So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

*Downloading a linux iso (distrohopping YAY) because the download stopped last night*
*200kbs instead of the 5mbs last night*

*sets up a subdomain for downloading iso's*
*enables SSL*
*downloads the iso to my server*
*copies the iso to the directory of the iso subdomain*
*starts downloading the iso from the server*

5mbs YAY

I am weird 😆

(The PM is pretty technical)
One day:
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
PM: Nahh.
*walks away*

Next day:
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Me: Yup!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*

It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?

What is going on with the web these days? 500 adds, 3 auto play video's per page and now this shit?!

Websites that do this should be removed from Google.
I don't think it's even allowed.

If you block it, it goes to a subdomain 1.<website> and asks for permission again. If you block that one it'll go to 2.<website>, up until 10.<website>, then it switches to either a "get Express VPN" or another website that asks for permission. And that one even claims to be reCAPTCHA! and then another that asks you to press "Allow" in order to watch the video. What video?!

Imagine this clusterfuck:
A small company creates its own CMS on PHP 5.5 and MySQL, coded by fresh junior devs who apparently just got into coding.

My new employer sadly is one of their customers and now I got the task to migrate a group of tightly linked websites on subdomains to an actually sane and maintainable CMS...

Fuck me...

Apparently the continuous extension of the websites over the years got so labor intense, that the mentioned company lacks the manpower to fulfill further development wishes.

I've looked into the code today... let me tell you, PTSD is helluva thing.

- Each subdomain has a complete copy of the Crap Management System, there is no use of composer packages and each of the 50 folders in the webroot contains a mix of source code and images or other resources.
- LESS is transpiled into CSS by PHP on requests.
- There is no central file for environment variables like a ".env".
- Each website uses at least 5 different versions of jQuery, of which some jquery.min.js files were manually modified.

Don't get me started on how the DB is organized...

My work on this has just started, there will be more I've yet to uncover.

"C'mon, man! Gimme a break!"

Earlier I signed up on this forum called NulledBB. Basically some hacker skiddie forum that had a dump of an archive I wanted, unfortunately behind a paywall which I didn't want to bother with.

On signup I noticed that I couldn't use my domain as an email address, as I usually do (the domain is a catch-all which means that mail addresses can be made up for each service I sign up to on the fly, super useful). They did expose the regex that they accepted email as however, which included something along the lines of "@live.*".

So I figured, why not register a subdomain live.nixmagic.com real quick and put that into the mail servers? Didn't take too long and that's what I eventually went with, and registered as somepissedoffsysop@live.nixmagic.com (which I have no trouble putting on a public forum as you'll see in a minute).

Still didn't manage to get that archive I wanted but I figured, fuck it. It's a throwaway account anyway. But eventually that email address started to receive spam. Stupid motherfucker of a forum operator with his Kali skidmachine probably leaked it.

Usually I just blacklist the email address in SpamAssassin by adding an additional spam score of 100 to email sent to such addresses. But in that case it didn't even sit on the main domain, thanks to that stupid regex block from earlier... 😏

*Logs into my domain admin panel*
*Le rm on the live.nixmagic.com record*

Null routed entirely.. nulled, if you will! 🙃

Customer has thousands of clients - puts each client site under a subdomain of the main domain on a shared server. What happens to every single website when the server runs out of space?
But that'll never happen, right? We have lots of space. It certainly won't happen on day one of the main tech dev's holiday.
...twice...
It's fine, there's a backup, or atleast a redirect, right
.....right?

Earlier i ranted about how someone hacked our site and he had our source code.
Now finally we found how was our site code stolen, thanks to @dfox he mentioned how can we pull code from got server at that time I checked trying commamds to dowload git folder but it was secure but later we found that we had another subdomain running for pur project and its git folder was not secured

This is a story of suffering and despair.

I'm working on a build system for our firmware. Nothing major, just a cmake script to build everything and give me an elf file.

I'm fairly new to cmake at that point, and so it's not abundantly clear to me how the `addDirectory` command works.

