders table with method Api.Table(int tableId) and in return you would get an integer value, the pointer.
Now for the actual order. first you need to search for it by setting the search parameter to the column ID of the order number while checking all calls for some BS error code
Api.SetInt(int pointer, int column, int query Value)
Then call the find method.
Api.Find(int pointer)
Then to top this shitcake of an api of: if it doesn't find your shit it will use the "close enough" method of search.
And now to read a singe string 😑
First you will look in the outdated and incorrect documentation given to you from the devil himself and look for the column ID to find the length of the column.
Then you create a string variable with ALL FUCKING SPACES.
Now you call the Api.GetStr(int pointer, int column, ref string emptyString, int length)
Now you have passed your poor string to the api's demon orgy by reference.
Then some more BS error code checking.
Now you have read an string value 😀
Now keep in mind to repeat these steps for all 300+ columns in the order table.
News from the creators: SQL server? yes, sql is good so everything will be better?
Now imagine the poor developers that got tasked to convert this shitcake to use a MS SQL server, that they did.
Now I can honestly say that I found the best SQL server benchmark tool. This sucker creams out just above ~105K sql statements per second on peak and ~15K per second for 1.5 second to read an order. 1.5 second to read less than 4 fucking kilobytes!
Right at that moment I released that our software would grind to an fucking halt before even thinking about starting it. And that me & myself and I would be tasked to fix it.
4 months later and two weeks until functional beta, here I am. We created our own api with the SQL server 😀
And the outcome of all this...
Fixes bugs older than a year, Forces rewriting part of code base. Forces removal of dirty fixes. allows proper unit and integration testing and even database testing with snapshot feature.
The whole ERP system could be replaced with ~10 lines of code (provided same relational structure) on the application while adding it to our own API library.
Best part is probably the performance improvements 😀. Up to 4500 times faster and 60 times less memory usage also with only managed memory.3 -
So... I've been messing arround with my first VPS (with little knowledge of Linux).
First installed lxde to learn how to do it, then back to the terminal. then I started with Apache, watching online tuts ...
Then I changed for nginx... Looks way better.
Installed my sql, php and got stuck. Dropped it for a few days.
Today I restarted, deleted Apache, mysql, reinstalled nginx, my php (with lots of problems because of old instalations). Everything is working now except php.
After going round and arround I changed my focus to relax a bit, and remembered I still have Apache on the firewall...
OK Apache and other stuff that I installed.
Delete everything
New rules only for nginx and reset.
Cant ssh to the server... What?
Oh... Forgot to add rules to OpenSSH...
No matter, I can access the terminal directly on the website....
And it loads to ldxe, with no user set...
Fuckkkk.
Oh BTW I'm in a trial free period with no support...17 -
I hate this company so much. I was tasked to write a simple program wrapped in an API. They gave me freedom of choice to use any language and technology because I said it'll be deployed in docker anyway.
Now, when they gave me the server, it's Windows Server 2016, of course, without docker installed (or even supported in any way). The access is done via TeamViewer for which I receive ID and password by calling a guy.
Oh, and everything runs as admin. "It's easier that way and we always do it like this."5 -
After hours of development, updated code on server, closed ide, out of habbit oppened browser, went to http://localhost/, just to check how api is responding... No response. Restarted server. No response. 30 minutes of random tests/checks, no result at all. 30 nervous minutes later, realized that server was working fine... it's just me who freaking tried to access it via localhost. ffs 0_0
-
PouchDB.
It promised full-blown CRDT functionality. So I decided to adopt it.
Disappointment number one: you have to use CouchDB, so your data model is under strict regulations now. Okay.
Disappointment number two: absolutely messed up hack required to restrict users from accessing other users’ data, otherwise you have to store all the user data in single collection. Not the most performant solution.
Disappointment number three: pagination is utter mess. Server-side timestamps are utter mess. ANY server-side logic is utter mess.
Just to set it to work, you need PouchDB itself, websocket adapter (otherwise only three simultaneous syncs), auth adapter (doesn’t work via sockets), which came out fucking large pile of bullshit at the frontend.
Disappointment number four, the final one: auth somehow works but it doesn’t set cookie. I don’t know how to get access.
GitHub user named Wohali, number one CouchDB specialist over there, doesn’t know that either.
It also doesn’t work at Incognito mode, doesn’t work at Firefox at all.
So, if you want to use PouchDB, bear that in mind:
1. CouchDB only
2. No server-side logic
3. Authorization is a mess
4. Error logs are mess too: “ERROR 83929629 broken pipe” means “out of disk space” in Erlang, the CouchDB language.
5. No hosting solutions. No backup solutions, no infrastructure around that at all. You are tied to bare metal VPS and Ansible.
6. Huge pile of bullshit at frontend. Doesn’t work at Incognito mode, doesn’t work at Firefox.8 -
This was more than 15 years ago. We migrated a bunch if data (home to a new server and repurposed the old one, the same night. This was not the first task on that allweekender, so it was around 3am on Sunday, with very little sleep, when I had to copy the data. I did that by logging in as admin and copying with Total Commander. Obviously, even admin did not have the permissions to some folders, so a lot of financial data were lost, as the users found out on Monday morning. We had no backup. Old server was not only reformatted, but the disks were used to build a different raid set. Luckily, one of the users who had access to this data kept a backup on a flash drive. (If you're wondering, I should've used robocopy with backup mode)
-
Soo... Let me get this straight... My boss reeeeeeally wants me to reconfigure our database system to sync data between each of our 15 sites... Let me this about this...
Our database is an MS Access database originally written about 17 years ago. It was written as a standalone database that runs a unique instance for each of our sites.The person responsible for the database (still not the original developer) before I took over 6 years ago bragged about how they were "an 80s developer" (w...t...f!). Even with all of the fixes and additions (additions because... F&$#ing of course there are!) It's still basically held together by duct tape and spit.
Hmmm... Ok, still possible. What's the environment I'm working in... I have absolutely ZERO control of our workplace network... That's a whole other department. Due to the nature of the workplace (and it's sites) there is extreme limitation on network access.
Well... If I'm Reeeeeeally nice to the people in charge of the network, maaaaaybe they can give me access to a little server space.
A very long shot, but, doab.... Oh, the boss would really like this handled in the next couple months...
F$#k you! There is no way on God's (still) green earth that I... Alone... Can rewrite a legacy database... written across 4 or 5 different versions of FU$KING MS Access, and give 15 sites, with extremely limited networking, real time data sync in... Oh, a few months.
Now, I do not work with "computer people". I'm usually lucky when my coworkers remember their passwords (which, even if they don't, WHY tell ME! I don't run the network!)
And when I tell my boss basically what I just said... In a nice, pleasant way... They suggest I'm not giving the problem enough thought...
FU#K YOU IGNORANT ASS! Write me a ToDo list in MS Access (no, I'm not going to tell you where to start) in under an hour then, MAYBE, we can talk about... No... Just NO... Can't be done!
*Takes deep breath* so... Lovely weather we're having, right?3 -
God damnit!!
Just got a team assigned for the course I follow and the codebase they work looks like someone shit on the floor and dragged it all over place. No consistency, no clear structure.
The project has to be built in PHP (which is fine by the way) following the principles of MVC. Did I say the codebase looks like shit all over the place? Well that's exactly what it is!!
They use $_SERVER['DOCUMENT_ROOT'] everywhere!! In every fucking file!! Why the FUCK would someone possibly want to do that??
I know I'm not perfect, but what the fuck!!
