Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "getting hacked"
-
Dear self proclaimed wordpress 'developers/programmers', kindly go fuck yourself.
I'm not talking about wordpress devs/designers who don't claim to have a better skillset than they have and are actually willing to learn, those are very much fine.
I'm talking about those wordpress people who claim that they're developers, programmers or whatever kind of bullshit which they're obviously not.
"A client's site crashed, you have to fix it!!!!!" sorry, come again? It's YOUR client's site. It's hosted on our hosting platform meaning that WE are responsible for KEEPING THE SERVERS UP AND FUNCTIONING.
You call yourself a wordpress 'developer' with 'programming experience' for 10 years but the second one of your shitty sites crashes, you come to us because 'it's your responsibility!!!'.
No, it's not. Next to that fact, the fact that you have to ask US why the site is crashing while you could easily login to your control panel, go to the fucking error logs and see that one of your facebook plugins crashes with a quite English error message, shows me that you definitely don't have 10 years of programming experience. And if you can't find that fucking article which tells you exactly where the motherfucking error logs are, don't come crying to us asking to fix your own fucking bullshit.
"My clients site got hacked, you have to clean it up and get it online again ASAP!!!!" - Nah, sorry, not my responsibility. The fact that you explicitly put your wordpress installation on 'no automatic updates' also doesn't help with my urge to fucking end you right now.
Add to that that we have some quite clear articles on wordpress security which you appearantly found too difficult (really? basic shit like 'set a strong fucking password' is too difficult for you?), you're on your own.
"I'm getting an error, please explain what's going wrong as soon as you can! this is a prio 1!!!!" - Nope. You were a wordpress dev/programmer right? Please act like one.
I'm not your personal wordpress agent.
I'm not your personal hacked wordpress site cleanup guy.
I'm not even a fucking wordpress professional. No, I'd rather jump off a bridge than develop wordpress bullshit for a living.
That you chose to do this, not a problem. Just don't rely on me for fixing your shit.
I'm sick of cleaning up your bullshit.
I'm done with answering your high prio tickets about bullshit which any dev could find out with just a few minutes of searching.
Oh your wordpress site isn't showing up so high in google? Yeah sure, shoot a ticket at us blaming us for your own SEO mess. I'm a fucking sysadmin, not a SEO expert.
I'm fucking done with you.
Go die in a fucking corner.18 -
TL;DR: I “hacked” my thermostat.
I’m stuck with an annoying roommate in college dorms who apparently always keeps the FUCKING thermostat at 80F. LIKE WHAT THE ACTUAL FUCK IS WRONG WITH HIM. Every time I change it to like 73F, he changes it back to 80F Heat.
Getting tired of his shit for over a semester, I decided to do something about it. I looked up the thermostat made by HoneyWell and downloaded the product manual of it. Turns out, they have a system override ability to remove the heating mode and change the maximum and minimum values of temperature.
BOOM! I removed the heating mode and changed the minimum value to 70 and max to 74.
It’s 2AM here and I can finally go to sleep without sweating my balls off. I’ll keep you guys updated on his reaction hahahaha.27 -
Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P39 -
Tonight I was getting ready to pay my monthly apartment maintenance bill so I Googled my property management company's name because I always forget the url. It's always the first result, but I noticed Google placed a little "This site may be hacked." line of text on their listing.
Seeing that before and knowing what it means, I went into the source for their index page, and to my suspicion, their WordPress installation was hacked with the standard invisible spam links.
I realize this happens to a lot of WordPress blogs, but this is an NYC property management company that is responsible for a lot of buildings and has millions of dollars in contracts. Normally I would inform them, but having dealt with them in the past I don't like them very much, but more importantly, I don't think they'd understand what I was saying because they are so technically inept. They might even think that because I found this, that I had something to do with it.
So devRant, it is up to you. What should I do?22 -
I recently joined the dark side - an agile consulting company (why and how is a long story). The first client I was assigned to was an international bank. The client wanted a web portal, that was at its core, just a massive web form for their users to perform data entry.
