Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "subdomain"
So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!
It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"
Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.
My parents found it very easy to work with as well so we decided to stick with it.
I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.
Then I started to experiment more and more.
After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!
From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.
Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!
I started to learn stuff like FTP, SSH and so on.
Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?
First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.
Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.
Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!
I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.
Finally made the jump to NginX and CentOS!
Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.
Started with simple, one screen linux setup with ubuntu 10.04.
Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!
It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).20
I strongly dislike the www part in domain names (the subdomain, really), that's not really news anymore.
Loads of sites use it which I find annoying as fuck for some reason but so be it. (I understand that its very logical to loads of people)
And then you get a client who calls in because the email server isn't accepting her username/password.
*looks into the logs*
"incorrect authentication data: firstname.lastname@example.org"
Kill it with fucking fire.18
For some fucking reason I hate it when people put 'www.' in front of any domain.
It takes longer to type the fucking thing out! And with short domains like the Dutch site nu.nl... www.nu.nl. fucking REALLY?!
Fuck the www subdomain, because that's all what that cocksucker is, a fucking subdomain.54
Just a personal thing (and no clue why) but I can't fucking stand it when people say www. in front of their domains.
Working as a Linux + support engineer, I get quite some calls where people have to give me the domain they're calling about.
"what's the domain if I may ask?"
"oh that's www.theirdomain.com!"
OH FOR FUCKS SAKE JUST SAY THE DOMAIN, WWW. IS *NOT* PART OF IT, IT'S JUST A FUCKING SUBDOMAIN 😤18
*Downloading a linux iso (distrohopping YAY) because the download stopped last night*
*200kbs instead of the 5mbs last night*
*sets up a subdomain for downloading iso's*
*downloads the iso to my server*
*copies the iso to the directory of the iso subdomain*
*starts downloading the iso from the server*
I am weird 😆11
(The PM is pretty technical)
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*
It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?8
Imagine this clusterfuck:
A small company creates its own CMS on PHP 5.5 and MySQL, coded by fresh junior devs who apparently just got into coding.
My new employer sadly is one of their customers and now I got the task to migrate a group of tightly linked websites on subdomains to an actually sane and maintainable CMS...
Apparently the continuous extension of the websites over the years got so labor intense, that the mentioned company lacks the manpower to fulfill further development wishes.
I've looked into the code today... let me tell you, PTSD is helluva thing.
- Each subdomain has a complete copy of the Crap Management System, there is no use of composer packages and each of the 50 folders in the webroot contains a mix of source code and images or other resources.
- LESS is transpiled into CSS by PHP on requests.
- There is no central file for environment variables like a ".env".
- Each website uses at least 5 different versions of jQuery, of which some jquery.min.js files were manually modified.
Don't get me started on how the DB is organized...
My work on this has just started, there will be more I've yet to uncover.
"C'mon, man! Gimme a break!"16
Earlier I signed up on this forum called NulledBB. Basically some hacker skiddie forum that had a dump of an archive I wanted, unfortunately behind a paywall which I didn't want to bother with.
On signup I noticed that I couldn't use my domain as an email address, as I usually do (the domain is a catch-all which means that mail addresses can be made up for each service I sign up to on the fly, super useful). They did expose the regex that they accepted email as however, which included something along the lines of "@live.*".
So I figured, why not register a subdomain live.nixmagic.com real quick and put that into the mail servers? Didn't take too long and that's what I eventually went with, and registered as email@example.com (which I have no trouble putting on a public forum as you'll see in a minute).
Still didn't manage to get that archive I wanted but I figured, fuck it. It's a throwaway account anyway. But eventually that email address started to receive spam. Stupid motherfucker of a forum operator with his Kali skidmachine probably leaked it.
Usually I just blacklist the email address in SpamAssassin by adding an additional spam score of 100 to email sent to such addresses. But in that case it didn't even sit on the main domain, thanks to that stupid regex block from earlier... 😏
*Logs into my domain admin panel*
*Le rm on the live.nixmagic.com record*
Null routed entirely.. nulled, if you will! 🙃3
What is going on with the web these days? 500 adds, 3 auto play video's per page and now this shit?!
Websites that do this should be removed from Google.