Now comes the most weird thing. They have to work on a remote server without SSH access, so working with FTP is mandatory. This is because the school won't setup ssh. That's fine by me, but because of that they don't use git!! They upload files directly to the production server. They merge everything manually. I asked why they didn't use git and the answer was so fucking SHIT!! "Because the teacher wants to see who uploaded to the server.."
First off all: what happened to git blame? Second: Later I heard that there is only one FTP account, so all the things they said where just bullshit!!
The fuck.
Tomorrow I'm going to try and convince them to use git..1 -
I work in a place where I don't have ssh access to the web server. No proper use of composer. I have to pull packages to my local machine and upload through ftp.3
-
Man I fucking love debugging Windows applications... OpenVPN dun shit the bed because the management interface is locked (on the Windows client I presume?) - so poke that error message into the Gargler along with "openvpn windows"... First result, OpenVPN forums. Excellent. ... Some dickhead in the forums: "this is the wrong forum, this is for Access-Server users, and you the user MUST have terminated the process".
Come fucking on! If only I could replace this fucking device with a proper OS already (and no I can't). Windows itself being a clusterfuck is one thing but the goddamn support around it. Atrocious!4 -
!Rant #lazy
I setup my local server so I can test my apps and to mount my partitions on my www folder in a folder named "mnt" with numbered folders for each mounted partition
So I can access and download my files to phone and other devices from all over the network :)
And even watch movies that are in my computer on my phone or tv
And when I want to sleep I usually watch a movie or one episode of series which is stored in my pc ,on my phone by this method in my bed 😅
So the thing is I'm too lazy to get out of bed and shut down the server and pc
So I setup this file so I can run commands on my PC from my phone 😅😂😂😂
192.168.1.110/server.php?cmd=shutdown now&psw=mypassword7 -
Currently working on a web platform for a building management company for the last 6 months.
Setup web server, database and developed the whole using laravel and vue.
They are in the testing phase now, so I implemented IPSec so that they can only access it from their office.
Thing is, they don’t have a static IP, so when they had to switch over to a backup connection yesterday, I had to add their new IP in my whitelist.
Today I get and email from their manager, saying that after a discussion he had with his assistant, the web app is not in the “cloud”!!! He got that because I had to “do something” to restore access to it yesterday and because “there isn’t an icon you can double-click” on each employees’ desktop!!!
Don’t even know how to respond to that!!!5 -
So I got access to a new Centos server. I had to install applications like Mysql, tomcat etc. The install was easy but configuration to be done were fucking headache. Admin guys were such Assholes that they dint care much to help. It took me 3 days to finally sort out and got things running. Yay! I believe I learnt a lot about Linux. Thank you Admin for being such an asshole✌️1
-
I just joined a new company.
Their CI pipeline is to give root access to staging and prod servers to every developer in the company and the manually git pull each repository (8-10 repos per server) and manually set nginx and port configurations. And if this wasn't enough, all of the 30 sites they have are basically the same site and they make the changes manually for each tenant (no env file). I'm amazed at how hard some people are willing to work.5 -
On Friday afternoon, i got an e-mail from the IT manager of the company I'm working for.
"Due to security issues we have been forced to stop the server you deployed"
Today, on Monday morning, i got a message from the director saying LITERALLY NOBODY CAN ACCESS THE SYSTEM
I wonder what it could be.3 -
Had to create a quick server side script. Created a quick function that returns an array, and tried to access a value from the function call like this:
$val = func()[0]
Apparently php didn’t include that feature until PHP 5.4
Wtf PHP.
Log into my webhost to update the the PHP version; only to discover that the highest PHP is PHP 5.5. PHP 7 is the current revision.
Wtf a2hosting.8 -
//rant
So i ordered myself a web server and am trying to get access to phpmyadmin.
I got generated username and password for the phpmyadmin login.
So i created mysql databases and database users, outside the interface, but that's fucking it, i need to create tables as well, can't do that without the interface, cuz NO ACCESS!
Fucking piece of shit service provider, they had one thing to do and they can't even fucking do it right. How dare they call themselves web hosts at all...
It's probably a badly configured config file but i can't access the file myself to start sorting this shit out, so i got to wait at least 12 hours till work hours to be able to contact with them and sort this shit out.1 -
What a week at work...
As some of you might know, it‘s currently very hot in Germany with temperatures rising up to 35°C. That‘s when our AC at work decided to stop working. I‘m working in the third floor of a three story building so it‘s getting very hot in the office.
The day after we had a 45 min powercut and the AC still does not work.
Today when I got up and wanted to go to work, I got an E-Mail saying that we have another powercut which lasts at least three hours. We‘re supposed to work from home using VPN. But how the fuck should I be able to log into the VPN if the network is offline?! Oh and of course our GitLab server is hosted in house as well, so no access to any code at all.
Hopefully next week is gonna be a better one...1 -
Filling out IRS forms using the Brave browser in privacy mode:
---------
Access Denied
You don't have permission to access "http://sa.www4.irs.gov/modiein/...?" on this server.
Reference #18.cfc3117.1714401007.25a9c99f
https://errors.edgesuite.net/18.cfc...
---------
Filling it out using ridiculously non-secure regular Chrome browser which exposes bookmarks, history, and cookies to anyone with enough knowledge:
"Right this way, sir. Don't worry, your data is in safe hands. We're totally not mining your data for leverage against you for your political leanings in a future tax audit."3 -
Yesterday was a horrible day...
First of all, as we are short of few devs, I was assigned production bugs... Few applications from mobile app were getting fucked up. All fields in db were empty, no customer name, email, mobile number, etc.
I started investigating, took dump from db, analyzed the created_at time stamps. Installed app, tried to reproduce bug, everything worked. Tried API calls from postman, again worked. There were no error emails too.
So I asked for server access logs, devops took 4 hrs just to give me the log. Went through 4 million lines and found 500 errors on mobile apis. Went to the file, no error handling in place.
So I have a bug to fix which occurs 1 in 100 case, no stack trace, no idea what is failing. Fuck my job. -
... when you as an internee with limited access, gets your early off friday ruined by a flooding attack and one of the clients on that server somehow has your number..
-
CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.
Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.
What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.
Can anyone give REAL examples when CORS can really protect from anything?33 -
I just setup a new VPS
I made all configuration required
I reboot the server
I forgot which port I set for ssh 😭
Luckily I have console to access from 😅14 -
Have defective supermicro server, but the ipmi is working and could tell me what's going on.
Only problem is, I don't have access to it since the last owner didn't provide it to me.
So I thought let's try metasploit.
Setup local network with a second server, connect to local* address.
"Welcome to intel integrated BMC web console"
What? Its a Supermicro, did the owner reflash the ipmi? What the heck.
Msf: scan adress ....
ipmi found bla bla bla.
Msf: zero cipher scan.
... Voulnerable to zero cipher.
Was pretty happy but the doubt kept creeping in.
On my WS that isn't connected to the ipmi of my server, I go to that ip address.
Bam
"Welcome to intel BMC ......"
MOTHERFUCKER.
What are the odds that some fucker has his ipmi open to the public on that exact same address that my board was configured to.
Well, actually pretty high I guess.
Fuck. Shit.
That didn't go as planned. -
My new project: a camera sends an image of the electricity clock to a server that does ocr and submits the value to the electricity company on the 5th of every month
Current progress: spent 4 hours trying to get emails to work in scala when i found on an obscure forum that you have to enable insecure app access in your gmail to use smtp13 -
I need a bit of advice, I'm looking to rent a dedicated server for dev and test small projects and maybe host a site in the future but mainly a box I can access from everywhere and constantly online
I checked out ovh and server4you but I wanted real experience from a community I can trust, any recommendations?9 -
There are always days when everything related to school projects seems to hate me. In example we have to create a tunnel from our own computers to access uni's private server and suddenly mine stopped working. Me and my classmate were trying to figure it out for 1,5 hour and even our teacher didnt understand the hell was happening and in the end we found out that even tho we deleted the faulty line from host file the firefox still had it in its cache
-
I'm absolutely exhausted...
