How i was almost banned by medium

Listen to this article

I moved my personal blog (almost 3 years old) which only had a few articles to medium. Previously, i was self hosting it on my own VPS using a platform called Ghost. I used Ghost instead of Wordpress because of its simplistic nature. There was never too much junk and gave me just the right amout of control i needed. When i started doing this, i was still a research scholar at Madras Institute of Technology. I neither had a credit nor a debit card that allowed international transactions. But i had the Github student developer pack which gave me 100 dollars worth of digital ocean credit. I was using this and also jumping to some minor providers whenever i could. But it was a nightmare everytime though. I often failed to setup proper backups and what not. But i rarely wrote any articles. Hence this maintenance became quite cumbersome for me. Yesterday, i decided that it was about time to move it from vultr to medium. So i purchased the custom domain add-on service from medium and migrated all the articles. Medium staff were really supportive through the process. Its quite a simple process involving 3 steps basically.

  1. Migrate all stories from your blog into your publication

  2. Setup a CNAME for SSL certs to be generated

  3. Point a set of A records to your top level domain

  4. Optionally, Setup a CNAME redirect from WWW to root of your domain (Not an issue if you aren’t using the root of your domain)

Once you are done with the steps, it is propogated in a matter of few hours and your publication is live on a custom domain. I had some hiccups with the redirects from old url’s to medium urls. To be fair, medium only supports direct wordpress import. I think medium should release a custom format for import. This would allow developers to write converters from any platform. Since i was running Ghost, i had to export the Ghost json file and convert it into a wordpress export file in XML format and feed it into medium. I did not expect it to work flawlessly. I opened a ticket and sent them a csv filled with URL’s which required a 301 redirect and it was setup perfectly later.

But the weird part happened in between. I reached my apartment from work and decided to play around. Since i was using Cloudflare for my dns purposes and they had just released Cloudflare Apps to the public, I was a bit skeptic about even routing the medium publication through their CDN but i gave it a try anyway. Cloudflare Apps basically injects code into your website and serves the injected code. It was so cool looking since they had everything to fill the gap between medium and any other blogging platform with options ranging from social media icons, google maps embedding, injecting HTML / CSS code into any portion of your domain. The possibilities are limitless. For example, take a look at my blog right after DNS propogation was done.

Medium publication right after DNS propogationMedium publication right after DNS propogation

I basically included a github’s fork me style ribbon for linking to my Upwork profile and a handful of other plugins. Just take a look at the same page after using cloudflare apps.

Medium publication after cloudflare apps code injectionMedium publication after cloudflare apps code injection

Pretty cool right!! The possibilities were endless. They had around 20 plugins and i was playing around with all of them and tweaking the publication to style it to my needs. Medium’s security team shooted an email to my inbox. I have a screenshot of it.

Warning from Medium’s security teamWarning from Medium’s security team

This mail made be realize the lesson from web security 101 that i was actually injecting code into a third party service 😛. I immediately took it off Cloudflare’s CDN and cleared up all the apps though. When i discovered Cloudflare apps, i thought i hit the mother load. I was planning to write an article on medium and become really famous 😝. Since i know the minimalistic nature of Medium is a love and hate relationship for many developers atleast. I guess i got greedy and flew too close to the sun. But it was a cool experience though. I never do stuff like this. I am that guy who runs around internet to report a security issue as soon as it is reported. It was an interesting experience. I even posted this in twitter and got a reply out of Cloudflare 😃.

Had i not acted on their warning immediately, my domain and publication would be suspended by Medium by now. It was an interesting experience all along. Share your thoughts if you have gone through hiccups like this in Medium or elsewhere.

No Comments Yet