I don't think it's even allowed.
If you block it, it goes to a subdomain 1.<website> and asks for permission again. If you block that one it'll go to 2.<website>, up until 10.<website>, then it switches to either a "get Express VPN" or another website that asks for permission. And that one even claims to be reCAPTCHA! and then another that asks you to press "Allow" in order to watch the video. What video?!25
Earlier i ranted about how someone hacked our site and he had our source code.
Now finally we found how was our site code stolen, thanks to @dfox he mentioned how can we pull code from got server at that time I checked trying commamds to dowload git folder but it was secure but later we found that we had another subdomain running for pur project and its git folder was not secured16
I asked my CS teacher why my institutions domain had only the www subdomain pointing to the webspace, but not also the second level domain itself. He then explained me that www is the *protocol* on the internet and it's necessary for the website to be accessible, and that pointing the SLD to the webspace in addition therefore wouldn't work.
How could I ever take him serious again? He's supposed to teach networking btw.2
Yesterday I had to deploy a website, nothing big. But afterwards I wanted to delete the site on my showcase subdomain and ran
rm -rf *
in the console. I almost died.5
Me and my bestfriend joined a hackathon way back since we were in college. The task was to fetch JSON data from a REST APIs then we were given a sample link so we can compare the output between the expected output with our own. But the response from the actual API is not in JSON format, it's a string so we need to do dozens of string manipulation to match the expected output.
To submit our work we are given our own subdomain to upload our work and setup the environment and the URL will be submitted. We know how to complete the challenge but the time is running out and we were in panic mode so my friend mistakenly submitted the URL used to compare the output. We already expected to fail the challenge but what the fuck, we got a perfect score and won the challenge.1
Background: I'm in middle school, and two popular games that people liked got blocked. My friend and I made a website with the blocked games on a free 000webhost subdomain. It was a crappy, twenty minute website that I made with just a view counter, the games, and a chat room for people looking for other people to play with.
Story: one day I opened up the chat room where another friend and I were gonna talk about our teacher behind her back. I opened the chat room, and in the previous chat text, there was a line that said "Username: " and a text box. Then, about five lines, each with two text boxes separated by a ":". I knew that it could've been my friend that "made" the site with me (he designed the logo and occasionally modified the HTML), but I suspected not. He wasn't smart enough. Now when I was building the chat room, I internationally didn't put in XSS protection, just to see if someone would catch onto it, and, to my surprise, someone obviously did. Now there's someone in my school, who could be just like me, but I don't know where. Man, I really wanna find him (or her)! Of course, it could be my teachers, who are messing with it and could be trying to get it blocked -_-1
I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.
I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...
Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.
That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.
Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.7
A week ago, the team that hired me asked me to fix the s**t they made when they hosted around 30 WordPress sites in a single Bluehost shared server. Several of those were multisite installations. The server eventually gone down because of the load. And the most disturbing part was they were taking money from some of their clients to host the sites, in stead of not having a reseller licence. The server was going down quite frequently so I suggested moving some sites to another host or another server. They asked me to do it, but when I asked for the permission to edit the nameservers, they asked me to make a subdomain and point it to the new server. Which was kind of impossible because the new host was already having some subdomains and it's not easy to work with sub-sub domains. So, on an open statement they said that I am unprofessional and not fit for work. Before that they disturbed me and bursted on me when I was off working hours. -_-8
I am building a website inspired by devrant but have never built a server network before, and as im still a student I have no industry experience to base a design on, so was hoping for any advice on what is important/ what I have fucked up in my plan.
The attached image is my currently planned design. Blue is for the main site, and is a cluster of app servers to handle any incoming requests.
Green is a subdomain to handle images, as I figured it would help with performance to have image uploads/downloads separated from the main webpage content. It also means I can keep cache servers and app servers separated.
Pink is internal stuff for logging and backups and probably some monitoring stuff too.
Purple is databases. One is dedicated for images, that way I can easily back them up or load them to a cache server, and the other is for normal user data and posts etc.