Just spent the past 2 days restructuring our SAAS products entire server network on AWS just so we can have a static IP address for all our server instances passing through an NAT....because we need to integrate with another service that only allows you to access their API if they whitelist your IP.2 -
I JUST CAN NOT UPDATE THAT ONE SERVER TO DEBIAN 9
- it has no /dev/sda but a /dev/ploopXXXXX which is mounted as / but I can't see it
- uname says it's Linux 2.6.32-042stab126.2 and it says Debian some lines later in the ssh login
- there is no boot loader (I can't find it)
- lsb_release tells me it's running Debian 9.6 stretch, I put stretch into the apt sources
- in /boot there are 2 different versions: 3.16.0-7-amd64 and 4.9.0-8-amd64
- and I do not have physical access to it
WHAT THE FUCK AM I SUPPOSED TO DO?!
I wanted to install OpenVPN on it but that Linux Version doesn't support the Tunnel Interface /dev/net/tun8 -
I hate ot when your client has access to new relic and they panic and start creating critical issues when the linux db server is is 80% memory..
After a 2h conference call the client said he was going to contact a 3rd party dba because he didn't believe it was normal. -
Well finished work yesterday at the company where I would be grilled over whether it was safe to run an SQL script on the server using the command line but they thought nothing of everyone having to log in to the server as root!7
-
Dude at work floats the idea of creating separate Github accounts for personal and work for security. My response:
While we're discussing options, we should also consider maintaining a list of users as a CSV^H^H^H MS Excel file, and install an authentication server that runs off the laptop of an "IT Administrator". That way it'll be super secure because hackers cannot access any system outside of working hours, as well as the days that said admin is off from work.2 -
For what fucking reason the ability to set the date and time programatically has been blocked on Android?!
Why you can create fucking invisible apps that work in the background, mine cryptos, steal your data but they decided that something like that is considered dangerous?
Can anyone give me a logical explanation?
P.S.
There are cases (big pharma companies) where the users don't have access to internet nor a ntp server is available on the local network, so the ability for an app to get the time of a sql server and set it in runtime is crucial, expecially when the user, for security reasons, can't have access to the device settings and change it by himself.
"System apps" can do it, but you would have to change the firmware of a device to sideload an external "System app" and in that case it would lose the warranty.
So, yeah, fucking Google assholes, there are cases where your dumb decisions make the others struggle every other day.
Give more power to third party developers, dumb motherfuckers.
It's not that difficult to ask the user, once, to give the SET_TIME permission.
It was possible in the past...
P.S.2
Windows Mobile 6.5 was a masterpiece for business.
It still could be, just mount better CPUs on PDAs and extend the support. But no, "Android is the future". What a fucking bad future.11 -
Today i tried made some finishing touches on my discord bot. After dome struggling i finally managed to host it on heroku.
This is what happened after I put it on a real server and my dorm shut down internet access2 -
Literally every single task except one has me waiting on stuff from other people. The remaining ask is waiting on root access approved for a server
Uugh. I'd take dealing with some obscure bug for 4 hours over this nonsense1 -
Reporting server connection to database is down, probably due to a user access restriction.
reported the issue to the India sql datacenter and got back: Yes, We see that the connection is down. ( I sent them screenshot of it including the error message ) There is no such database available.
Me: Yes, well I'm in the db working right ( send screenshot) now.
India: ..... disappear offline.1 -
Never knew ww1.localhost.3000 is registered until a noob in our team tried to access the local dev server :(10
-
10 Signs You Picked the Wrong ISP !!
10. Their company logo: two tin cans and a length of string.
9. You check out their address, and it's a phone booth containing a Compaq portable and an acoustic coupler.
8. Their chief technical officer lives in a 10-foot-by-7-foot shack in the woods.
7. Their proud boast: "We've been on the Internet since it was CB radio."
6. Their promo materials use the words "information" and "superhighway" in the same sentence.
5. You order an SLIP/PPP connection, e-mail, and 2MB of server space for your personal Web site, and the voice on the other end of the phone asks, "Would you like fries with that?"
4. "As seen in Better Business Bureau special reports."
3. "Access speeds up to 9,600 bps in most areas."
2. They hawk both domain names and Rolexes on street corners.
1. They charge by the word.2 -
One day I helped another teacher with setting up his backend with the currently running Nginx reverse-proxy, peace of cake right?
Then I found out the only person with ssh access was not available, OK then just reset the root password and we're ready to go.
After going through that we vim'd into authorized_keys with the web cli, added his pub key and tried to ssh, no luck. While verifying the key we found out that the web cli had not parsed the key properly and basically fucked up the file entirely.
After some back and forth and trying everything we became grumpy, different browsers didn't help either and even caps lock was inverted for some reason. Eventually I executed plan B and vim'd into the ssh daemon's settings to enable root login and activate password authentication. After all that we could finally use ssh to setup the server.
What an adventure that was 😅3 -
My group set up a Linux Dev server. We got hacked by Chinese hackers. We set it up again but even more secure with only people inside the uni can access it. We got hacked again.Turns out one of the modules in a container was using an outdated CentOS version. P.S The malicious file on the server was called kk.love.1
-
Testing an application we were going to partner with. My colleague and I where able from the login screen to drop all databases including the system ones and use xp command to send email and access the server.1
-
Hey Guys
So... I Have a question / rant / frustrated commenting to do...
WHY THA FUCK DO FIRMWARE TAKE SO LONG TO UPDATE!!!
been configuring my webserver and 2 p2p cameras to access from the outside, and for each click or change can take 1 to 5 minutes to implement...
And then, like 6 or 7 hours latter I notice that everytime the port wasn't associated, a small label in like size8 text shows that port is already in use...
And... Da FUCK??
I'm associating the ports myself... how can port 82, 83, 84, 85, 86, ... be In use?
I have my server in 80, WebDav e another non relevant port, and trying to find open ports for the p2p cams...
Fuck I'll just delete all that services that no one uses and are pre configured, like, emule? napster? FifaPC? WTF? I never played Fifa, don't like socker. KaZaA SERVER? WTF why does this shit comes pre-configured?
Btw I'm writing this while I wait for the router to finish every time :p7 -
Professional Home File Server Setup.
Using an old laptop and drive I made this. But I had nowhere to store. I have to use Team Viewer to even access it now for maintenance. -
When the ops team needs to go through a 5 step "protocol" over a couple of days, just to open a damn port in the firewall, so that our CI server can access the local GitLab server..
Seems like the migration of the last couple of projects from SVN to Git is going to take a little longer than I expected.. -
When your IT VP starts speaking blasphemy:
"Team,
We all know what’s going on with the API. Next week we may see 6x order volumes.
We need to do everything possible to minimize the load on our prod database server.
Here are some guidelines we’re implementing immediately:
· I’m revoking most direct production SQL access. (even read only). You should be running analysis queries and data pulls out of the replication server anyway.
· No User Management activities are allowed between 9AM and 9PM EST. If you’re going to run a large amount of updates, please coordinate with a DBA to have someone monitoring.
· No checklist setup/maintenance activities are allowed at all. If this causes business impact please let me know.