My company pitched and won the project even though they didn't have a single developer on their bench. The entire project team (including myself) was fast tracked through interviews and hired very rapidly so that they could staff the project (a fact I found out months later).
Although I had ~8 years of systems programming experience, my entire web development experience amounted to 12 weeks (a part time web dev course) just before I got hired.
I introduce to you, my team ...
Scrum Master. 12 years experience on paper.
Rote memorised the agile manifesto and scrum textbooks. He constantly went “We should do X instead of (practical thing) Y, because X is the agile way.” Easily pressured by the client to include ridiculous (real time chat in a form filling webpage), and sometimes near impossible features (undo at the keystroke level). He would just nag at the devs until someone mumbled ‘yes' just so that he would stfu and go away.
UX Designer. 3 years experience on paper ... as business analyst.
Zero professional experience in UX. Can’t use design tools like AI / photoshop. All he has is 10 weeks of UX bootcamp and a massive chip on his shoulder. The client wanted a web form, he designed a monstrosity that included several custom components that just HAD to be put in, because UX. When we asked for clarification the reply was a usually condescending “you guys don’t understand UX, just do <insert unhandled edge case>, this is intended."
Developer - PHD in his first job.
Invents programming puzzles to solve where there are none. The user story asked for a upload file button. He implemented a queue system that made use of custom metadata to detect file extensions, file size, and other attributes, so that he could determine which file to synchronously upload first.
Developer - Bootlicker. 5 years experience on paper.
He tried to ingratiate himself with the management from day 1. He also writes code I would fire interns and fail students for. His very first PR corrupted the database. The most recent one didn’t even compile.
Developer - Millennial fratboy with a business degree. 8 years experience on paper.
His entire knowledge of programming amounted to a single data structures class he took on Coursera. Claims that’s all he needs. His PRs was a single 4000+ line files, of which 3500+ failed the linter, had numerous bugs / console warnings / compile warnings, and implemented 60% of functionality requested in the user story. Also forget about getting his attention whenever one of the pretty secretaries walked by. He would leap out of his seat and waltz off to flirt.
Developer - Brooding loner. 6 years experience on paper.
His code works. It runs, in exponential time. Simply ignores you when you attempt to ask.
Developer - Agile fullstack developer extraordinaire. 8 years experience on paper.
Insists on doing the absolute minimum required in the user story, because more would be a waste. Does not believe in thinking ahead for edge conditions because it isn’t in the story. Every single PR is a hack around existing code. Sometimes he hacks a hack that was initially hacked by him. No one understands the components he maintains.
Developer - Team lead. 10 years of programming experience on paper.
Writes spaghetti code with if/else blocks nested 6 levels deep. When asked "how does this work ?”, the answer “I don’t know the details, but hey it works!”. Assigned as the team lead as he had the most experience on paper. Tries organise technical discussions during which he speaks absolute gibberish that either make no sense, or are complete misunderstandings of how our system actually works.
The last 2 guys are actually highly regarded by my company and are several pay grades above me. The rest were hired because my company was desperate to staff the project.
There are a 3 more guys I didn’t mention. The 4 of us literally carried the project. The codebase is ugly as hell because the others merge in each others crap. We have no unit tests, and It’s near impossible to start because of the quality of the code. But this junk works, and was deployed to production. Today is it actually hailed as a success story.
All these 3 guys have quit. 2 of them quit without a job. 1 found a new and better gig.
I’m still here because I need the money. There’s a tsunami of trash code waiting to fail in production, and I’m the only one left holding the fort.
Why am I surrounded by morons?
Why are these retards paid more than me?
Why are they so proud when all they produce is trash?
How on earth are they still hired?