The brown proxy in the middle is sorta an internal proxy which the servers need to authenticate with to connect to, that way I can just open the database to the internal proxy, and deny all other requests, and then I can have as many app servers as I want and as long as they authenticate with the proxy, they can access the database without me changing any firewall rules. The other 2 proxies just distribute requests between the available servers in the pool.
Any advice would be greatly appreciated! Thanks in advanced :D13
I started programming when I was 14, because I was deeply enrooted in MMORPG hacking communities. It gave me an escape from real life, and I felt empowered by the skill to create something from nothing. My first language was Lazarus FPC, followed by VB.NET, C#, C++ ( managed and unmanaged non CLR ). As time went on, I found more ways to turn my "hacks" into software, and finally I began selling subscriptions which required me writing an authentication system.
After weeks of research, I began writing my own REST API in PHP using MySQL as my database. At this point I had an IPB forum up and running for a year, but with my newly acquired knowledge I was able to couple my API with my forum software. To properly distribute my API i had to learn NGINX to route my API to a subdomain.
Soon after I began writing my own portal for my authentication system, at which point I had become entirely enveloped in Web Development. I was 17 when I dropped my forum, I'm now 21 and freelancing web app consulting, day job as a QA automation developer.
we are organizer of really big trade fair and wanted to place a new product. It was a landing page for exhibitors especially for the fair, the exhibitor would get a subdomain with his company name. This landingpage had some highly requested features such as a calender for scheduling meetings, some floorplan features and other stuff... long story short: not a single exhibitor booked it. it was just trash and huge waste of time. dont get me wrong, this was actually a really great idea but the endproduct just sucked... now 4 resignations later we may start a new try :D
wish i would be a more passionsted ranter/writer... i have a ton load of such things i could rant about... but most of the time i get my consolation by reading your rants here.
obligatory: fuck, shit, cunt
I'm fiddeling around with progressive web apps. I made something and hosted it on a subdomain. Today I made a typo and found my app on an other domain. All my assets and files are copied there. He even uses my SSL certificate.
It's not that spectacular. The app is nothing "revolutionary". It's just the first time it happend to me.
Have you ever found your code on other websites ? How did you react ?7
So I was thinking whenever to run a Kanban-Board style ala Trello subdomain for the people on my site that are helping me with bug hunting and such and I came up with this article about this project that got 6k Stars in Github in 5 days https://github.com/thedaviddias/..., what is this project about? " The perfect Front-End Checklist for modern websites and meticulous developers "
Here is the article for those wishing to read more about it https://medium.freecodecamp.org/how...1
414 rants since your last visit,
Alright devrant, here we go.
> client adds a home button to the subdomain
> asks to add a feature from which user can come to the homepage of subdomain
> naturally, add "/" in the href of the home
> client gets frenzy
> "that home button was supposed to redirect users to the main domain"
> I'm like wtf bro
> anyways adds another home button to redirect to the home of the subdomain.
now let's see how confused the users get1
to;dr: I think I'm retarded. I don't know how to networking.
got Proxmox set up on my server... sorta. I suck at networking. I bought a domain name, and I'm trying to have each container have a subdomain of the domain name I bought. each container has a unique internal IP address, but they all share the host's public IP address. so after a couple hours of googling, I THINK what I need to do is run a reverse proxy server on the public IP and route each subdomain manually to an internal IP address with something like nginx..... or am I retarded?4
Always Stick to One Task at a Time
Whenever I’m trying to learn how to do new stuff, or if I have a project where I’d have to figure out how to do a lot of things, I try to just pick a particular task and attack that.
Often times in programming, you’ll hold a lot of context in your head depending on what you’re working on, so it’s best to focus on one thing and try to get it done. There are a lot of ways you can tackle a single problem, so a lot of things will depend on what solution you end up choosing. For example, if you’re trying to build a CMS website that build websites where it will deploy things to each user, you could organize a site where it’s a big giant app where everyone has a specific subdomain, or you can make it so that each individual subdomain is a separate instance of your app with configuration changes. There are pros and cons to each approach, so this is where the judgment comes in and why some people say programming is an art, since you constantly have to weigh different tradeoffs.1
Client is fucking idiot
So im creating an apinfornclient, he integrated everything went smoothly, than he requested update changing few things. He also told me before to not change api without him knowing. So I deployed on test. Subdomain clone with updates.