· If you see are doing anything in [App Name] that’s running long, kill it and get a DBA involved.
Please keep the communication level high and stay vigilant in protecting our prod environment!"
RIP most of what I do at work.3 -
Fucking remote db doesn't want to work with me and workbench. DB is on an empty test server, no firewall issues on the network, powershell on my pc says ping ok, tcp failing though, server firewall not running, server up and running.
Tried to modify network access on db configs like bind-adress, set my db user "host" value to wildcard. Now I can log in on workbench with my user, yet root somehow fails, wtf?
And of course once the connection is live, no db us visible, accessible, nothing works. I'm so frustrated. About to nuke it and restart ... again!13 -
Holiday in 6 days, wohoo. 3weeks in Thailand. So ready for it.
Currently working on a huge real estate website. Design got approved yesterday, yesterday I finally got partial access to the clients real estate data. Where the data is uploaded to our server as zip files containing a xml file and files attached to it.
Deadline is tomorrow, but has been pushed back 2-3 weeks, which sucks as I probably have to work whilst on vacation4 -
The fuck? I'm trying to automate login for an asp.net website from a C# console app using HttpWebRequests. I used Fiddler to see how the login happens and how the browser obtains the session and auth cookies from the server. When I replicate the same procedure from C#, I am able to get both cookies withoth a problem, but when I try to use them to get data about the user, I get a 500 ISE. What the actual fuck? I've double-checked every single header and the URLs and it's doing literally the same thing as chrome: Get asp session id (POST)-> get an auth cookie (POST username and passwd) -> interact with the site using the session id and auth cookie (GET). And obiviously I don't have access to the server logs... :/2
-
I just think about it ...
Running docker on windows is shit
Running nginix on windows is boofff
Running apache on windows is boofff
Running WWS on windows is hugly
Install linux
All server software run like king
Don't have access to any adobe product for design and micro$hit office for client sanity because ODF is to special, i want my docx i said ... Like what do you want from me ... Shit the dev setup is a fucking mess because some enterprises don't want to wet itself in the futur...
Microsoft love linux BULLSHIT6 -
What are the symptoms of a broken openssh server?
I completely lost access with connection reset by peer, however, earlier today I kept having my session auto disconnect on only one server, the only way I could gain access is to remove and then install openssh again
But on this particular server, I have not even changed ssh port, why did it get broken?15 -
Ugh, I feel like fucking crying every time I have to explain to the other developers and network sysadmins that we can't have the same Redis server for both session and caching data in the current project we're working on. I wrote all this down in the specifications which NO ONE reads!!
There are times like these I wish I just had access to the AWS account so I can do all of this myself.3 -
My employer really needs to invest in better machines.
My VM is still running a Windows Update that has taken 50 minutes already.
Fucking 50 minutes in which I couldn't do a fucking thing.
Either the windows update is a huge update but my guess is that I'm on a slow as fuck hard drive that gets virtualized with about 3 other vms
(we use remotedesktop to access the vms that run on the server)2 -
People who freak out and think they have been hacked when you send a message to them on the prod server using the wall command should not be allowed SSH access.
-
Just spent all morning adding my own user account to my local MongoDB because some network security guy found I was running an unprotected server on my PC....
I tried all the admin roles to get full access across all databases I have but none worked....
Until I see one at the bottom of the official documentation:
root -
The secondary access point stopped working, turns out the date/time is wrong. You guessed it, the ntp server is hard-coded in the firmware (last version), no option to change it, it a linksys but not supported by openwrt.
Grabbed a second one, flashed with openwrt, same shit, and can't access by ssh because it's an old dropbear build.
Hate trashing things, but sometimes too much is too much 🍺2 -
It's 2016 and Android still doesn't support ODBC (let alone OLEDB). Every time somebody asks how to connect their app to a database directly, the groupthink brigade goes "dur hur, use JSON/SOAP/XML services cuz raisins!1one*." That wasn't the fucking question. I don't want your framework-cobbling make-work dependencies. Even the cretins at Xamarin, trying desperately to hook Windows C# programmers, only have SQL Server support because Microsoft fucking did it for them. WTF have Android developers done over 7 OS versions if basic features like database access are still fucking missing? No wonder the App Stores are full of Mickey Mouse garbage.
*raisins!1one = "I don't know how to secure a database so I'll just yell 'security!1one' so people think I r smrt"5 -
"You need me to fix a report? Ok... Since I don't have access to that server, email me the report."
"Umm, it doesn't have connection info. Can you send me the username/pass for the DB?"
"Ok, so the DB isn't set to work normally on this report and has to be a UDL file... Can you send me that file?"
"All done, here you go!"
"WTF do you mean you're getting a database connection error and you're looking to me to fix it? You seriously don't remember that it's all shit you gave me?" -
I don't have any experience with cloud providers and I need to get a server for a project.
The website will be up for 3 weeks, access will probably be very uneven, the total user count is somewhat below 2000.
The site will probably be quite interactive and real-time, content may be changing every few seconds for an hour and then remain unchanged for days. I will also need either SSE or websockets for this reason.
What should I consider when selecting a cloud providers? Do you have a good one? My ideal provider would scale resources according to traffic like I've heard AWS does, but I want to hear your opinion first especially considering I know very little about how server load works.1 -
When I thought things couldn't get crazier that my vmware to win chrome mess.....
Doing an upgrade today when I have to VPN in from my mac to access a Web based secret server to get onto another VPN so I can RDP onto a Windows bastion host to then RDP to client windows servers within the RDP and from those hosts need to use putty to ssh into Linux servers to do the admin activities......
Now I'm obviously all for security but seriously VPN to RDP to RDP to ssh is just a bit mental......
But all of the SSL certs between each env is self signed anyhow......2 -
Finally decided to get myself some remote server on DO, faffing around and setting things up, and suddenly I decide to look at my access logs, someone was trying to figure out how to connect to mysql, phpMyAdmin and what's not... Too bad for him I won't have any of those installed until I know how to properly secure all this :)
Heh... Welcome to the real world I guess?4 -
Disclaimer: Technically it's not "our" stack, but we have to use it so....
A webapp we built runs inside the company's network we built it for. Their IT are windows lovers, so everything has to run on Windows servers, even the tablets which are used to access said web app need to have windows.
Their company network isn't accessable from the outside world, so we have access via VPN to get into their network. But this isn't enough to access that shitty windows server our software runs on. After that VPN, you have to connect to a different VPN to which you can only connect to while you're inside the company's network. Then you have access to two servers, one the application is running on and one, well to see if you're changes were deployed correctly because the production server doesn't have a browser on it other than shitty internet explorer 8.
The only way to connect to the server is using RDP. Not even samba or so. To deploy the changes we made to our app, you need to copy paste the files from your local machine to the server. And don't get me started on running mssql migration with the shitty mssql console 😤😤
Why would anyone who isn't a complete idiot use Windows for servers or mssql in the first place????2 -
Fuck these apache2 and nginx configuration that fucking make my life miserable. Why can\'t I fucking edit the files inside /var/www/html? Fuck that. Why can\'t I access a subdirectory inside it? Fuck! In Node.js, you can fire up your server pretty easily. Then you tell us that JavaScript sucks? Fuck me dead.21
-
After 4 1/2 hours of testing I have redeployed my postgresql database from Windows to Debian Server. I can now access my database and deploy webapps from any computer, anywhere, anytime.
It's 2:30 AM in the morning. I am exhausted but fulfilled.1 -
*The one where he breaks ssh*
TL;DR: Minikube's dick is too big, and my ass wasnt ready.
