Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

When I was still a noob programmer, I was working on a website for a big client. We had a demo coming up in big city. So we drove there several hours and went to their office. All the management board and shareholders and what not were there.

So we started the demo. Everything had worked perfect the night before. But on that day, we were right away greeted with some stupid PHP error right there on the first page. Had to fix it quickly so we could continue with the demo, so I logged into their production server with SSH and started fixing the code with vim. I was connected to the projector, so my horrid noob code with cringy joke comments was there for everyone in the room to see.

Eventually got it working, but I saw several people in the room facepalming hard. Can't ever forget the day. :D

reminds me teachers at my university

Everyone was a noob once. I am the first to tell that to everyone. But there are limits.

Where I work we got new colleagues, fresh from college, claims to have extensive knowledge about Ansible and knows his way around a Linux system.... Or so he claims.

I desperately need some automation reinforcements since the project requires a lot of work to be done.

I have given a half day training on how to develop, starting from ssh keys setup and local machine, the project directory layout, the components the designs, the scripts, everything...
I ask "Do you understand this?"
"Yes, I understand. " Was the reply.

I give a very simple task really. Just adapt get_url tasks in such a way that it accepts headers, of any kind.
It's literally a one line job.

A week passes by, today is "deadline".

Nothing works, guy confuses roles with playbooks, sets secrets in roles hardcodes, does not create inventory files for specifications, no playbooks, does everything on the testing machine itself, abuses SSH Keys from the Controller node.... It's a fucking ga-mess.

Clearly he does not understand at all what he is doing.

Today he comes "sorry but I cannot finish it"
"Why not?" I ask.
"I get this error" sends a fucking screenshot. I see the fucking disaster setup in one shot ...

"You totally have not done the things like I taught you. Where are your commits and what are.your branch names?"
"Euuuh I don't have any"
Saywhatnow.jpeg

I get frustrated, but nonetheless I re-explain everything from too to bottom! I actually give him a working example of what he should do!

Me: "Do you understand now?"
Colleague: "Yes, I do understand now?"
Me: "Are you sure you understand now?"
C: "yes I do"

Proceeds to do fucking shit all...

WHY FUCKING LIE ABOUT THE THINGS YOU DONT UNDERSTAND??? WHAT KIND OF COGNITIVE MALFUNCTION IA HAPPENING IN YOUR HEAD THAT EVEN GIVEN A WORKING EXAMPLE YOU CANT REPLICATE???
WHY APPLY FOR A FUCKING JOB AND LIE ABOUT YOUR COMPETENCES WHEN YOU DO T EVEN GET THE FUCKING BASICS!?!?

WHY WASTE MY FUCKING TIME?!?!?!

Told my "dear team leader" (see previous rants) that it's not okay to lie about that, we desperately need capable people and he does not seem to be one of them.

"Sorry about that NeatNerdPrime but be patient, he is still a junior"

YOU FUCKING HIRED THAT PERSON WITH FULL KNOWLEDGE ABOUT HAI RESUME AND ACCEPTED HIS WORDS AT FACE VALUE WITHOUT EVEN A PROPER TECHNICAL TEST. YOU PROMISED HE WAS CAPABLE AND HE IS FUCKING NOT, FUCK YOU AND YOUR PEOPLE MANAGEMENT SKILLS, YOU ALREADY FAIL AT THE START.

FUCK THIS. I WILL SLACK OFF TODAY BECAUSE WITHOUT ME THIS TEAM AND THIS PROJECT JUST CRUMBLES DOWN DUE TO SHEER INCOMPETENCE.

Got my first Linux magazine with real worth tips for noobs with advanced stuff (like mounting a web mail server using Nmap, create personalized distros ssh, terminology and stuff , you don't see that in most noob magazines).
First point... Comes with a CD with 4 distros (OK... I perfer to download the latest for my VMs) and 200 euros worth of.. Linux software?
And I ripped this beautiful cover before even reading it... Killing a wasp. So, worth the 10 euros even before opening it

TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.

The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...

So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.

After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...

I guess I learnt how to properly secure a server from this attack 💪

When company gave me a SSH I am a noob I have a filezilla what I do is delete all temp files and clear log files
Because the log file size goes 1gb After next day all are looking weird
Senior developer:wtf are you doing yesterday
Me: delete all the tmp files and log files 😂😂

Why is my the fingerprint for my public ssh-key seen not as a sha256-fingerprint?

Left: Windows
Right: Raspberry

I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.

With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.

The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.

1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?

If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)

I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.

Linux noob... just accidentally made myself (not root) owner on all files. seemed fine for a while, but I couldn't sudo or even ssh. had to rollback my server nearly a month to fix it 😭