Now those of you with experience in cmake will say:
"Hold on there champ, this is not a cmake command, the real thing is add_subdirectory()"

Well, that is not what chatGPT told me. I still trusted the fucking thing at this point, it explained that it was in fact a command, and that it added all subsequent source files from a given folder. When I asked it to provide me with sources, it gave me a dead link in a cmake dot com subdomain.

I spent FUCKING HOURS trying to understand why I couldn't find that shitty command, I looked through that shitty page they call documentation through and through, I fucking checked previous and nightly versions, the command was nowhere to be found.

Until I found an old as time post in stackOverflow...
Someone had made a macro with that name, that did what GPT had described...

On the positive side, I know cmake now. I also don't use this fucking deep Learning piece of shit. Unless you write simple JS or blinking LEDs with Arduino it codes like a Junior, high on every kind of glue on the market.

I asked my CS teacher why my institutions domain had only the www subdomain pointing to the webspace, but not also the second level domain itself. He then explained me that www is the *protocol* on the internet and it's necessary for the website to be accessible, and that pointing the SLD to the webspace in addition therefore wouldn't work.

How could I ever take him serious again? He's supposed to teach networking btw.

Yesterday I had to deploy a website, nothing big. But afterwards I wanted to delete the site on my showcase subdomain and ran

rm -rf *

in the console. I almost died.

Background: I'm in middle school, and two popular games that people liked got blocked. My friend and I made a website with the blocked games on a free 000webhost subdomain. It was a crappy, twenty minute website that I made with just a view counter, the games, and a chat room for people looking for other people to play with.

Story: one day I opened up the chat room where another friend and I were gonna talk about our teacher behind her back. I opened the chat room, and in the previous chat text, there was a line that said "Username: " and a text box. Then, about five lines, each with two text boxes separated by a ":". I knew that it could've been my friend that "made" the site with me (he designed the logo and occasionally modified the HTML), but I suspected not. He wasn't smart enough. Now when I was building the chat room, I internationally didn't put in XSS protection, just to see if someone would catch onto it, and, to my surprise, someone obviously did. Now there's someone in my school, who could be just like me, but I don't know where. Man, I really wanna find him (or her)! Of course, it could be my teachers, who are messing with it and could be trying to get it blocked -_-

A week ago, the team that hired me asked me to fix the s**t they made when they hosted around 30 WordPress sites in a single Bluehost shared server. Several of those were multisite installations. The server eventually gone down because of the load. And the most disturbing part was they were taking money from some of their clients to host the sites, in stead of not having a reseller licence. The server was going down quite frequently so I suggested moving some sites to another host or another server. They asked me to do it, but when I asked for the permission to edit the nameservers, they asked me to make a subdomain and point it to the new server. Which was kind of impossible because the new host was already having some subdomains and it's not easy to work with sub-sub domains. So, on an open statement they said that I am unprofessional and not fit for work. Before that they disturbed me and bursted on me when I was off working hours. -_-

I started programming when I was 14, because I was deeply enrooted in MMORPG hacking communities. It gave me an escape from real life, and I felt empowered by the skill to create something from nothing. My first language was Lazarus FPC, followed by VB.NET, C#, C++ ( managed and unmanaged non CLR ). As time went on, I found more ways to turn my "hacks" into software, and finally I began selling subscriptions which required me writing an authentication system.

After weeks of research, I began writing my own REST API in PHP using MySQL as my database. At this point I had an IPB forum up and running for a year, but with my newly acquired knowledge I was able to couple my API with my forum software. To properly distribute my API i had to learn NGINX to route my API to a subdomain.

Soon after I began writing my own portal for my authentication system, at which point I had become entirely enveloped in Web Development. I was 17 when I dropped my forum, I'm now 21 and freelancing web app consulting, day job as a QA automation developer.

!rant

Me and my bestfriend joined a hackathon way back since we were in college. The task was to fetch JSON data from a REST APIs then we were given a sample link so we can compare the output between the expected output with our own. But the response from the actual API is not in JSON format, it's a string so we need to do dozens of string manipulation to match the expected output.