After iver week waiting for his response was "okay but how do I look at starts etc, where is dashboard"
I calmly reply
"Did you tried https://test.example.com ?"
"Ok it works"
Seriosuly.... Why they didnt even attempt to use brain on this ;-;2
Anyone here experienced with Route53?
I have a small issue I'm trying to think through on how to achieve with minimum effort and maintenance, essentially set once and walk away and never care about it again solution.
Basically what I have is:
and I need to get it to redirect over to
Using a 301 would be ideal but how for the life of me do I go about serving a 301 redirect over a dns entry - short answer is I can't unless I'm missing something!
Both domains are owned by the same company so no issue in hijacking a subdomain... well besides internal politics but that's just another day 😏
First thoughts include setting up a S3 bucket with hosting and forcing the dns to that and then, redirect out of the bucket... seems overkill but will work.
Hoping to find a smaller solution that I don't have to justify a S3 bucket being used for a single file - audits suck alright🤷♂️
Oh and setting up a redirect at the originating domain will take longer then it's worth to setup and get approvals for so not worth the effort internally.
Yes I will accept "fuck off @C0D4" as an answer.10
My most recent side project is meant to be a lighthearted thing with a dynamic subdomain where anyone can type [whatever-subdomain-they-want].is.obviously.best or [whatever-subdomain-they-want].are.obviously.best or [whatever-subdomain-they-want].is.not.obviously.best or [whatever-subdomain-they-want].are.not.obviously.best.
I have a list of political terms and people that route to an HTML page that says “[subdomain] has been flagged as political. The creator of this site intended this domain to be used to spread joy and merriment and feels that pushing political agendas undermines that intent.”
I have sentiment analysis in combination with a disallow list on is/are (positive, rather than is.not and are.not) routes that if the subdomain is flagged as negative by sentiment analysis or matches a term in the disallow list, it serves an HTML page that says “[subdomain] is/are NOT obviously best. What the hell is your problem?”
Sentiment analysis only goes so far and it’s hard for it to catch a lot of things (since it’s a small amount of input) and I’m not confident that I’ll think of all of the possible things that really shouldn’t resolve to is/are OBVIOUSLY best.
Is there anything you guys can think of that should be on the disallow list?
If it helps, the disallow list so far is https://raw.githubusercontent.com/A...16
I recently volunteered to be the admin of our student website. Boy was I in for a ride... I can only imagine the conversation went something like this:
IT: previous IT
P: some person
P: we need some additional sites that are unrelated to the main site, where should I put the files?
IT: just put them inside the folder that has the files of the main site, it doesn't matter.
P: we have some sub-domains that we do not use anymore, what do we do with them?
IT: just delete the files, don't bother with deleting the subdomain
P: we are having an event, what do we use to store user applications, we used google forms previously and it worked just fine.
IT: we will have the applications go to our mySQL database, but everything will be in one table so that it's more readable.
I mean I'm still a college student so there might be some deeper meaning to this, but still i can't look at this without my ocd getting the better of me.1
Anyone here familiar with nginx site configuration?
I'm trying to set up it so that my nginx server serves a static website on my domain, redirects users attempting to access via HTTP to HTTPS and proxies a locally hosted server to a subdomain.
At the moment I'm struggling with how I can make both work as you can only bind a port once.
If you know resources that could help me setting up the domains, I'd appreciate it very much.
Thanks in advance. ;)10
Can anyfuck tell me what the fuck I'm supposed to do?
So I installed gitlab, reachable under a subdomain (gitlab.example.com) behind apache2. everything works fine.
Now I see this bullshit in my logs, appearing EVERY GODFORSAKEN SECOND: https://gist.github.com/nitwhiz/...
I disabled the bundled nginx in the gitlab.rb and no, it's not "some nginx system service", I verified it is coming from gitlab and oh - btw - some weird svc logfuck runs even after gitlab is stopped! :)
No I won't try your random google result because I read all 3 tickets being at least half relevant to my situation as ANYFUCKER ON THIS PLANET seems to use the internal nginx.