So there was a time about 2 weeks ago where i wanted to try and set up a minikube cluster using SOP, and that actually went okay, aside from having to move over to a completely different server after discovering that my processor doesn't support virtualization.
So i set it up on my other server, and everything immediately starts going to shit; i can no longer run commands without processor latency. Also top shows 200% CPU usage. Maybe i should stop... NAHHH... so i continue on, and the biggest fuck up was starting up the nginx pods. I have 6 of them, and the moment i try and stand up my custom container which was the WHOLE POINT of this whole exercise, i lose ssh access and cant get back in. I go over to the server and kill the minikube and virtualbox processes, and everything's back to normal.6 -
Yeah, we *COULD* do AWS for the home (and homebrew as well) RPC program server... or I could get a Raspberry Pi 3B+ for the house. I mean... it'd be cheaper and easier to access.
(Low-res screenshot warning, too.)3 -
A while back I was looking for a new job and was given an interview by one company who shall remain nameless. Before the interview, they asked me look through their current site, nothing unusual there, so I started browsing. Then I received an email with all the details I needed to access their production server. Apparently they wanted me to look through the code, unusual but I did so.
First thing all the passwords, including those belonging to members of the public were stored in plain text and many were still the default passwords which were based on the Id so were sequential.
I highlighted these issues at the interview and they then asked me to do a test, not the usual test though, they asked me to add some charts to their prod site. Needless to say that didn’t happen and I got another job elsewhere.1 -
not really that hacky but it was something back then
when I was still learning front end development. I enabled live server on my vs code, connected to a network went to a different PC and connected to same network, went to browser on second PC, entered the other PCs IP adress and added the port number provided by vs code, I was able to access the website I was working on so as I worked and saved the site automatically refreshes on the other computer and i saw the results immediately
this was because I had an 11 inch screen PC. a hp mini. was practically impossible to work with that so whenever my roommates PC was free I'd do that without having to code directly on his PC
later on I enabled auto save on vs code and it seemed I was on a roll. lol -
I want to access my Server from anywhere. Should i use something like noip.com (DynDNS)? Or is there a better way?11
-
!Dev
If I was rich I think I'd donate to schools and children educational funds a lot
There's so much more that I've been able to learn about and do now that I have my own income stream and it's not just my dad supporting me and my 2 brothers himself. so I have the means to buy a server off eBay, or get books every few months on topics I find interesting, or upgrade my ram to an obscene 48GB to toy with ML and AI from my desktop when the whim arises, as well as all the stuff I'm learning to do with raspberry pi boards and my 3D printers, and the laptops I collect from people about to toss good fixable electronics
So I think I'd want to open the same doors for other children if I ever could who knows how much farther I could be if I had this same access when I was younger and didn't get access to my first 'personal' laptop when I was already 14 or 15 years old
I still consider my childhood 'lucky' and I had many opportunities other children couldn't get, but if I ever could I think I'd like to make future children have more opportunities in general1 -
so some controversial opinions
Our company is moving most of our code style to snake_case, even the JavaScript. Here's our resoning:
Take the CustomerAccountMembership model. In our Python server, we would access it as obj.customer_account_membership, in JavaScript as obj.customerAccountMembership and our API endpoint as api/path/customer-account-membership. Thus we had several String utility functions such as `camelize`, `kebabChop` (which is ironically camelCased) and `snakeify`, and we would use them in translating from URL path to JS to Python, which was troublesome.
Now HTTP allows _underscores_ unescaped and do not pose any significant meaning. JavaScript also accepts it as a valid character in variable names. On the other hand, HTTP is strictly lower-cased, and all computer languages use the -dash- to signify subtraction. Sooo the _underscore_ is the only style that is compliant everywhere.
Unless, of course, we go with customeraccountmembership, which I refuse to do.
I'm not that deep into code character rules.
Opinions?7 -
I'm kinda amazed at how simple it is to host my private git server on my raspberry pi. That being said I couldn't get it to work well as an access point with hostapd. Therefore pushing and pulling while on my home wifi works like a charm, but doing this in public requires ethernet. Having an Ethernet run from outside my backpack really does make me look like some hacker terrorist person, especially in NYC5
-
git push # via a slow network
> ssh: connect to host github.com port 22:
> Connection timed out
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.
yes, if I have to wait for your server to time out, I can waste more time checking my permissions and that the repo still exists - as if ...1 -
I got a very low power Netbook lately for basically no money.
I thought about using it for some server monitoring / server access via ssh console.
Which Linux distros would you recommend for such a use case. Tried Something like core-os and Debian(lxde) yet but wasn't very satisfied with both options. Both could not display the battery capacity and Debian didn't detect the Intel WiFi.
The Netbook has 512mb of ram which should be fine for a lightweight gui and more than enough for a ssh connection 😅
Thanks a lot for the recommendations :)12 -
So I guess this doesn't really fall under dev, more web and net admin, but here it goes.
I am trying frantically to migrate our (@Gerrymandered and I) website from a hosted solution with Namecheap to my new personal badass server, Vector. The issue is that I need to host multiple subdomains under one IP. I learned how to use apache2's VirtualHost feature, and eventually made them all work. But now we need to get our 3 year SSL Certs that we already paid for working. Try to get ssl pass through... Nope. Fine, just use the VHost then forward it unsecured to the local ip which only accepts connections from the Apache host. But wait! I want to access my ESXi config page remotely too! Good GOD it is a pain in the ass to get all of this working, but I somehow did. Evidence is at https://git.infiniit.co, which is hosted on the same network as the ESXi control panel. *Sigh of relief* now I can sleep right? 😥29 -
Question.. architecting a large system. I’ve broken it down to microservices for the DB and rest API / gateway
I want there to be some some processes that run continuously not event driven via rest. Say analytics for example what is the best way todo that? Just another service running on on a server? And said service has its own API? That when the other rest APIs are called could then hop and call the new service?
Or say we had a PDF upload via rest should that service then do the parsing before uploading to DB .. or should the rest api that does the uploading then call another rest api to another service dedicated todo the parsing and uploading to the db?
I think the bigger way to explain the question is the encapsulation between DAL.. data access layer which I have existing.. but then there’s the BLL .. buisness logic layer which I don’t know if it should have its own APIs via own microservices running in the background.10 -
Hey guys
spent all day with a new project, maybe you guys can help.
I have two p2p cameras that I want to setup and access when my family goes on vacation.
Cameras are working (with mildly success) , now, what Is the best option to access them from the Internet?
I can send e-mails, but can't config the SMTP server (don't know why always gives connection error, but guessing that maby this kind of products are blocked from sending e-mails), tried Gmail, mail, and Hotmail.
ftp-server.. don't have any online (have a VPS with 200 mb free ram...)
Tips? ideas?
Thanks, guys12 -
Ha! Our Ops Support DBA Manager just asked (tongue in cheek) "if we are now supporting MS Access, too?" To which of course, the answer is no. Business user who install Access on their desktop and use it for business, get to provide their own support. As their Dev DBA, I'll be more than happy to help them migrate their data to SQL Server, Oracle, or Teradata, depending on the Use Case for the data. But, no, we don't support Access. Ever.
-
I‘m currently trying to get an SFTP user for our school's webspace (preinstalled WordPress, don't hate it - it's "great" for non-"it" people) and our network administrator means that he can't create one for me because I would have access to all files on the server.
WTF, you can create SFTP users on Linux and restrict their access and even set a home directory.
Yeah, now we need to forget about themes and plugins in WordPress.