And yeah, FML.8 -
Waking up, feeling like I have a cold I sit down at my computer and see that my biggest client has asked for a minor change. I haven't had my coffee yet, but I can do what they're asking for in a minute. The site is *gone*. Just a permissions error. Have they been hacked?! Why hasn't the client called me?! The files are there and no changes have been made. It doesn't come up on any browser. 10 panicked minutes later I check it on my phone. It comes up. Wait a minute ... While editing /etc/hosts yesterday I'd accidentally uncommented a line for this site that I'd foolishly left in there. One character later my false alarm is solved. I'm getting my damned coffee now.1
-
Was watching a Chinese movie and there's a scene where someone is getting hacked, and this is the fucking code that they are show as the "hacking code". How hard would it have been to find something more legitimate than this?
If I hadn't had a few $0.69 hamburgers from McDonald's today, I would be more upset.14 -
> 3 hour long mandatory online cybersecurity training
> Preaches that the company is very secure and the only risk of being “hacked” is if employees post company data on social media
> oksure.tar.gz
> Bored out of my mine
> Open dev console
> JSON continually getting sent to backend
> Simple structure and human readable fields including {complete: false}
> Open postman
> {complete: true}
> Send
> 200 response
> Refresh page
> Course complete
> :’ )
Muppets.4 -
I worked at a startup. They wanted to "save" money. So they hired a relative of "Fred" named "Bubba". Bubba made a custom website. Like hand built gifs and who knows how hand crafted html. It was fine for a time. Then somebody was wondering why nobody was calling us at the company. No customers. Another relative named "George" (who was actually a business major) looked at the website. It had been hacked and replaced with Jedis fighting Sith Lords. Me and another engineer named "Zeus" said "fuck this shit" and said "we are redoing this shit".
So I logged into godaddy (I know, shitty) and installed Wordpress (kinda shitty). I proceeded to turn wordpress into a half decent page. Wiped out the shit that was there, reused images as it made sense. Created more images. Reduced images to 80% quality to take loading size from 10MB to <1MB. Then I also proceeded to do SEO work and get the website listed properly within about a month. Customers started calling all the time. I had a simple contact form that barely gets any shit on it due to captcha. The was 5 years ago. I left 3 years ago (still help them on weekends) and nobody has done shit with the website. They are still getting calls and it hasn't been hacked.
We don't talk to Bubba. He didn't know what the fuck he was doing. I wonder if he still does websites for his relatives. I honestly had no clue what I was doing, but my take on the approach was easier to maintain and even George and Zeus and the new manager "Ralph" can maintain it, kinda. Went from shitty static website to full on dynamic and interactive. Yeah, I know, "dynamic". But the manager was happy.
Sometimes you just do what you gotta do in addition to doing all the electrical and software engineering for a company.6 -
Sometimes I think back to all the funny shit that happened and how simple stuff fucks everyone
- tired Database engineer deleting (not dropping, literally rm -rf) the database files on the wrong server
- Microsoft delivering viruses through updates
- Pissed and stubborn dev deleting his one line library repo which does something like removing a char left side of string fucking an unmeasurable amount of other projects
- Adobe getting hacked and exposed for storing passwords in plain texts
- a doubled line causing a bug called heartbleed in a fuckton of webservers
- a Tutorial Company getting kicked from github because their repo got so big github staff had to maintain the repo manually
- and an old one: bad code crashed a space shuttle16 -
Building a business can hamper one's development urges!
I have been building stuff since 2008. Took my first job in 2012, won a hackathon at Yahoo right after that. Got an amazing team to work with! Our team converted the hacked product into a proper product using Django and AngularJS. Those were the fun days. At that time AngularJS had just come out and I was under the dilemma to use Angular, Ember or backbone. But with all this came the responsibility to build a business out of our product. It didn't happen eventually though.
So I moved on to cure my entrepreneural itch and went on to start up an e-commerce startup along with my day job. It started getting good traction and I finally left my day job to focus completely on it. It's a sticker marketplace and I had to focus a lot on the actual physical product, improve the quality, tackle business development and stuff etc. In all this, my habit of creating stuff with code kind of got the back seat. Everyday, I see such exciting technologies come up and I want to try them out. I have been itching to create a native app using react native. Try to build a skill for Amazon Alexa.
