Quote:
Originally Posted by TripleXPrint
A guy who designed a couple websites for me is having some health issues so he provided all my website files and databases. I uploaded them perfectly fine with the help of a a new developer. The new developer pointed out a file buried deep in a folder called self_destruct.php. We can't open or delete it, says we don't have permission. When you visit the link directly, you're prompted for a user/pass.
I called the original developer and he said it's a kill switch he puts into every one of his websites. If the client doesn't pay or they try to resell the website, he runs that script and it deletes the database and some key config files. WTF!?!? I mean he's cool, we never had a problem. But knowing some dude could have gotten fucked up one night and totally destroy my website was pretty scary.
GFY webheads...is this even possible or is he bullshitting me? Is it a common practice? It makes sense.
|
It's called insurance. If this guy is a real developer then chances are he wants to be paid... and chances are he's gotten screwed over enough times, which led him to such measures.
Quote:
Originally Posted by KlenTelaris
Bullshit how it cant be deleted,maybe over ftp cant but over ssh with root access you can.
|
This. root trumps all
Quote:
Originally Posted by plsureking
its definitely possible and i've added kill files myself. there's a lot of shady scumbags in online adult. mine dont delete everything - as that is stupid - it just puts the site into maintenance mode.
ya as signupdamnit said, just block access to the file thru htaccess if u cant delete it. and if u cant delete it you should figure out why you dont have root access to your own servers.
|
exactly.
Quote:
Originally Posted by adp
Try uploading everything onto a different server without the self destruct file to make sure it all functions right. If it were me I'd probably pay another developer to go through everything else to ensure that "self_destruct.php" isn't just a decoy and the real one is still there hidden under a different name. Sounds like some shady shit and I don't understand why you wouldn't have looked at the files in the first place and already seen it?
|
Quote:
Originally Posted by k0nr4d
there is so much wrong with that I don't know where to start. Another big concern is the fact there is now a huge backdoor that ANYONE can use to crash your whole site, and most people have at least weekly backups anyways so what the hell good does it do him when people will just restore from backup and still have the site anyways?
|
He's probably not expecting his average customers to go through and inspect all of the files. I'm pretty sure 99% of them don't. It's an easy to remember file for him to wreck havoc on scumbags.
And, what is wrong with this exactly? If he has a reputation and wants to keep it, he'd never do something to intentionally harm a client. And instead of blaming the developer, why not blame all the scumbag fucking crooks out there that make such measures necessary?
Personally, when I take on a 3rd party client, I find it easier to keep all work hosted and in my control until completed. Show the client a fully working demo and let him play around inside the backend with a non super user account. Then once in agreement regarding the end product, I receive payment first then transfer files. I also tell clients this up front so as not to give some loser a way to try and sue me because he's a dirtbag.
Anyway, don't blame the dev, especially if he's legit and has a good reputation in his field. Blame your scum peers in this industry (and others) for making such things necessary.