To submit our work we are given our own subdomain to upload our work and setup the environment and the URL will be submitted. We know how to complete the challenge but the time is running out and we were in panic mode so my friend mistakenly submitted the URL used to compare the output. We already expected to fail the challenge but what the fuck, we got a perfect score and won the challenge.

!rant

I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.

I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...

Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.

That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.

Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.

How the hell are you going to have a WebDev degree and not know what SSL is in 2022.

I also shouldn't be the one to notice your CPanel has a ton of unnecessary extra files and folders, and when you go to a subdomain corresponding to some random folders we find a "hacked by some dude" message. : |

I get your mom paid for the domain and hosting for you but you should really fucking know that information yourself.

And I don't care if your mom says 'everything is fine' on her side. You were hacked you need that information so you can tell when things are added that shouldn't be and in this case notify the host site in case the issue is on them while also knowing how to reset everything properly site specifically

Fuck. I should start charging my friends for being stupid and taking my time with things they should know how to do.

My degree is an associates of 'General Programming'. They have a degree in specifically 'Web Development'

90% of my web development knowledge is self taught. If her program didn't cover fucking ssl she needs her money back

I am building a website inspired by devrant but have never built a server network before, and as im still a student I have no industry experience to base a design on, so was hoping for any advice on what is important/ what I have fucked up in my plan.

The attached image is my currently planned design. Blue is for the main site, and is a cluster of app servers to handle any incoming requests.

Green is a subdomain to handle images, as I figured it would help with performance to have image uploads/downloads separated from the main webpage content. It also means I can keep cache servers and app servers separated.

Pink is internal stuff for logging and backups and probably some monitoring stuff too.

Purple is databases. One is dedicated for images, that way I can easily back them up or load them to a cache server, and the other is for normal user data and posts etc.

The brown proxy in the middle is sorta an internal proxy which the servers need to authenticate with to connect to, that way I can just open the database to the internal proxy, and deny all other requests, and then I can have as many app servers as I want and as long as they authenticate with the proxy, they can access the database without me changing any firewall rules. The other 2 proxies just distribute requests between the available servers in the pool.

Any advice would be greatly appreciated! Thanks in advanced :D

I'm fiddeling around with progressive web apps. I made something and hosted it on a subdomain. Today I made a typo and found my app on an other domain. All my assets and files are copied there. He even uses my SSL certificate.

It's not that spectacular. The app is nothing "revolutionary". It's just the first time it happend to me.

Have you ever found your code on other websites ? How did you react ?

Why do government websites use so many fucking subdomains??

we are organizer of really big trade fair and wanted to place a new product. It was a landing page for exhibitors especially for the fair, the exhibitor would get a subdomain with his company name. This landingpage had some highly requested features such as a calender for scheduling meetings, some floorplan features and other stuff... long story short: not a single exhibitor booked it. it was just trash and huge waste of time. dont get me wrong, this was actually a really great idea but the endproduct just sucked... now 4 resignations later we may start a new try :D

wish i would be a more passionsted ranter/writer... i have a ton load of such things i could rant about... but most of the time i get my consolation by reading your rants here.

obligatory: fuck, shit, cunt

Always Stick to One Task at a Time

Whenever I’m trying to learn how to do new stuff, or if I have a project where I’d have to figure out how to do a lot of things, I try to just pick a particular task and attack that.

Often times in programming, you’ll hold a lot of context in your head depending on what you’re working on, so it’s best to focus on one thing and try to get it done. There are a lot of ways you can tackle a single problem, so a lot of things will depend on what solution you end up choosing. For example, if you’re trying to build a CMS website that build websites where it will deploy things to each user, you could organize a site where it’s a big giant app where everyone has a specific subdomain, or you can make it so that each individual subdomain is a separate instance of your app with configuration changes. There are pros and cons to each approach, so this is where the judgment comes in and why some people say programming is an art, since you constantly have to weigh different tradeoffs.