On one side I am happy that I have been able to build a brand and become the largest sticker marketplace in India providing super awesome reusable stickers, but on the other hand, managing the business on a daily basis is killing the developer in me :(
Does anyone else building a business which involves a physical product also face a similar problem? I think I should just take up weekend hackathon type problems and try to solve them using the technologies I want to learn. Example, I have been meaning to build an app for our company. I think I will start with that!
I have been following devRant for quite sometime now and it has been awesome. Finally, signed up and ranted today! 😊😊5 -
So this happened last week.
Last week I went as a volunteer to give an introduction class basic programming to some guys and gals who are going to attend computer science soon next year.
The class lasted one week and we had done some basic algorithms and programming in Python.
Besides that we also did some very basic websites (html, css and javascript).
Obviously all those people were very enthusiastic.
Some were a little bit too enthusiastic...
There were these 2 guys who were best friends. They already knew everything apparently. Even though they just finished high school they had been programming for over 10 years, had already made countless of websites, applications, 'hacked Windows', RATs and some amazing games.
So there were some people there who never had programmed before. I started giving the lecture and warned people who already knew some basics of programming the first day might be a quite boring but I could not simply skip it obviously.
Those 2 dickheads acted like the biggest childs ever, started screaming in class, making sure everyone knew they were bored, and were constantly complaining to me that they know what print, for, while and strings were. I stayed calm and tried to explain them again I simply couldn't skip parts of the lecture for them.
Every hour and every day it started getting worse and worse with them. Not only but the whole class were furiously mad at them. Some other students even started screaming at them. They screamed back insulting everyone they even didn't what php was and stupid stuff like that.
At some point they interrupted me AGAIN and asked me how long I programmed. I told him little them over 5 years or something. They started laughing at me. Those 2 dickheads looked at me like they were so much better than me because they programmed over 10 years.
At some point, almost the last day, I had enough of their bullshit, interruption, screaming, insulting other students who asked questions, ... I said you know what, you give the lecture!
They refused because they felt too good for all these other 'noobs' (the other students). They would never become good and blah blah more bullshit.
I said alright, we're doing websites, you've made some websites, show me your most impressive website.
He was happy and felt honered.
He sent me the whole folder and I showed his website on code on the big screen in the room.
Then I said: "Everyone, pay close attention to this!"
That dickhead smiled and felt good
Me: "This is how NOT to make a website"
I started explaining to everyone all things that were complete shit and all things that were straight up sins.
That one friend of the dickhead stayed quiet. The other dickhead became as red as a tomato. At some points you even saw tears in his eyes. At some point he insulted me I was a scriptie and simply left.
The class started clapping.
One of the weirdest but also best moments of my life
Moral: Don't act like a complete bigheaded dickhead, don't feel better than everyone and show some respect
Thank you for reading
Have a nice day!3 -
I literally just had a conversation with my coworker who is not a dev where he said that WordPress sites getting hacked is a myth. He also thinks shared hosting sites getting hacked is also a myth......I literally can't right now.4
-
Interesting: how to hack websites right upon installation. Basically, monitoring issued TLS certificates and trying to access e.g. WordPress installations before the user was able to configure a password.
That relies on a sloppy deployment process, of course - like making a live installation that is online immediately.
Source: https://portswigger.net/daily-swig/...10 -
!dev
This boring story with stupid ending started on Monday with me going out to buy some food and cook something delicious, day like always until my mind went nuts.
I work from home and cook my meals by myself cause I love cooking.
To buy ingredients I go shopping couple times a week always making the same steps, doing this for over a year now and by this time everything was automatic so I could think about work problems and solutions.
I start usually by getting up from my desk around noon, not many people doing shopping at that time and I can proceed quick.
