I’m LOLing at the audacity of one of our vendors.

We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.

At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.

That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.

And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.

WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.

So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.

eleven billion, seven hundred twenty-three million, five hundred twelve thousand, three hundred sixty-eight hashes later and I still haven't found the vanity address I'm looking for 😴...

So I found about a possible freelance job I could do. I messaged the person and they asked me to show them some of my work. I went into my dusty wamp server folder to use one of my projects there as an example or w/e. It being old and all and me having not updated anything in the last 2 years, there was a lot of bugs I had to fix. So I did that. I had to change some links and whatnot. Then I tried running the site again and that was where I met the biggest hurdle. None of the user generated pages worked because I used a .htaccess file to vanity the website links (is that a word? No? Well it is now). So I went back into the folder to check the .htaccess file to see if I could fix the issue. Lo and behold the file was empty

I had lost the fucking .htaccess. Now I'm stuck and saying fuck it because I can't be arsed to go through each file and change the links mostly bc I forgot the structure of the links ontop of the other stuff I had in the htaccess file. And yeah ik I'm just being lazy but I'm really just having one of those days

So yeah that's how my day went. Just thought I'd share