414 rants since your last visit,

Alright devrant, here we go.

> client adds a home button to the subdomain
> asks to add a feature from which user can come to the homepage of subdomain
> naturally, add "/" in the href of the home
> client gets frenzy
> "that home button was supposed to redirect users to the main domain"
> I'm like wtf bro
> anyways adds another home button to redirect to the home of the subdomain.

now let's see how confused the users get

!rant

Anyone here experienced with Route53?

I have a small issue I'm trying to think through on how to achieve with minimum effort and maintenance, essentially set once and walk away and never care about it again solution.

Basically what I have is:

sub.domain.com

and I need to get it to redirect over to

otherdomain.com/folderToGetTo/

Using a 301 would be ideal but how for the life of me do I go about serving a 301 redirect over a dns entry - short answer is I can't unless I'm missing something!

Both domains are owned by the same company so no issue in hijacking a subdomain... well besides internal politics but that's just another day 😏

First thoughts include setting up a S3 bucket with hosting and forcing the dns to that and then, redirect out of the bucket... seems overkill but will work.

Hoping to find a smaller solution that I don't have to justify a S3 bucket being used for a single file - audits suck alright🤷‍♂️

Oh and setting up a redirect at the originating domain will take longer then it's worth to setup and get approvals for so not worth the effort internally.

Yes I will accept "fuck off @C0D4" as an answer.

I recently volunteered to be the admin of our student website. Boy was I in for a ride... I can only imagine the conversation went something like this:

IT: previous IT
P: some person

P: we need some additional sites that are unrelated to the main site, where should I put the files?
IT: just put them inside the folder that has the files of the main site, it doesn't matter.

P: we have some sub-domains that we do not use anymore, what do we do with them?
IT: just delete the files, don't bother with deleting the subdomain

P: we are having an event, what do we use to store user applications, we used google forms previously and it worked just fine.
IT: we will have the applications go to our mySQL database, but everything will be in one table so that it's more readable.

I mean I'm still a college student so there might be some deeper meaning to this, but still i can't look at this without my ocd getting the better of me.

Found an institutional coaching centre leaking 1000s of students personal data phone, photo, db, parents info, documents photo path, payment method(bank, check, card) etc. They 32567 rows. I'm trying to find the admin login page. It seems they have it on separate subdomain. I found student login and I can login as any student. I hate these institutes. Sent them emails days ago (29 sept) but no reply yet. What should I do?

to;dr: I think I'm retarded. I don't know how to networking.

got Proxmox set up on my server... sorta. I suck at networking. I bought a domain name, and I'm trying to have each container have a subdomain of the domain name I bought. each container has a unique internal IP address, but they all share the host's public IP address. so after a couple hours of googling, I THINK what I need to do is run a reverse proxy server on the public IP and route each subdomain manually to an internal IP address with something like nginx..... or am I retarded?

I know , it is shared host, subdomain and all the little things you seem to find just not up to your hipster fucking standards but frankly if my require_once(__DIR__."/../blah/blah.php) fucking works then I think your pompous ass should stop trying to find shit starting at my neighbours website and telling me you can't find a class that is right there , next to you! Loook motherfucker ! Use your fucking eyes!

** PS will obviously still see if it is a config issue but right now just fuck it .
REQUIRE_ONCE FOR LIFE!

Someone didn’t properly set the httpcookies domain for our staging and production websites. Yep, this was a C#/.NET site. The cookie domain for the staging site was set to the production domain instead of the staging domain (which was a subdomain). So if someone logged into the staging admin, that would also grant them access to production admin if they also had an account in the production site.

The staging site technically had an additional login to enter the site, but the username and password weren’t too hard to guess. It was like that for years until I was hired to be an in-house dev (the role was previously outsourced to a software development company).

The admin side of the website wasn’t very sophisticated. But there was enough personal identifying info for a hacker to do something with.

I don’t know how they weren’t hacked yet. Honestly, I’d tell my employer to go back to that software agency and ask for a refund and cite the shotty work.