Algorithm is like this: go to kitchen and look at the fridge, go out, wait for traffic lights, take tram, ride two stops, wait for the traffic lights again, go to supermarket, do shopping and finally go back the same way. Boooring.
When I get out from tram that day l looked at traffic lights to go green, as always and that’s the place where everything started to go bad.
So I was waiting there doing nothing and then stupid idea got me.
I figured out I can stop looking at light to make this day different and look ahead.
Then simply start walking when people from other side start walking.
It worked smoothly on those lights and I was happy I can do things differently from now on. I proceed with this idea on the way back and motherfuckers started walking on red. Twice !!!!
Almost died.
Since then three times some car was driving on green near me in those places and people started walking on red.
It got me worried about world determinism instantly. I might increased some entropy to much and some world developer changed some line of code while I was shopping and from that time death is passing by me.
Now it got me to the point where the more I follow this way the more I am worried about my life. Started thinking about ordering ingredients online.
So if you read this you know that I know your plan and I will be changing supermarkets and paths to it randomly starting from next week.
Or not I hope nobody hacked my mind and only thing that read and write to it is my consciousness.
I feel relief now.2 -
1. It's gonna be more and more specialized - to the point where we'll equal or even outdo the medical profession. Even today, you can put 100 techs/devs into a room and not find two doing the same job - that number will rise with the advent of even more new fields, languages and frameworks.
2. As most end users enjoy ignoring all security instructions, software and hardware will be locked down. This will be the disadvantage of developers, makers and hackers equally. The importance of social engineering means the platform development will focus on protecting the users from themselves, locking out legitimate tinkerers in the process.
3. With the EU getting into the backdoor game with eTLS (only 20 years after everyone else realized it's shit), informational security will reach an all-time low as criminals exploit the vulnerabilities that the standard will certainly have.
4. While good old-fashioned police work still applies to the internet, people will accept more and more mass surveillance as the voices of reason will be silenced. Devs will probably hear more and more about implementing these or joining the resistance.
5. We'll see major leaks, both as a consequence of mass-surveillance (done incompetently and thus, insecurely) and as activist retaliation.
6. As the political correctness morons continue invading our communities and projects, productivity will drop. A small group of more assertive devs will form - not pretty or presentable, but they - we - get shit done for the rest.
7. With IT becoming more and more public, pseudo-knowledge, FUD and sales bullshit will take over and, much like we're already seeing it in the financial sector, drown out any attempt of useful education. There will be a new silver-bullet, it will be useless. Like the rest. Stick to brass (as in IDS/IPS, Firewall, AV, Education), less expensive and more effective.
8. With the internet becoming a part of the real life without most people realizing it and/or acting accordingly, security issues will have more financial damages and potentially lethal consequences. We've already seen insulin pumps being hacked remotely and pacemakers' firmware being replaced without proper authentication. This will reach other areas.
9. After marijuana is legalized, dev productivity will either plummet or skyrocket. Or be entirely unaffected. Who cares, I'll roll the next one.
10. There will be new JS frameworks. The world will turn, it will rain.1 -
TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.
Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.
Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁
Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎
HOW CAN YOU NOT LEARN FROM FAILS??2 -
It was more of "Hate story" with a guy whose mere presence would irritate me very much. He was also close to the girl I liked a bit (not very huge crush or something).
So he was very active on two of his social networks one being fb and second directly connected to fb so basically getting hold of fb would mean that I could control his other one too.
It was Oct 2016 and that time you could easily hack an account using social hacking (not asking OTP out something mere details did it for few accounts).
I hacked his account and wrote curse words and all. As I had already changed the email and password, he couldn't till date retrieve it.
However as he reported to fb, his account was held and I could no longer access it but till then everything was over.
I couldn't still spot him on FB or the other social network.
And this was one of the most evil act I have performed in my life.1 -
Somebody is onto me.
This week, I received a suspicious email claiming to reset my apple account password.