(He said that he also can't create an FTP user)1 -
Thats so bad. Since about One week our Internet is broken. We don't have access anymore. You feel useless, because you can't do anything. No Phone (because its also with the Router) , No Internet, No real programming. You can't Look something Up, you can't Log into your Server, Database and so on.
And the shittest Thing about that is that the #Telekom is sorry to say that but absolutely Shit. We have made an appointement on friday. They should come to fix the issue. We have waited the whole day. He didn't came.. Now He wants to come again tomorrow...
I hope everything is right then and We have Internet again.. thats uncool.1 -
So, I manage my server with docker containers (nginx-proxy and the letsencrypt-companion). I limit access to some subdomains using basic auth, but I want to use client certificates for convenience.
So my questions to the experts:
1) Do you know a good (and convenient) way to manage client certificates ? This should include revoking certs and allowing specific certs only for specific subdomains.
2) Should I use my letsencrypt CA for this or would a self signed CA better suited?
3) Any things I should be aware of?1 -
When I found out that the server I use weirdly implements SSH login.
For some very odd reason (probably a historical one,) you have to access the web-app console and press a button TO GRANT SSH ACCESS TO THE F*<KING IP ADDRESS FROM WHICH I PRESSED THE BUTTON. The server blocks the wrong IP addresses outright. And only one active allowed IP at a time. This totally obliterates my plan to perform CD on this server. Why can't I just register public keys?
Then I learned several months later that they introduced a new server plan that *does* support the public-key registration. :facepalm:
I'm divided on whether to change my plan in exchange for a rather significant increase in the monthly cost.3 -
What can you do if your boss is basically refusing to give you access to a server that you need access to to do your job? It's really weird to me. Only he has access to any prod systems we have. Is this realistic? Is this more of an attempt at staying necessary and needed? I'm pretty fed up with it as I've had prod access at every other company I've worked for and have nearly ten years of web experience .. what gives?11
-
These cloudways people are crazy. I tried a trial on them, only to learn that we don't get root access to the server which they never really mentioned anywhere.
Also, they hiked the price like 20℅ on starter plans, which again was only shown i logged in.
And this guy has been emailing me since last 2 weeks, telling how couldn't call them or contact me. I'm so glad. I never replied and he still emails asking for feedback!
I legitimately feel like I'm getting stalked.. :|
I'll give feedback , maybe 1000 years later! -
So I´m still working on that Sync to get rid of this abomination called Wrike.
Now I have a problem.
To be able to sync mantis with our software I need to be able to create projects in mantis through the API.
No problem.
But then again, I need to link custom fields to that just created project.
The mantis API apparently doesn´t have that.
I now have two options:
1. I expose the custom field functions myself on the REST api.
2. I gain direct access to the mysql database and do it within my sync job in the database.
Well I´m not a web developer. Like, at all.
But I thought: Hey how hard can it be?
So I got an Apache server with php, mysql and XDebug running with VSCode.
Works better than expected.
But now that I have actually seen the mantis code, I´m seriously considering number 2 again...
Fucking php... -
What tools do you have access to at work?
I don't work a tech company, far from it. I love it but both the hardware and software at my disposal are so shitty I'm starting to lose it.
Running Windows locally, I'm not allowed any Linux distro because "security." Indeed, I don't even have admin rights on my machine. It was rejected. The excuse being that I am sudoer on a server, which (and can only be) physically located in our headquarters.
Today I found out this server's CPU from the dark ages does not support tensorflow, so here I will be building that shit from source tomorrow (no GPU of course).
And thanks for 4G of RAM on what you refer to as a "power" machine.3 -
Me, trying to access an old mysql database on a Linux server, the root user gets rejected. Out of frustration I delete mysql entirely and try to start again.
I was not using sudo to access the root user...
In the bright side, the deleted mysql version was actually an old one, the database is actually fine.1 -
When the guy who hosts the development server goes home earlier and you don't have access the the server. I'll be dammed, but there's nothing I can do expect play mobile games
-
I have an Webspace for years, today I Just bought a very Small v server so I can play with it a Little bit.
Its cool.
I connected to it via ssh.
Installed everything I needed, then I wanted to allow login only with rsa keys and with No Password. Set it Up, it worked. But it was possible to Login also with the Password even when I forbidden that.
I accidently set PermitRootLogin to No.. Yeah... You know what.. now I Cant Access my Server anymore xD Shit.
Have to reinstall the complete Server..9 -
I've been working as a web dev intern for my college's IT department for about three weeks now. Knowing that I have the access to the cms, file server and database... Muhahahahahahahahahaha😈 but I guess I will be a good boy and only screw around in my test environment.
-
me: can you help me debug this issue in our artifactory server?
ops: we don't manage that server. devs do
me: can I get access to manage that server?
ops: why would you need access??
me: to manage server ಠ_ಠ
ops: exactly what commands you will need?
me: ಠ_ಠ -
Work Pc is windows xp.... Dev board requires a Linux tool chain... The PC falls over trying to run a VM, so end up needing to run a VM on our CI server (beefiest bit of kit I have access to) , I have to deal with laggy eclipse, over RDP to the VM. On top of that the dev board comes with around 10k pages of documentation.... Most of which either doesn't work, or is missing vital bits of information.... Oh and PM has promised a working product to customers in less than 3 months l, despite us not actually managing to get the desired platform to even boot correctly yet.... *screams *2
-
The whole windows server + ms sql server ordeal is the biggest fucking joke I've ever seen in my time being a dev.
The ms sql dashboard uses a hidden user to access files and stuffs, so I spent 1 hour trying to make the dashboard's explorer to find the database dump file, only to find out that the file need to be owned by the hidden user. So
I spent about 1 hour trying to set the correct owner of the dump file, but to no avail, the explorer still couldn't pick it up. Then I spent another hour to set the correct owner for the containing folder. Finally, a 6 years old answer on SO point out that I should just put the fucking .bak file in their default folder, and voilà, the fucking thing works like a charm.
I can't get why Microsoft has to go out of their way making permission management on their os so fucking convoluted. The fucking usernames are a fucking mess, you have to go through a bunch of form to change just the owner of a file (please don't start me up with that running some command on powershell bullshit, I would rather deal with bad GUI than a badly designed CLI)
If I were to being positive though, Microsoft is actually one of a few tech companies having a good technical decision of moving their shits over Linux. -
I'm trying to improve my email setup once again and need your advice. My idea is as follows:
- 2-5 users
- 1 (sub)domain per user with a catchall
- users need to be able to also send from <any>@<subdomain>.<domain>
- costs up to 1€ per user (without domain)
- provider & server not hosted in five eyes and reasonably privacy friendly
- supports standard protocols (IMAP, SMTP)
- reliable
- does not depend on me to manage it daily/weekly
- Billing/Payment for all accounts/domains at once would be nice-to-have, but not necessary
I registered a domain with wint.global the other day and I actually managed to get this to work, but unfortunately their hosting has been very underwhelming.. the server was unreachable for a few minutes yesterday not only once, but roughly once an hour, and I'd really rather be able to actually receive (and retrieve) my mail. Also their Plesk is quite slow. To be fair for their price it's more like I pay for the domain and get the hosting for free, but I digress..
I am also considering self hosting, but realistically that means running it on a VPS and keeping at secure and patched, which I'd rather outsource to a company who can afford someone to regularly read CVEs and keep things running. I don't really want to worry about maintaining servers when I'm on holiday for example and while an unpatched game server is an acceptable risk, I'd rather keep my email server on good shape.
So in the end the question is: Which provider can fulfill my email dreams?
