Happened a while ago but I still find it funny.

*phone rings*
Me: good morning sir, how can I help you?
Client: MY WEBSITE IS OFFLINE, FIX IT RIGHT NOW.
M: I'm going to take a look, what's the domain?
C: *gives domain*
M: I see, that domain expired already, it was cancelled through our customer portal by the client, you maybe or someone you know?
C: WHAT?! MY INTERNATIONAL BUSINESS DEPENDS ON THAT DOMAIN, I'D NEVER CANCEL IT, THIS IS BULLSHIT! I'F THE SITE GOES OFFLINE FOR A MONTH I'LL FUCKING GO BANKRUPT, YOU'RE GOING TO FIX THIS RIGHT NOW.
M: if I may ask, how is your business doing right now?
C: HOW IS THAT QUESTION RELEVANT RIGHT NOW?!
M: well, you said that if the site would go offline for a month, you'd go bankrupt. The domain registration ended about half a year ago so that's why I aske......

*beeeeep beeeeep beeeeep*

Well, okay then.

Happened a few weeks ago but still awesome.

Me and a good friend have a website together but we don't monitor it too much.
He studied with me in the same class but went towards frontend/apps where I chose backend/servers/security. He knows how to do basic Linux stuff but that's about it.

We were at a party when he noticed that our site was offline. Walked over to me (because I manage the server) to notify me so I could look into it said I'd look into it (phone):
*visits site: nothing*
*online dig tool: got the server ip*
*remembered this one didn't have pubkey authentication - after three passwords attempts I'm in*

"service apache2 status"
*service doesn't exist*
*right, migrated this one from Apache to nginx....*
"history"
*ah, an nginx restart probably suffices...*
"service nginx restart"

BAM, site is reachable again.

*god damnit, lets encrypt cert expired...*
"history"
*sees command with certbot and our domain both in one*
"!892"
*20 seconds later: success message*
*service nginx reload*

BAM, site works securely again.

"Yo mate, check the site again"

Mate: 😶 w-w-what? *checks site and his watch* you started less than two minutes ago...?
Me: yeah..?
Mate: 😶 now this is why YOU manage our server and I don't 😐

His face was fucking gold. It wasn't that difficult for me (I do this daily) but to him, I was a God at that moment.

Awesome moment 😊

Friend's site, mail verification, nextcloud etc. all went down...
Checked all his servers, all his configs and what not... Just to realize the moron forgot to pay his bills (so his domain expired)...

TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

Microsoft Teams can burn.

Who the fuck thought it would be an excellent workflow, when you want to COLLABORATE IN TEAMS between users in different domains, that each sorry bastard needs to manually log in to a second Teams tenant and loose all the context from their main Teams tenant !?

On random occasions the fucking authentication token expires. I send messages to my team mate in another domain. Three days later I am pissed off because they don't answer. It turns out their authentication token has expired so when they are on their main tenant they don't get any notifications before they manually log in to our tenant as a guest. HOW FUCKING GREAT IS THAT AS A NOTIFICATION SYSTEM ??!

Would it be that fucking difficult to maintain a notification bar with all tenants and note with an exclamation mark or something REALLY FUCKING SIMPLE to hint about an expired token ? It's not like this is magic, Slack does it already.

FUCK !

I have this side project that I’ve been working on for the past 6 years part time but over the past 2 years just as a sysadmin to keep it running, it’s unpaid work but whatever, dropping in once a month or so doesn’t worry me.

Well the owner of the domain hasn’t been reachable for nearly 9 months and the domain expired a while back, not much I can do about that, so I pushed everything over to work at the IP level while I reach out and wait - that was 2 months ago while I waited for the owner to renew it or for the domain to fall.

Today the domain fell, so I jumped on to buy it back up only to find its already purchased... 😦

so I find the owner, it’s fucking parked on a shitty “buy me” page with a price tag of $4500 USD. Fuck these slimy hoarding domain parking bastards.

I know the site was on its last legs, low membership and traffic but I’ll be fucked if I’m paying that much to reacquire it.

Scared the shit out of me when I heard one of my volunteer side projects website was down. Because I just finished fixing my own hacked website today.

Turn out the server and website is fine but the domain was expired yesterday 😣

Don't fucking scare at me like that.

Tough week indeed.

Always love seeing massive companies fail in simple trivial things like these. Just tells me they don't have proper QA.

I was still a 2nd year college student back then. Someone approached me about a personal branding site, with quite a generous fee for a poor student like me.

I took the job. Surprisingly she paid me in advance. About a week later, when I wanted to clear up some requirements with her, she disappeared. Didn't read any of my messages. Didn't respond to my calls, let alone emails.

Some time later, I got busy with exams and college stuffs. Welp, I let go of the project, even erasing the github repo to make some room for new private repos on the way.

A year later (yes you read it right), she came back.

Messaged me on WhatsApp.

"Hey dude, how you doin? Sorry about last time, I needed some time to take care of stuffs.

So how's the website going?".