And just now, I received another mail from Facebook about unsuccessful login attempt.
I use this email only for serious stuff. Looks like one of them is a mole.2 -
Early on in my freelancing career I learned something important. Even with seemingly tame nerdy stuff, sh*t can get real, real quick. This story describes the very start of my career in web development and hopefully will serve as a warning to newbies out there.
A young teen, I had just learned some basics of wordpress, I was confident I could hack together something that worked and looked okay with minimal effort and knowledge. One day I was approached by a guy who wanted a job board board site. Knowing there were already clones out there I figured this would be an easy gig, man was I wrong.
In addition to the fact I didn't know about contracts or the scope creep from hell, I had somehow gotten myself involved with a criminal business front.
These guys operated a scam business to rip off investors. Me and my designer buddy were used to make the business look legit. What they would do is hold job fairs where people are supposed to pay to rent a booth, but instead they would give everyone a booth for free and then lie about what all businesses were coming. They would then show this info, along with the website and marketing materials to investors. They would take the money from the investors and launder it for drugs.
The real story starts the day of one of the worst hangovers I had ever had. I was at a random friends house sleeping for most of the day.
Apparently one of the guys who was operating the scam business was about to strike a deal with one of the investors when something on the website didn't work (it was working as designed). This guy, Manny we'll call him, had been blowing up my phone all morning. I check my voicemails and there are threats on my life; saying I will be sleeping with the fishes, or if they ever find me, they'll fuck me up. Needless to say this really freaked me out, either way I decided to head back to my dorm.
When I come back home, my designer buddy tells me that some guys were in the house looking for stuff. Apparently this guy hired two nerds to "break into my computer and steal the website", fortunately they didn't know what they were doing.
After a while I got another call, Manny wanted to sit down and "talk things out". Being naive I accepted and we met up. The two nerds were there with one of his body guards. He said he wanted to have those two nerds take over the project. While this was going on, his bodyguard flashed his gun at me several times making eye contact. I agreed to, but I still wanted to get paid. I asked about getting paid and he said we never signed a contract and that he owned the host and domain. I was pretty much screwed.
This is where the story should end, but I wasn't a very smart guy back then. I gave up the site but I created a back door into it. Every week or so, they would get "hacked". Because the two nerds didn't know what to do, they ended up coming back to me for help. This is when I finally got paid. Totally not worth it. -
Had to change my password on my bitbucket cause a former employer was adding ssh keys.
Sorry pal, email notifications are rats -
Just came home to cook supper at 11am again before I go back to the office to pull an all nighter to implement last minute changes thanks to a hosting provider in south africa getting hacked last Friday.
I love being a dev but this is one of those moments I really think to myself "your the moron that chose to do this for your career you twit" 😑6 -
I'm just fed up with the industry. There are so much stupidity and so much arrogance.
My professional experience comes mainly from the frontend and I feel like it's not as bad on the backend but I'm still convinced it's not really different:
I'm now about to start my 3rd job. It's always the same. The frontend codebase is complete shit. It's not because some juniors messed up not at all. It's always some highly paid self-proclaimed full-stack developer that didn't really care somehow hacked together most of the codebase.
That person got a rediculous salary considering the actual skill and effort that went into the code, at some point things became difficult, issues started to occur and that person left. If I search for that person I find next to the worst code via gitlens on Linkedin it's somebody that has changed companies at least two times after leaving and works now for a lot of money as tech-lead at some company.
There's never any tests. At the same time the company takes pride in having decent test coverage on the backend. In the end this only results in pushing a lot of business logic to the frontend because it would just take way to long to implement it on the backend.
Most of the time I'm getting told on my first day that the code quality is really high or some bullshit.
It's always a redux app written by people, that just connect everything to the store and never tried to reflect about their use of redux.
Usually it's people, that never even considered or tried not using redux, even if it's just to learn and experiment.