My research so far:
1. Tutanota doesn't offer standard protocols. I get their reasons but that also makes me depended on their service/software, which I wouldn't like. Multiple domains only on the business plans.
2.With Migadu I could easily hit their limits of incoming mails if someone signs up for too many newsletters and I can't (and don't want to) micromanage that.
3. Strato: Unclear whether I can create mails for subdomains. Also I don't like the company for multiple reasons. However I can access a domains hosted there and could try...
4. united-domains: Unclear whether I can create mails for subdomains.
5. posteo: No custom domains allowed.
I'm getting tired.. *sigh*21 -
I just got hired at a small MSP and I’m just utterly fucking frustrated by the shitty tools and complete lack of client documentation. I want to implement tons of FOSS tools for these newbhats but they seem to like spending money on tools that only work half-assedly at best... looking at you LogMeIn!
I’ve setup Apache Guacamole a few times before and want to get each client a guac-srv setup for client’s server mgmt. or PowerShell Web Access for clients.
I want to build AWS infrastructure for clients cause we can use cloudformation or terraform to build infrastructure. But these skunk-taint licking dipsticks would rather support physical 2003 servers. If I didn’t need this job to pay my bills right now I’d be fucking gone.
But... they are very nice people.
Just technologically speaking, they eat lead paint chips for breakfast and like to piss on electric fences for the funsies. -
-Recently started a new job so I’m new to the infrastructure-
Spent the vast majority of the day trying to SSH into one of my company servers to sort some random bug out on the website & the connection kept being rejected despite the day before it working when passing the .pem key into the SSH along with the ip & my username, nothing new there.
Anyway, everyone’s mad busy so I don’t wanna bother anyone to ask why, so I check confluence, no documentation for SSHING into our scheduler or the code the server I need to access. Never-mind.
Spend another couple hours trying debug it on my own, no luck. Never-mind.
Finally seize my opportunity and ask for help; ‘Oh the server IP changes daily so you need to run a task through our scheduler that you need to SSH into to return the list of IPS and that dynamically changes so that’s how you get the IP’
Oh ok. Why is there no documentation for that again? I mean. Thats generally some pretty important information you’d pass onto your starters.
At least I can say I won’t be making that same mistake again.5 -
Sorry, I'm very stupid and know nothing about cloud development.
My need: I have a php code I want to put in cloud and launch as a task every N minutes automatically until I decide to stop it.
What is the best solution to do it, do you know some good services that allows me to do it easily, quickly and affordably?
For ex. "Heroku" allows me to do something like that?
Thanks in advance, I would really like to learn this part of software development I never touched in my life.
P.S. It's not a service I want to put online with access for users, it's just a "script" I want to have running on a server until I'm done.5 -
WSL GUI... WHY?!?!
I have an assistant(no better defined title) in Myanmar who we've ruined from ever being a "normal" 21yr old Burmese kid again... First non-android computer experience was remote access to our local RHEL server; He's gonna be a dev... being a blank slate, started him primarily on CLI.
Yesterday he tells me wsl stopped working and he can't figure out why. I ofc asked what the last thing(s) he did was... simple wget. I tunnel in, check processes... one of the catch-all wsl ones had hulked out.
Despite very limited abilty to trace whatever was going on, I found what I thought may be responsible. Quickest way to know, kill it...
Whatever will we do without GUI for wsl debian?!?!?
Seriously... the wsl Deb culled things like systemd for simplicity... but arrives loaded with numerous GUI functionalities. I reeeeeallly want to know what advanced practical applications are coming from this -
So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.
So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).
There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.1 -
I was setting up a CI build machine. Builds were supposed to be ran in disposable containers, but I needed a way to trigger a task on the host from inside the container. I didn't want to give containers shell access to host - kinda misses the point.
Solution: a server running on the host and listening for predefined commands on a named pipe. The pipe was bound into containers which would simply echo commands into it. Very simple and effective.
The hacky part? The server was an 8-line bash script.1 -
I wonder if there is any technical issues that prohibit the creation of open source websites.
By "web sites" I do not consider CMS like Drupal or word press, but rather entire end web site sources.
In fact anything (frontend, backend) except database content that contain user data and credentials.
Not for reusability purposes like CMSs, but simply for transparency and community development purposes, like almost any open source end application.
I agree that a web server is much more exposed than a classic desktop app, as it has lots of targetable private data and internet public access. But for some non-critical purpose this seems to be affordable in exchange of better code review, allowing a community to help improve a tool it uses, and better (not perfect though) transparency (which is an increasingly relevant question nowadays, mainly towards personal data usage).6 -
Guessing my rant free streak is over. Trying to connect to a mongo atlas cluster. Just migrated from mlab as mongo Inc is discontinuing the heroku add on.
Migration went well. I can connect to atlas cluster via mongo shell.
Reactive mongo claims it supports dns seed list. I add mongodb+srv connection string. Doesn't work.
I go back to atlas and allow all ips access (migrating staging dB first to make sure all is well so I can whitelist all ips) - > send a request-> mongo error. No primary node is available.
Disconnect from my network, connect to another network, same thing. I push the connection string to my server, test using an ssl connection to make a request, still no primary node available. I am about to lose my mind. -
Which ons is less risky and which one Is most profitable to succeed ?
0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)
1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.
2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available
3- brute forcing admin password :/
4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)
5- any other way .
Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.4 -
I spent 2-3 days on debugging code written in assembly script. Apparently, you need to initialise an array using new method otherwise it re-uses the previous array from the same scope and it has created infinitely large array. Just wtf.
And I got error like "wasm blah blah blah blah blah blah".Just give proper error.
Running the environment locally wasn't an option because well it doesn't fucking work locally. So, I have to forcibly test on CI and they have created a site that can show you logs because you can't access or query data directly from server and while debugging you try to log something it randomly works sometimes and sometimes you get output from god knows which deployment. Just create a fucking API for displaying log or build a proper docker so that we test it locally.1 -
What would you recommend for an programming aprentice?
Dedicated server (DS) or shared hosting(SH)?
A DS is more expensive, but i could learn much more in Ops. Shared hosting is cheaper (and i already have a virtual one with access to root, but no sudo)...
- Greetings from switzerland.
PS i only choose swiss hoster ;)5 -
Dear Lord, please stop people from enforcing standards and bypassing them themselves.
Take kubernetes for example. Since v1.24 CRI has been announced as the standard, and kubernetes is shifting to live by it.
But it's not.
Yes, it's got the CRI spec defined and the unix://cri.sock used for that standardised communication. What nobody's telling you, is that that socket MUST be on the same runtime as the kube. I.e. you can't simply spin up a dockerd/containerd/cri-o server and share its CRI socket via CIFS/NFS/etc. Because kube-cp will assume that contained is running on the same host as cp and will try to access its services via localhost.
So effectively you feed the container via a socket to another machine, it spins up the container and that container tries to
- bind to your local machine's IP (not the one's the container is running on)
- access its dependencies via localhost:port, while they are actually running on your local machine (not the CRI host)
I HOPE this will change some day. And we'll have a clear cut between dependencies and dependents, separated by a single communications channel - a single unix socket. That'd be a solution I'd really enjoy working with. NOT the ip-port-connect-bind spaghetti we have now.4 -
there it goes again
rip my college access, i'm in an infinite loop of this and can't break out
i have to wait for the server to deauth me on its end, should take 48 hours or so2 -
Fuck you, whoever kicked me out of LinkHub Discord server + revoked repo access... i even contributed. I don't care if you shut down everything, just say something before kicking me out... rude mf3
-
me: this installation needs swap space on server
ops: we don't do swap space on AWS
me: ಠ_ಠ OK, what other solution can you provide me?
ops: here, use this real (bare metal) server we have
me: will it have all the same access and installed packages I had used on the AWS server?
ops: no, you need to create tickets for that
me: ಠ_ಠ -
Work email conversation with a COTS app support tech:
Tech: Could you provide me the following from Sql Server? (instructions followed)
Me: I am not the DBA, but I've sent them the request.
