Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "ip"
Worst hack/attack I had to deal with?
Worst, or funniest. A partnership with a Canadian company got turned upside down and our company decided to 'part ways' by simply not returning his phone calls/emails, etc. A big 'jerk move' IMO, but all I was responsible for was a web portal into our system (submitting orders, inventory, etc).
After the separation, I removed the login permissions, but the ex-partner system was set up to 'ping' our site for various updates and we were logging the failed login attempts, maybe 5 a day or so. Our network admin got tired of seeing that error in his logs and reached out to the VP (responsible for the 'break up') and requested he tell the partner their system is still trying to login and stop it. Couple of days later, we were getting random 300, 500, 1000 failed login attempts (causing automated emails to notify that there was a problem). The partner knew that we were likely getting alerted, and kept up the barage. When alerts get high enough, they are sent to the IT-VP, which gets a whole bunch of people involved.
VP-Marketing: "Why are you allowing them into our system?! Cut them off, NOW!"
Me: "I'm not letting them in, I'm stopping them, hence the login error."
VP-Marketing: "That jackass said he will keep trying to get into our system unless we pay him $10,000. Just turn those machines off!"
VP-IT : "We can't. They serve our other international partners."
<slams hand on table>
VP-Marketing: "I don't fucking believe this! How the fuck did you let this happen!?"
VP-IT: "Yes, you shouldn't have allowed the partner into our system to begin with. What are you going to do to fix this situation?"
Me: "Um, we've been testing for months already went live some time ago. I didn't know you defaulted on the contract until last week. 'Jake' is likely running a script. He'll get bored of doing that and in a couple of weeks, he'll stop. I say lets ignore him. This really a network problem, not a coding problem."
IT-MGR: "Now..now...lets not make excuses and point fingers. It's time to fix your code."
IT-VP: "I agree. We're not going to let anyone blackmail us. Make it happen."
So I figure out the partner's IP address, and hard-code the value in my service so it doesn't log the login failure (if IP = '10.50.etc and so on' major hack job). That worked for a couple of days, then (I suspect) the ISP re-assigned a new IP and the errors started up again.
After a few angry emails from the 'powers-that-be', our network admin stops by my desk.
D: "Dude, I'm sorry, I've been so busy. I just heard and I wished they had told me what was going on. I'm going to block his entire domain and send a request to the ISP to shut him down. This was my problem to fix, you should have never been involved."
After 'D' worked his mojo, the errors stopped.
Month later, 'D' gave me an update. He was still logging the traffic from the partner's system (the ISP wanted extensive logs to prove the customer was abusing their service) and like magic one day, it all stopped. ~2 weeks after the 'break up'.8
It was nice having you in my house, but it's come to the point where our ways part. I must go on and you must be recycled. You've served me well all those 7 years, my friend.
It's not me, it's you. You've grown old and unreliable. Your capacitors must have dried out and can no longer serve reliable wifi connections. I keep on getting lost ICMP packets and connection outages altogether. While these things could happen to any router, definitely not every router has a 13-16 second long wifi outage every minute. I cannot have 2 peoples' work depend on a wifi connection where a ping to a LAN IP takes 58204ms. I just.. can't. You've become a liability to my family.
I'm pissed, because I cannot afford video calls with my colleagues.
I'm pissed, because my wife spends good 5 minutes every call asking "can you hear me? how about now?" and repeating herself over and over.
I'm pissed, because I can no longer watch Netflix or listen to YT Music uninterrupted by network outages.
I'm pissed, because my Cinnamon plugins freeze my UI, waiting for network response
But most of all I'm pissed, because I was disconnected from BeatSaber multiplayer server when I scored a Full Combo in Expert "Camellia: Ghost" - right before I got a chance to see my score.
I gave you 2 second chances by factory-resetting you. I admit you got better. And then got back to terrible again.
I can no longer rely on you. It's time to say our goodbies and part our ways.
P.S. as a proof of your unreliability I'm attaching outputs of ping to a LAN IP and pingloss to the same IP (pingloss: https://gitlab.com/-/snippets/...)3
What is it with devs (not all, by any means!) who don't understand networks or basic computer operation? I'm not talking about anything complex, but things like the dev who asked if his IP address could be whitelisted so he could remote in from home. We asked what his public IP address is and he said 10.0.0.27.
Or the new dev who started and said her laptop camera didn't work and logged a ticket, only to be asked if she had the camera cover open or closed and said, "oh, that's what that lever is for."
Don't get me wrong - many devs and sysadmins and IT people of all fields are excellent. And there are some who are crap in every field. This is no rant about devs in general, just *these* crap devs that I can only throw my hands in the air and think, well, they scored ok in the SQL test.4
At the institute I did my PhD everyone had to take some role apart from research to keep the infrastructure running. My part was admin for the Linux workstations and supporting the admin of the calculation cluster we had (about 11 machines with 8 cores each... hot shit at the time).