At the same time you could have the most awesome projects on github but people look at your CV, sum up the years and if you invested a lot of time, worked way harder to be better than other developers with the same amount of experience, it's totally irrelevant.
At the same time all companies are just the worst crybabies about not being able to find enough developers.
HR and recruiters are generally happy to invite somebody for an interview, even if that person does not have any code available to the public, as long as that person somehow was in some way employed in the industry for a couple of years. At the same time they wouldn't even notice if you're core contributor for some major open-source product if you do not have the necessary number of years in the industry.
I'm just fed up.
By the way, I got my first real job about two years ago. Now I'm about to start my third position because my last job died because of the corona crisis. I didn't complain for some time because I didn't want to look like I'm just complaining about my own situation. With every new job I made more money, now I'm starting for the first time at a position that is labeled "lead" in the contract.
So I did okay. But I know that lots of talented people that worked hard gave up at some point and even those that made it had to deal with way too much rejection.
At the same time there are so many "senior" people in the industry, that don't care, don't even try to get better, that get a lot of money for nothing.
It's ridiculously hard to get a food in the door if you don't have any experience.
But that's not because juniors are actually useless. It's because the code written by many seniors is so low quality, that you need multiple years of experience just to deal with all the traps.
Furthermore those seniors are so busy trying to put out the fires they are responsible for to actually put time into mentoring juniors.
It's just so fucked up.3 -
Getting Back Lost, Hacked or Stolen Crypto - Go to OMEGA CRYPTO RECOVERY SPECIALIST / HACKER
I lost my crypto to an online investment scam, After a successful recovery procedure, OMEGA CRYPTO RECOVERY SPECIALIST was able to retrieve my $125,000 worth of lost cryptocurrency. After my recuperation, I experienced an amazing sense of relief and appreciation. OMEGA CRYPTO RECOVERY SPECIALIST's professionalism and knowledge really impressed me, and I would heartily suggest them to anyone who has been duped by cryptocurrency frauds. But I also want to caution others about investing in cryptocurrencies and advise them to conduct due diligence before making any decisions. Because the cryptocurrency market is still mostly uncontrolled.
Visit; (omegarecoveryspecialist. co m
(Mail; omegaCryptos @ consultant. co m
WhatsAp; +1 (701, 660 (04 759 -
Not really a story about getting hacked, more like a story about my stupidity lol.
I had a friend whom at the time was taking a Computer Science course. And I had the basic daily-use computer knowledge, aka almost none. I was also very naive.
We were playing Maple Story and suddenly everytime I wrote something in the chat a 0 would appear in between some letters. I honestly thought he was messing around with my computer because earlier he had sent me a file through MSN.
So I told him several times to stop and he insisted that he wasn't doing anything.
A few minutes later, when I was finally able to stop laughing, I looked down to the keyboard and realized that the 0 key was stuck... I began laughing even harder. -
Today one of the user complained me that my account has been hacked and someone is using it. I asked how can you say that then he replied "Whenever I hit enter after typing the password, its getting extended !"
I was like - "Please kill me!"2 -
Anyone Know what the 'fixer for java' chrome extension does. How bad is it?
My boss had an extension called 'fixer for java' on her chrome browser. Now to me that sounds sketchy so I'm trying to find it online to see if the description or website can alleviate my worries about the boss getting hacked but I can't, does anyone know what the hell it is for, She's out of the office tomorrow so I'm gonna run all the virus scans but if i can get some information sooner that would be great.
thank you for your time.7 -
I am so fucking done with Webstekker. This is one bad fucked up webhosting company in The Netherlands. In the past we had so many issues: managed hosting websites getting hacked (you can brute force.ftp etc they don't monitor anything), not restoring db views after they migrate a db server, week down time because they fucked something up etc. Last 2 years were ok but today I discovered that one of my money making adsense websites is running on a cms database from another website!! What the fuck?!! I haven't touched that site for at least 2 years and it was running fine.