Tech: Could you send me the following from Sql Server while we wait? (Instructions followed)
Me: As I said, I don't have permissions to access what you want.
Tech: Oh, I see now, you most likely don't have proper access to be able to retrieve the information.
Me: ..yeah. Thanks. -
Ranters, I need help
Does anyone know how can I run something as a systemd service and still have access to the "console" - the input and output of the program, when I need it?
(It is a minecraft forge server and there are multiple people managing the physical server and one of them managed to corrupt the map yesterday by rebooting the machine without stopping the minecraft server... so there comes the need for a service so it can shut down before the machine reboots... but I also need the access to the console of said minecraft server because sometimes when some modded items are misbehaving the rcon will stop responding while the console still works)
Edit: currently I am running the minecraft server in a detached screen (ddg "screen linux" if you don't know what I am talking about)5 -
"I need this server account to have sumo and ssh access for the install of this software"
but if that software requires sudo, who not run it as your login account? and instead of ssh access, why not sudo over to the service account?
God I hate when people don't understand how Linux works... -
finally, I have access to dev server. this would be great if that server wasn't a standard installation of openSuSe.2
-
How do I deal with this;
Edge case hiccup on production, no errors in the available logs(very shallow logging), no access to the production server, issue unreproducable on staging and a manager that want me to fix it AFTER I already said that im kind of sailing blind and can't do much without logs or access, and already looked at it with another dev who also has no idea what is going on3 -
When you have a customer that is a pain and you have to do a new contract since months but they are no replying but at same time there is a bug in a plugin they are using.
They are not updating their plugins in production but only after a test in staging.
In production there aren't write permission from web server side, so only they have access.
And the plugin has a 0-day. -
So the developers in my workplace have blocked a server for themselves each when they know that there is a shortage and everyone needs to cooperate and share them. Now when they get stuck in any issue they expect me to get them out of it but just as soon as I ask for a server space, they are all like it will impact my working and we can't share. Now what would you expect me to do the next time you come to me? Do you seriously expect me to welcome you and your problems with open arms or make excuses to you when such a scenario occurs. Sometimes I think that the one thing missing here is a sense of basic human decency.
Now the zinger here - I've had similar experiences earlier and fortunately, I'm the resource administrator for the projects cloud account. Whenever these a**holes require any cloud resource, I make them go through tons of approvals which I have a blanket access granted before providing them access. Who's laughing now?2 -
So I finally got something to allow me to pipe my network over ssh when I need it.
alias mcserversshproxy='ssh -p <port> -N -D localhost:9999 <user@server>'
I can now use the internal webpage in my network by configuring a profile in firefox as a proxy. Kind of slick!
This tutorial, despite its flaws, helped me work this out:
https://coolaj86.com/articles/...1 -
Fuck these IT corporate proxies
Nothing just *works* and you have to fiddle with shit all the time and waste hours and days
The worst thing is the team I work on and their code isn't on the corporate server so if I'm on their damn proxy I can't access my work, if I'm not I can't access company stuff that I need -
Can somebody give working example how to solve
Access to XMLHttpRequest at 'localhost:8000/index.php/api/companies/1/logo' from origin 'http://localhost:8080' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https.
this error is talked so much but no working solution I can find. Maybe it is somewhere but cannot find so far in the internet trash.
Nginx server.
Not by installing chrome plugin, because other people would also need to install it. Thats not a solution.20 -
Help
how to stop a Android phone from changing IPs
hey guys
Don't know why, sometimes my Android server changes IPs (without restart), that fucks the exit of services....
Like, don't know why, http always works even when IP changes
but WebDav stops working.... I mean, I can use inside the network but I want to access it from the outside.
Thanks8 -
In my first job another junior dev and I (junior at the time) were assigned the task of designing and implementing a user management and propagation system for a biometric access control system. None of the seniors at the time wanted to be involved because hardware interfacing in the main software was seen as a general shit show because of legacy reasons. We spent weeks designing the system, arguing, walking out in anger, then coming back and going through it again.
After all that, we thought we would end up using each other, but we actually became really good friends for the rest of my time there. The final system was so robust that support never heard back from the client about it until around 2 years later when a power outage took down the server and blew the PSU.
Good times. -
Any tips to speed up wordpress site. I have googled and tried as many solutions I can except adding cdn. I have minified images, html, css and js. I have used caching on the server with litespeed cache. There are not many plugins on the site.
The plugins installed are elementor, litespeed, orbit fox, wp-optimize, updraft plus and wpforms lite. The site takes around 4 to 5 seconds to fully load. I am doing this for a releative(don't worry he is sane and I am doing pretty simple stuff for him which is simply not worth charging). I cannot use cloudflare cdn since they need nameserver access and the hosting service used is hostinger which have put a lot of dns records which I don't understand and don't wanna mess with unless it is the last option.12 -
Im going to shove their soapy WordPress plugin up their ass sideways.
Just had to reverse engineer a WordPress plugin communicating with a SOAP API.
Why? Because the stupid fucking retard company thinks "we do not support custom integrations at this time, only plugins for certain CMS and some external providers" IS IN ANY WAY AN OK THING? IT IS NOT.
And i am feeling ashamed for having purchased a WordPress plugin (100 bucks) just for reversing it. My server even has to Report to them as wordpress to get access.
So fucking typical for swiss companies
Edit: also, they state they DO support custom integrations on their main website :/ -
Windows why do I need to explicitly tell you in a firewall rule to allow port 80 to allow someone in the same NAT as me which is set to a private network to access the web server?4
-
can anyone tell me where I can find sample server log data? I need access log and error log for Nginx, Lighttpd, Apache Tomcat, Caddy, Hiawatha and NodeJS. Do you know any website for this?5
-
I may need some ideas for a personal project in mind:
I plan to have a server that shall connect to a usb stick/device, the usb is plugged to a TV. The usb device can create its own local wifi network which provides CRUD on media files via REST. My own server should be accessible via the internet, but at the same time connect to the local usb wifi, once the usb wifi is available, and then send requests to it. Kind of a user-friendly bridge.
There's a PC near the device, almost always turned on. It's used by family members as regular office machine and could run a local server. What if as remotely accessible server? Then what about DOS attacks? (Would that "kill" the PC?)
An alternative would be a separate server. A raspberry pi? A dedicated server?1 -
Question about linux iptables. I am currently blocking all access and whitelisting only when my users launch my software. When software is launched a socket client is also launched, it connects to socket server, identifies itself with a password and disconnects. If given password by socket client is correct, then socket server whitelists the users IP by executing the following command: " iptables -I INPUT -s userIP -j ACCEPT".
My problem is that now I have lots of duplicates of IP's whitelisted and as far as I've heard I should not go over 25k iptable rules.
So my question is how to check if ip is already whitelisted, in order to avoid duplicate iptable rules for for same IP?
Obvious solution would be to store whitelist somewhere (mysql/txt) and double check before whitelisting ip, but maybe there is an easier way to do this?4 -
I need to download an installer from my Visual Studio Subscription, and I find out the hard way our subscription manager reassigned my subscription to someone else. Now I lost access to my licenses.
And the subscription manager doesn't reply to his emails.
I guess that SQL Server setup can wait.