Found an institutional coaching centre leaking 1000s of students personal data phone, photo, db, parents info, documents photo path, payment method(bank, check, card) etc. They 32567 rows. I'm trying to find the admin login page. It seems they have it on separate subdomain. I found student login and I can login as any student. I hate these institutes. Sent them emails days ago (29 sept) but no reply yet. What should I do?2
The company I work in recently made a subdomain where you need to figure out how to hack the page using a vulnerability they subtly put there. If u are successful u get an interview. I looked it over for fun and was able to do it. But since i already work there i was thinking of telling a friend id love to join us but was rejected a month ago when they interviewed him about how i did it so he can apply maybe they give him another chance. do you think I should do that?
Note that i referred him last month and hes a fresh grad with not much experience4
Just spent a week creating a distributed api architecture which I found out won't work due to a singular issue which can't be solved - not unless I hack stuff to a degree where I might as well write my own frameworks.
I've been aiming the user application's requests towards my wsgi, which based on a custom header will proxy it towards the correct api. Each customer base has their own api and dataset, but they all visit the same address.
I've handled CORS manually, just picking up when there's an options request, asserting the origin, then returning the correct headers. Cool everyone's happy. Turns out, socket.io includes session id and handshake info as part of their options preflight, which I can't pair with my api header (or cookie, for that matter) which means my wsgi doesn't know where to send it. You get a 400! You get a 400! You get a 401! </oprah>
So my option is to either roll my own sockets engine or just assign each api to a subdomain or give it some url prefix or something. Subdomains are probably pretty clean and tidy, but that doesn't change having to rewrite a bunch of stuff and the hours I spent staring at empty headers in options preflights.
At least this discussion saved me some time in trying to make it work. One of my bad habits is getting in those grooves of "but surely... what the hell, surely there's a way. There has to be"
I know , it is shared host, subdomain and all the little things you seem to find just not up to your hipster fucking standards but frankly if my require_once(__DIR__."/../blah/blah.php) fucking works then I think your pompous ass should stop trying to find shit starting at my neighbours website and telling me you can't find a class that is right there , next to you! Loook motherfucker ! Use your fucking eyes!
** PS will obviously still see if it is a config issue but right now just fuck it .
REQUIRE_ONCE FOR LIFE!
After 1 year decided to install Nextcloud on my Digital Ocean droplet under a subdomain. I'm happy with the results, and now I'm moving my Google Drive data (including contacts) to my Nextcloud instance.
Wish there is a Google Docs equivalent for Nextcloud I could install!.
I'm studying the chance to offer cloud space to my family for free too.3
I love doing multiple tech things. Development, Ops and security. Why can't people see this as tech experience and not individual subdomain experience. Why can't people switch jobs easily over Dev, Sec and Ops?
We need to create simple form for colection few particular people data for some bounty programme.
Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.
I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.
So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.
What I hear?
Oh... it makes it easy now.
My internal voice:
next time try to use brain....
I just spent half an hour trying to get nginx to serve owncloud on a subdomain. I read like 10 tutorials, copied shit from 20 different example configs, only to find out I didn't set the `root` location. FML1
Hey. I'm still very new to CloudFlare and I have a question.
Let's say that I have 4 sub domains: a.test.com, b.test.com, c.test.com, d.test.com. They're all under the same domain (test.com).
I have a page rule setup specifically for a.test.com, where "Disable security" is set to On. I did this as a temporary solution so that I can figure out the problems that a.test.com has when the security is enabled (had users complaints regarding not being able to send requests with CF security On), so that it is still accessible while I try to fix it..
By turning disabling security for a.test.com, do I put others (b, c, d) at risk? I had someone telling me that it is possible for attackers to make use of a.test.con (unprotected by CF) in order to attack the other sub-domains. "a.test.com has no protection so attackers can use it to send requests to other secured subdomains, cross-site attack" or something along that line.
I don't get this. I thought page rule is supposed to be active only for the domain where it's being set up and the rest will still be secured, and that if attacker manages to attack the other subdomain its due to the others not having secure applications inside of it.
Dunno if that person was telling the truth or tried to mess around with me with their joke!