No Webstekker I don't want to check all of ny websites every day to see if everything works properly. I want to trust you to do a proper managed hosting job. But you retards have proven to be incapable over and over again.
That said, anyone here can recommend a good, solid, trustable Dutch webhosting company for asp.net hosting on Windows?
I do run other sites on VPS but that is much more work for me and don't want to manage all (small) websites myself but unstead rely on a solid company with competent people to do that for me. -
9 Ways to Improve Your Website in 2020
Online customers are very picky these days. Plenty of quality sites and services tend to spoil them. Without leaving their homes, they can carefully probe your company and only then decide whether to deal with you or not. The first thing customers will look at is your website, so everything should be ideal there.
Not everyone succeeds in doing things perfectly well from the first try. For websites, this fact is particularly true. Besides, it is never too late to improve something and make it even better.
In this article, you will find the best recommendations on how to get a great website and win the hearts of online visitors.
Take care of security
It is unacceptable if customers who are looking for information or a product on your site find themselves infected with malware. Take measures to protect your site and visitors from new viruses, data breaches, and spam.
Take care of the SSL certificate. It should be monitored and updated if necessary.
Be sure to install all security updates for your CMS. A lot of sites get hacked through vulnerable plugins. Try to reduce their number and update regularly too.
Ride it quick
Webpage loading speed is what the visitor will notice right from the start. The war for milliseconds just begins. Speeding up a site is not so difficult. The first thing you can do is apply the old proven image compression. If that is not enough, work on caching or simplify your JavaScript and CSS code. Using CDN is another good advice.
Choose a quality hosting provider
In many respects, both the security and the speed of the website depend on your hosting provider. Do not get lost selecting the hosting provider. Other users share their experience with different providers on numerous discussion boards.
Content is king
Content is everything for the site. Content is blood, heart, brain, and soul of the website and it should be useful, interesting and concise. Selling texts are good, but do not chase only the number of clicks. An interesting article or useful instruction will increase customer loyalty, even if such content does not call to action.
Communication
Broadcasting should not be one-way. Make a convenient feedback form where your visitors do not have to fill out a million fields before sending a message. Do not forget about the phone, and what is even better, add online chat with a chatbot and\or live support reps.
Refrain from unpleasant surprises
Please mind, self-starting videos, especially with sound may irritate a lot of visitors and increase the bounce rate. The same is true about popups and sliders.
Next, do not be afraid of white space. Often site owners are literally obsessed with the desire to fill all the free space on the page with menus, banners and other stuff. Experiments with colors and fonts are rarely justified. Successful designs are usually brilliantly simple: white background + black text.
Mobile first
With such a dynamic pace of life, it is important to always keep up with trends, and the future belongs to mobile devices. We have already passed that line and mobile devices generate more traffic than desktop computers. This tendency will only increase, so adapt the layout and mind the mobile first and progressive advancement concepts.
Site navigation
Your visitors should be your priority. Use human-oriented terms and concepts to build navigation instead of search engine oriented phrases.
Do not let your visitors get stuck on your site. Always provide access to other pages, but be sure to mention which particular page will be opened so that the visitor understands exactly where and why he goes.
Technical audit
The site can be compared to a house - you always need to monitor the performance of all systems, and there is always a need to fix or improve something. Therefore, a technical audit of any project should be carried out regularly. It is always better if you are the first to notice the problem, and not your visitors or search engines.
As part of the audit, an analysis is carried out on such items as:
● Checking robots.txt / sitemap.xml files
● Checking duplicates and technical pages
● Checking the use of canonical URLs
● Monitoring 404 error page and redirects
There are many tools that help you monitor your website performance and run regular audits.
Conclusion
I hope these tips will help your site become even better. If you have questions or want to share useful lifehacks, feel free to comment below.
Resources:
https://networkworld.com/article/...
https://webopedia.com/TERM/C/...
https://searchenginewatch.com/2019/...
https://macsecurity.net/view/...