I just bought a script from a developer who has a bit of a shady reputation. I have bought an MLM script, and I have used this developer before for his off the shelf scripts as they are perfect for my specific needs. First off, I need to tell you that in my time i have personally installed hundreds of different scripts, and i know what i am doing as far as getting them up and running. However, twice in the past I have bought this guys scripts and both time I could not install for some reason... The CSS does not seem to render and looks terrible. And both times in the past the script has received intrusions where money has attempted to be stolen, although i manually check everything and have managed to catch them all. I however received an email from someone else using the script who told me that the developer which offers free installation sets up the script so nobody can install it correctly... maybe they corrupt the CSS file or whatever, but they do this deliberately so that in the end you have to give them server access. They then do something to your server that allows them to get access later and create member accounts with deposits that they then withdraw. Now I feel that this may have some weight, because yet again I have failed to be able to install this script, and i can't check the files because they are 100% ioncubed ... even the CSS file (bizarrely)... Who encrypts the css files?????? They are hardly core files. This raises my suspicions further. So I am in a bit of a dilemma... I can't see how I can get over this without once again handing them access to my server. The script is bound to a single domain, so it's not like I can get them to upload it on another domain and then back up the files and powergrep them onto a new domain. Total encryption with a domain license callback. So I think I am screwed here.... But what I would like to know is there any software i can install to the server that will let me know exactly what this developer gets up to while he has access.... such as setting up some sort of backdoor to the server, or some form of remote database entry setup.??? Or am I looking at it a bit complex?... I thought about the server logs, but do internal server adjustments get logged there? But if they did, wouldn't the developer have the savvy to delete the latest logs anyway? That is why i am favouring monitoring software to watch him at work. Any advice appreciated.
Do you own the server, or is it shared hosting? If it is shared hosting, you may have a very difficult time monitoring what he does. If you are using a hosting company, like Hostgator, BlueHost, etc.., call their tech support and see what options they offer. You could ask him to use a program like Teamviewer and allow you to watch as he works on your server.
Yep, teamviewer may allow you to watch what he's doing, but I have to ask the question - why are you purchasing from him if you don't trust him or his scripts? Surely nothing is more important than the security and integrity of your server and this just doesn't seem worth it.