1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Should I give this guy access to my host account?

Discussion in 'Web Hosting' started by milton, Apr 20, 2011.

  1. milton

    milton Regular Member

    Joined:
    May 21, 2010
    Messages:
    271
    Likes Received:
    60
    I have a freelancer that developed a script (or sold it to me) and said if I give him my login credentials, he'll install it for me - no charge.

    Should I? I do run a few websites on that host...
     
  2. efwebs

    efwebs Regular Member

    Joined:
    Aug 9, 2010
    Messages:
    424
    Likes Received:
    137
    Home Page:
    would it work if you just gave him ftp access? you can limit access to certain folders I think.
     
  3. milton

    milton Regular Member

    Joined:
    May 21, 2010
    Messages:
    271
    Likes Received:
    60
    He needs to do some MySQL stuff, I think. I would prefer to limit his access.
     
  4. OscarTgrouch

    OscarTgrouch Newbie

    Joined:
    Jan 1, 2011
    Messages:
    26
    Likes Received:
    3
    Occupation:
    Merchant Processing
    If you can do it your self i say do it your self. Past there are a few questions to ask yourself. 1. Has this guy done anything that would make you not trust him? 2. What is the worse case scenario that could happen? Take the answers to those and weigh it against learning / doing it yourself.

    Personally I am a bit paranoid, but I also like doing things on my own as then I get to learn from it. Hope this helps at all but in all honesty you have to do what you feel comfortable with.
     
  5. milton

    milton Regular Member

    Joined:
    May 21, 2010
    Messages:
    271
    Likes Received:
    60
    I've been trying to do it on my own. Since he developed the script and requires using SQL and Facebook, I can't seem to get it to work. There's lots of little things that only he knows (developing it) that can make it work.
     
  6. browsing_hosts

    browsing_hosts Regular Member

    Joined:
    Nov 12, 2010
    Messages:
    360
    Likes Received:
    341
    Occupation:
    Student at Uni + IM on side
    Location:
    London
    It would be wise to give him limited access if you can via FTP folder permissions, ask him which folders he requires access to and for the mySQL you could always have him access it through a remote desktop connection from which you can override his controls if he goes over board and you can monitor what he doing to learn the shizz fo yo self cracker. LOL
     
  7. PigBenis

    PigBenis Junior Member

    Joined:
    Feb 25, 2009
    Messages:
    142
    Likes Received:
    32
    Do it yourself, plain and simple and if you don't know how then you should probably learn. Its all about developing your business as you learn. I wouldnt trust anyone but myself, heck even my wife doesn't know 99% of the sites I own.
     
  8. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,570
    Likes Received:
    1,016
    Location:
    ohio
    that's because your sites are about pig benises:D
     
  9. promosirupiah

    promosirupiah Junior Member

    Joined:
    Jul 11, 2010
    Messages:
    149
    Likes Received:
    33
    buy cheap hosting hostable only $0.99 for 3 years just for him. It'll be safer.
     
  10. digitzero

    digitzero Newbie

    Joined:
    Feb 11, 2010
    Messages:
    15
    Likes Received:
    2
    Like others said, do it yourself if you can. If not, BACKUP everything prior to giving him access.
     
  11. Virus1

    Virus1 Supreme Member

    Joined:
    Dec 13, 2010
    Messages:
    1,326
    Likes Received:
    1,409
    Occupation:
    destroyer of worlds...
    Location:
    Welcome to Black Hat World........................
    Home Page:
    if he wanted to do something malicious, he will have a very good chance
    of coding it into the script....
     
  12. OscarTgrouch

    OscarTgrouch Newbie

    Joined:
    Jan 1, 2011
    Messages:
    26
    Likes Received:
    3
    Occupation:
    Merchant Processing
    This is a very good point. It you don't really know how it is working and he wanted to do something there is a good chance it is already done.
     
  13. lodious

    lodious Newbie

    Joined:
    Jan 14, 2011
    Messages:
    30
    Likes Received:
    8
    Occupation:
    hi bluecollar technical
    Location:
    north america
    Simple.

    Access your host on your computer. Teamviewer portable on your desktop and his. Generate the access code on your teamviewer. Give him the number by phone, im or email. He accesses your host through your computer. One other note. I would install a desktop recorder and have it running on your computer during the session. With this method you don't have to give him ANY passwords. That plus you can see everything and also have it recorded. I would also spend a little time trying to understand the script so you can understand exactly what it is doing.
     
    • Thanks Thanks x 1
    Last edited: Jun 24, 2011
  14. KraftyKyle

    KraftyKyle Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Aug 13, 2008
    Messages:
    1,941
    Likes Received:
    4,609
    Gender:
    Male
    Location:
    Unknown
    Just by reading your title I would answer right away with NO!
     
  15. other_henry

    other_henry Junior Member

    Joined:
    Jun 1, 2011
    Messages:
    107
    Likes Received:
    19
    Occupation:
    Freelance coder, server guy
    Location:
    US
    If you are running multiple sites you should normally only have to give him access to 1 site, not root. (they all have different passwords I hope).

    Be sure to change the PWs after his work is done because email isn't secure.

    A rogue programmer could backdoor the code so you installing it without auditing it won't protect you much.
     
  16. bobspeed

    bobspeed Newbie

    Joined:
    Jun 27, 2011
    Messages:
    30
    Likes Received:
    3
    Do this - change your password. Then allow him access but follow what he does and expect him to finish promptly. After he does change your password back to what it was or something else so he can't get back in.

    There is a program I use called winmarge. It is for comparing files to see the difference. If you are worrying he will do something then you could make sure to have up to date copies of all your files on your hosting account then use winmerge or similar program to compare and see if he added anything.

    Another way to check if any file are changed is to use your ftp program and sort by file date. If any files are changed then they will have a new date. A date that should not have been changed. Example - if you uploaded files to a certain web site then those files should not have a date newer then the last upload you did. If any of them have new dates then use the winmerge program to check them. Or you can just find files with changed dates and re-upload your copies being kept on your personal computer up to the web server over writing any possible changes.

    You do have copies of all files right?

    bob

    ###
     
  17. infogeek

    infogeek Registered Member

    Joined:
    Jul 31, 2010
    Messages:
    61
    Likes Received:
    3
    dont do it.. its a trap!
     
  18. fizzik

    fizzik Registered Member

    Joined:
    Apr 26, 2010
    Messages:
    53
    Likes Received:
    15
    Location:
    .au
    Seriously i would not give him access. However you should say to him you want instructions (detailed) on how to install it. There's no point him knowing little "tips and secrets" about how to do it. YOU paid for it, YOU get what you paid for.

    no axx for him!!