Spent half a night figuring out, why all my links on my drupal website are located to weird subdomain after migration. Angry; at the morning I realised, that cache system completely gone weird and somehow pointed itself to completely different domain. Thanks drupal1
(relating the CMS of Doom™)
Imagine loading a shared CSS for your subdomain site from your main site via PHP over cURL and then embed it in a <style/> tag on every single damn request.
Guys, I have a question and I was wondering if you could help me here...
I was thinking, is there a way to have a user login, and behind the scenes it will take to its "website"?
I.e.: Lets say, I have something like wordpress but for each instance, should I deploy a subdomain or, can I create a single entry point and then route the user to its specific wordpress instance?
Can you advise? Suggestions?
Thank you in advance18
Was watching OITNB at home when boss called sounded urgent about SSL not working on one of our subdomains. We use a paid cloud app for some of our reports which. So the subdomain is a CNAME to the providers app subdomain. Recently there was an upgrade at our hosting but it shouldn't be related.
Boss: Hey, there is an error prompt when I visit our reporting site with https
Me: That's cos we never installed any SSL cert for that subdomain.
Boss: Well it worked before and you will need to get it fixed.
Me: Wait.. It worked before? How is that possible? We've never set it up and the subdomain is a CNAME pointing to another site which we don't own. The cert will have to load from their server and we have not done any setup with them.
Boss: I'm very sure it worked before the hosting upgrades. All along our customers has been accessing with https.
Me: Okay.... That's something new because and I am pretty SURE the last I checked, the app provider doesn't allow that yet.
* meanwhile I when to search the app provider docs and it says not able to support multiple SSL yet for CNAME
Me: Look, it says so here in the docs.
Boss: Ok, can you try to fix it as its important for the users to not see that error. It has been working all along.
Me: Hmmmm... I'll get back to you.
How do I fix something that didn't exist / broken?? How did it work before??
I know it can be possible to install the cert on the cloud provider end but we haven't done this before. And their support docs says feature not available yet.
Was it magic?? Am I missing something?? Anyway, I've sent an email to the provider's support team and telling them "it worked before"
Devs and security researchers out there!!
I had a doubt regarding subdomain takeover vulnerability.
How to find where a site is hosted on heroku or AWS or heroku or more?
I was trying to write a script for it.
Any expertise will be welcomed.2
Why the fuck does my subdomain work with https but my main domain returns an ssl error. Wouldnt nether work if the ssl was the issue
Its midnight I want to fucking sleep not deal with this shit. I'm probably doing something stupid but don't have the fucking experience to recognize what I'm doing wrong5
I need some help with parking a domain in ovh.com webhosting. It's a real pain in the ass so any input is strongly appreciated. I kinda figured out what todo already, but still need some clarification.
Normally after buying a webhosting all I would need to do is login to my domain registrar's website and in the control panel just change nameservers to webhosting nameservers and that's all. Webhosting provider would take care of the rest (subdomain creation, e-mail creation and etc.) But because OVH are assholes, they support this type of domain parking only for domains registered at OVH.
For external domains, procedure is as follows:
For the configuration to function, you will need to make the following adjustments with the current provider:
Insert a TXT record for the domain ovhcontrol.mydomain.com with the value jwyPolzgrZyIShzaQItqw
Point the A record of your domain mydomain.com to 22.214.171.124
Point the A record of your domain www.mydomain.com to 126.96.36.199
So basically I had to login to registrars cPanel and first of all I had to park my domain back to my registrar (I had to switch to default nameservers which are provided by domain registrar)
Only then I got advanced access to dns zone in order to add the required records above.
When I open my domain registrars dns zone cpanel this is what I see:
So basically, as I understand, I just need to add these required records like this?
Am I correct?
So basically my OVH webhosting doesn't deal with dns zone at all, I will have to use my own registrar for adding subdomains?
What about e-mail addresses? OVH doesnt allow me to create emailboxes for "externally" parked domain addresses. Will I have to search for some e-mail provider, and add some additional records?
Any input/help would be appreciated.1
Today I found a subdomain whose CNAME record points to some s3 bucket that doesn't exist but on opening that subdomain, it redirects me to some other s3 bucket that exists
can anybody shed some light on this?
PS: there are none other DNS records5