By that time, even the domain name I bought for her site had expired.

I didn't know what to say, so I just shut up.

"Remember that I paid you in advance. Either finish the site or give me my money back."

First off murphy is a bitch. Week started off good, nothing bad happening then friday night came and i get an email about a site being down. Ok check it out real quick, cert is expired. No real big deal just a 20 minute fix, didn't bother me that i didn't get an expiry alert. Now is where murphy decided to be the biggest fucking bucktoothed cocksucker, generate a csr for a wildcard domain using an existing key and sent it off when i get it back the private key doesn't match the cert. Again ok maybe i fucked up, generate a selfsigned cert no fucking problem. Contact support to see if they have an idea. Oh now is when it gets fun, the fucking dumbass preceded to tell me how i didn't know what i was doing and how i just had to generate a csr and private key at the same time after i explained to the bastard that I've already tested it with a selfsigned cert. (How does this fucker have a job) By now apparently i was pissed off enough to scare murphy's pansy ass away cause i told the fucker to refund my money, got a list of 30 subdomains and setup letsencrypt on it. Now the part on this that is fucking hilarious is that it took me damn near 24 hours to be called a fucking idiot from a guy that doesn't know his ass between a hole in the fucking ground and 30 minutes of being pissed off more than i have been since i took anger management classes in the 9th grade to say fuck it and switch.

For crying out loud, no, GoDaddy, you don't just shutdown expired domain without ANY warnings. No!!! Not cool!!!

Holy fuck I'm tired of domain.com... I bought my domain with them about a year ago, and quickly I discovered how shit they are.

I can almost never access the console, the default view most of the time loads, although even that is incredibly slow. When the console loads, all settings regarding my domain are just loading. Every once in a blue moon I can actually access the settings and do something.

I got tired of it, and started transferring the domain to Cloudflare. That's where I messed up, and didn't know I had to verify the transfer twice, so the domain ended up expiring during the transfer process. Now domain.com has my domain completely locked down, pointing it to one of those 'expired' nameservers.

So three days ago I thought fuck it, I'll pay domain.com to renew the domain, maybe that'll get the domain transferred, or at least get my domain open again, so I can receive emails again, because in all my nerdiness I decided to set up a custom email using 'name@customdomain.com'. So I haven't been able to receive any emails for two weeks now.

Anyway, three days later the status of the domain is still 'pending renewal', and I can't for the life of me figure out how something like this isn't completely automated, and the domain isn't just working again.

So just now I decided to contact their live chat, and even they can't change the nameservers on my domain, and I have to be transferred to a specialist, who will then contact me by mail within 24-48 hours. Fuck I hate domain.com, and I'll certainly never buy from them again

Currently having very funny project lead, who gives on the spot estimates for 9 years old very pathetic quality code having Android app in security domain. Memory leaks, bad practices, typos, CVEs etc. you name it we have it in our source of the app.

Since 5-6 sprints of our project, almost 50% of user stories were incomplete due to under estimations.

Basically everyone in management were almost sleeping since last 7-8 years about code quality & now suddenly when new Dev & QA team is here they wanted us to fix everything ASAP.

Most humourous thing is product owner is aware about importance of unit test cases, but don't want to allocate user stories for that at the time of sprint planning as code is almost freezed according to him for current release.

Actually, since last release he had done the same thing for each sprint, around 18 months were passed still he hadn't spared single day for unit testing.

Recently app crash issue was found in version upgrade scenario as QAs were much tired by testing hundreds of basic trivial test cases manually & server side testing too, so they can't do actual needful testing & which is tougher to automate for Dev.

Recently when team's old Macbook Pros got expired higher management has allocated Intel Mac minis by saying that few people of organization are misusing Macbooks. So for just few people everyone has to suffer now as there is no flexibility in frequent changing between WFH & WFO. 1 out of those Mac minis faced overheating & in repair since 6 months.

Out of 4 Devs & 3 QAs, all 3 QAs & 2 Devs had left gradually.

I think it's time to say goodbye 😔

TLDR
Apparently if you delete your google account as an only admin of a workplace by just clicking remove account on expired subscription screen when you are on document page you not only loose access to google workplace but also you can create new workplace google account using same domain and email immediately and it’s fresh google domain account without domain verification and with everything wiped off from your old account. So you don’t have access to anything but on the other side there is possibility to use gmail as spam hub if google fucked ip something in their dns verification and once verified and after that expired domain gets bought again it stays verified.

Well I luckily migrated my gmail to other provider 3 years ago and I lost nothing important there but lol.

You can easily lock out yourself from your domain.

I opened ticket using some questionnaire and by adding another dns txt record to my domain to claim access to workplace admin page and let’s see what they do.

If they ever respond to that ticket and how long it will take to get it resolved.

This is good test to see if google is still a people’s company or an evil corporation.

I was using workplace as long as it was free from days of google app engine and begging of cloud revolution. I remember at best times I could chat with google support employee about spam I got from domain registered on google servers and he was processing ticket for me.