After 1 year decided to install Nextcloud on my Digital Ocean droplet under a subdomain. I'm happy with the results, and now I'm moving my Google Drive data (including contacts) to my Nextcloud instance.

Wish there is a Google Docs equivalent for Nextcloud I could install!.

I'm studying the chance to offer cloud space to my family for free too.

The company I work in recently made a subdomain where you need to figure out how to hack the page using a vulnerability they subtly put there. If u are successful u get an interview. I looked it over for fun and was able to do it. But since i already work there i was thinking of telling a friend id love to join us but was rejected a month ago when they interviewed him about how i did it so he can apply maybe they give him another chance. do you think I should do that?

Note that i referred him last month and hes a fresh grad with not much experience

I love doing multiple tech things. Development, Ops and security. Why can't people see this as tech experience and not individual subdomain experience. Why can't people switch jobs easily over Dev, Sec and Ops?
Smh.

I'm trying to improve my email setup once again and need your advice. My idea is as follows:
- 2-5 users
- 1 (sub)domain per user with a catchall
- users need to be able to also send from <any>@<subdomain>.<domain>
- costs up to 1€ per user (without domain)
- provider & server not hosted in five eyes and reasonably privacy friendly
- supports standard protocols (IMAP, SMTP)
- reliable
- does not depend on me to manage it daily/weekly
- Billing/Payment for all accounts/domains at once would be nice-to-have, but not necessary

I registered a domain with wint.global the other day and I actually managed to get this to work, but unfortunately their hosting has been very underwhelming.. the server was unreachable for a few minutes yesterday not only once, but roughly once an hour, and I'd really rather be able to actually receive (and retrieve) my mail. Also their Plesk is quite slow. To be fair for their price it's more like I pay for the domain and get the hosting for free, but I digress..

I am also considering self hosting, but realistically that means running it on a VPS and keeping at secure and patched, which I'd rather outsource to a company who can afford someone to regularly read CVEs and keep things running. I don't really want to worry about maintaining servers when I'm on holiday for example and while an unpatched game server is an acceptable risk, I'd rather keep my email server on good shape.

So in the end the question is: Which provider can fulfill my email dreams?

My research so far:
1. Tutanota doesn't offer standard protocols. I get their reasons but that also makes me depended on their service/software, which I wouldn't like. Multiple domains only on the business plans.
2.With Migadu I could easily hit their limits of incoming mails if someone signs up for too many newsletters and I can't (and don't want to) micromanage that.
3. Strato: Unclear whether I can create mails for subdomains. Also I don't like the company for multiple reasons. However I can access a domains hosted there and could try...
4. united-domains: Unclear whether I can create mails for subdomains.
5. posteo: No custom domains allowed.

I'm getting tired.. *sigh*

Was watching OITNB at home when boss called sounded urgent about SSL not working on one of our subdomains. We use a paid cloud app for some of our reports which. So the subdomain is a CNAME to the providers app subdomain. Recently there was an upgrade at our hosting but it shouldn't be related.

Boss: Hey, there is an error prompt when I visit our reporting site with https
Me: That's cos we never installed any SSL cert for that subdomain.
Boss: Well it worked before and you will need to get it fixed.
Me: Wait.. It worked before? How is that possible? We've never set it up and the subdomain is a CNAME pointing to another site which we don't own. The cert will have to load from their server and we have not done any setup with them.
Boss: I'm very sure it worked before the hosting upgrades. All along our customers has been accessing with https.
Me: Okay.... That's something new because and I am pretty SURE the last I checked, the app provider doesn't allow that yet.
* meanwhile I when to search the app provider docs and it says not able to support multiple SSL yet for CNAME
Me: Look, it says so here in the docs.
Boss: Ok, can you try to fix it as its important for the users to not see that error. It has been working all along.
Me: Hmmmm... I'll get back to you.

How do I fix something that didn't exist / broken?? How did it work before??

I know it can be possible to install the cert on the cloud provider end but we haven't done this before. And their support docs says feature not available yet.