At some point the university had some euros of budget left that had to be spent so the institute decided to buy a shiny new NAS system for the cluster.
I wasn't really involved with the stuff, I was just the replacement admin so everything was handled by the main admin.
A few months on and the cluster starts behaving ... weird. Huge CPU loads, lots of network traffic. No one really knows what's going on. At some point I discover a process on one of the compute nodes that apparently receives commands from an IRC server in the UK... OK code red, we've been hacked.
First thing we needed to find out was how they had broken in, so we looked at the logs of the compute nodes. There was nothing obvious, but the fact that each compute node had its own public IP address and was reachable from all over the world certainly didn't help.
A few hours of poking around not really knowing what I'm looking for, I resort to a TCPDUMP to find whether there is any actor on the network that I might have overlooked. And indeed I found an IP adress that I couldn't match with any of the machines.
Long story short: It was the new NAS box. Our main admin didn't care about the new box, because it was set up by an external company. The guy from the external company didn't care, because he thought he was working on a compute cluster that is sealed off behind some uber-restrictive firewall.
So our shiny new NAS system, filled to the brink with confidential research data, (and also as it turns out a lot of login credentials) was sitting there with its quaint little default config and a DHCP-assigned public IP adress, waiting for the next best rookie hacker to try U:admin/P:admin to take it over.
Looking back this could have gotten a lot worse and we were extremely lucky that these guys either didn't know what they had there or didn't care.
Question: is it a red flag if I'm "not supposed to" blog about tips and tricks I've found at work (not even code level, just organization and general design patterns)? Reason given to me: "we need to be careful about due diligence and intellectual property for our investors to be satisfied". Am I working with idiots?10
can't believe it but things actually have started to fall into place on their own, career-wise. feels unreal. need to work enough to afford a cottage with a cobblestone path & my life will be complete2
what is the point of having massive HR departments if something as expected and frequent as university hiring can't go smoothly?
i managed to reach the interview round for a big 4 firm only for the interviewer to not show up for 4 hours from my time slot (i waited the entire time - took periodic screenshots for proof), HR to say "we'll reschedule your interview, this happened because of internal miscommunication" more than THREE months ago, and dip. until december they'd repeat the same. now they've ghosted. thanks, virtual hiring.
how is it the candidate's fault? found out this isn't rare by speaking to a few others from my network who i knew were interviewing for the same firm. for students whose lives can change completely based on the outcome of an opportunity that they came across due to sheer luck and could definitely make use of because of their hard work - this is so heartbreaking and demotivating.1
Back in https://devrant.com/rants/5492690 @Nihil75 referred to SlickVPN with a link, where you can buy a lifetime licence for $20. I thought - what the hell.. I don't need a public VPN rn, but for $20 for a lifetime lic - I'll take it, in case I'll ever need one.
I had some trouble signing up - the confirmation email never reached my inbox. So I got in touch with support. And they.... generated and send me a password in plain-text.
And there even isn't any nagging requirement to change the pass after I sign in for the first time!
IDK... As for a service claiming to be security-oriented, the first interaction already screams "INSECURE".
Well.. should still be OK for IP switching, to unlock Netflix content I guess. Don't need anything secure for that 🤷16
I want to access my Server from anywhere. Should i use something like noip.com (DynDNS)? Or is there a better way?12
every day my boss says he'll review the requirements for our product. every day he forgets to do so. every day he asks where the update for the next stage is. every day i remind him. every day he forg ---2
When I found out that the server I use weirdly implements SSH login.
For some very odd reason (probably a historical one,) you have to access the web-app console and press a button TO GRANT SSH ACCESS TO THE F*<KING IP ADDRESS FROM WHICH I PRESSED THE BUTTON. The server blocks the wrong IP addresses outright. And only one active allowed IP at a time. This totally obliterates my plan to perform CD on this server. Why can't I just register public keys?
Then I learned several months later that they introduced a new server plan that *does* support the public-key registration. :facepalm:
I'm divided on whether to change my plan in exchange for a rather significant increase in the monthly cost.3
what are personal projects if not the daughters of hackathon solutions that never saw the light of day6
need more experience for good entry-level jobs, need a good entry-level job for more experience. yay4
Could there be a "greater" GPL which explicitly declares that the constraint extends to use of the code as statistical data, such as in machine learning models?2
which is the best cloud provider for a complete beginner (user/dev) in terms of community support, employer preference and user-friendliness?
i know that understanding the tech and concepts behind it matters more than getting familiarized with a specific platform, but i'm looking to build a more diverse profile and have noticed many positions asking for AWS/Azure experience.
since i'll be starting from scratch, any provider with easy-to-follow documentation, online help and certifications that don't leave you broke (would have to pay myself, earn very less as a student from a third-world country, parents/current employer can't support) would work.9
Let's say AWS assigned you an IP address , which was Pi to 7 digits... would you release it if you didn't need it anymore?12