Was it magic?? Am I missing something?? Anyway, I've sent an email to the provider's support team and telling them "it worked before"

We need to create simple form for colection few particular people data for some bounty programme.

We have ready-made website that does similar stuff, but it was outsourced and we have compiled javascript (sidenote - im only person in this place who understands f**ng javascript but hates it deeply)

Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.

I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.

So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.

What I hear?
But we will need to make again privacy policy

Me:
Can you just link privacy policy from this site?

They:
Oh... it makes it easy now.

My internal voice:
next time try to use brain....

Spent half a night figuring out, why all my links on my drupal website are located to weird subdomain after migration. Angry; at the morning I realised, that cache system completely gone weird and somehow pointed itself to completely different domain. Thanks drupal

(relating the CMS of Doom™)
Imagine loading a shared CSS for your subdomain site from your main site via PHP over cURL and then embed it in a <style/> tag on every single damn request.
🤯

A moodlecloud subdomain is sending me unsolicited emails, I have no way of contacting them, and the moodle support team is just stonewalling me.

The lack of ownership in society really sucks sometimes

Guys, I have a question and I was wondering if you could help me here...

I was thinking, is there a way to have a user login, and behind the scenes it will take to its "website"?

I.e.: Lets say, I have something like wordpress but for each instance, should I deploy a subdomain or, can I create a single entry point and then route the user to its specific wordpress instance?

Can you advise? Suggestions?

Thank you in advance

Devs and security researchers out there!!
I had a doubt regarding subdomain takeover vulnerability.

How to find where a site is hosted on heroku or AWS or heroku or more?

I was trying to write a script for it.

Any expertise will be welcomed.

Hey. I'm still very new to CloudFlare and I have a question.

Let's say that I have 4 sub domains: a.test.com, b.test.com, c.test.com, d.test.com. They're all under the same domain (test.com).

I have a page rule setup specifically for a.test.com, where "Disable security" is set to On. I did this as a temporary solution so that I can figure out the problems that a.test.com has when the security is enabled (had users complaints regarding not being able to send requests with CF security On), so that it is still accessible while I try to fix it..

By turning disabling security for a.test.com, do I put others (b, c, d) at risk? I had someone telling me that it is possible for attackers to make use of a.test.con (unprotected by CF) in order to attack the other sub-domains. "a.test.com has no protection so attackers can use it to send requests to other secured subdomains, cross-site attack" or something along that line.

I don't get this. I thought page rule is supposed to be active only for the domain where it's being set up and the rest will still be secured, and that if attacker manages to attack the other subdomain its due to the others not having secure applications inside of it.

Dunno if that person was telling the truth or tried to mess around with me with their joke!

Thanks!

hr- "so why are looking to switch from X"
me- "well i currently work in b2b domain amd i really want to work on B2C product where millions of users are being impacted"

hr- "yeah we also have premium companies as users and b2b work is not much different than b2c. what else?"

me- "uh umm, also i saw the opening for a journalism company , so i was very tempted to apply as i always
wanted to work for jo-"

hr- "the opening is for p, a subdomain of our company which is a music player"

me- "umm that's okay. i guess i like listening to music as well 😅 . also i wanted to work nearby to my home"

hr- "yeah that's the real reason. your current company is asking you to come to their city"

me- "no they are still remote!" (they aren't)

hr- "i will connect you with another person. please be negotiable"

🥺😭 mann i am so much out of the game i am embarrassing myself over a phone call. can't even answer a stupid why question

Why the fuck does my subdomain work with https but my main domain returns an ssl error. Wouldnt nether work if the ssl was the issue

Its midnight I want to fucking sleep not deal with this shit. I'm probably doing something stupid but don't have the fucking experience to recognize what I'm doing wrong

Today I found a subdomain whose CNAME record points to some s3 bucket that doesn't exist but on opening that subdomain, it redirects me to some other s3 bucket that exists

can anybody shed some light on this?

PS: there are none other DNS records