I recently found a proxy in my web files. Someone has been in my account without my permission and added a proxy. I always keep my username and password secure, and the only people I ever let in my ftp are programmers who I hire to do jobs for me. I am now going to be very careful with whoever I let into my account. Has anyone had any issues with programmers doing this to you before? I'm pretty pissed at the moment
I bet you are! Have a look at the file date - does that tie in with any work you had done? There's a chance, though, that the ftp tool preserved the file date and doesn't show the upload date.
I can't believe I didn't think of it. I deleted the whole directory after saw it. Does Cpanel save FTP logs?
I don't think so But I don't think there would be a high risk of this happening again as there are so many proxy sites around why would they need yours? Next time you are hiring consider the professionalism & attitude of the programmer... this is the kind of stunt a kid would try on, kids may be cheap but you get what you pay for!
I have only had one person on there recently, and he did a really good job, and it wasn't dirt cheap yet it wasn't expensive. He seemed quite proffesional though. As for why he wanted to use my site as a proxy, I think the reason was as his personal use proxy, and it was absolutley loaded with adsense ads. I just deleted nearly all the settings on my Cpanel, changed my password and left only one ftp open. I doubt I'll ever give anyone the same access again after that. I am about 80% sure I know who it was, however I am going to ask my host to help me get my ftp logs. It seems you can download them, however the username and password combo that cpanel tells me to use doesn't work
I hope that's not the attitude you spread on your forum. People outsource for 2 reasons 1. They can earn more doing something else 2. They don't have the skills to do the job I'd hate to think that the guy servicing my car thought that just because I don't do it myself that I deserve what's coming to me. I should be able to turn up when the job is done, pay my $ and drive away knowing that the job has been done to a satisfactory standard. I shouldn't have to check that he hasn't copied my keys so he can borrow my car whenever it suits him. Our work is no different - and is usually better paid.
Thanks Sarahk, I share that exact same view. It's if I pay someone good money to do a job that I don't know how to do, I expect them to do what there paid for, which is not taking advantage of my trust. Now that this issue is over and I have done a proper cleanout of my hosting account, I am going to just going to try to forget about it and be more cautious next time
I agree with the two people in this thread that know what professionalism is! What if I had surgery to remove an organ such as a gallbladder etc? I wouldn't expect to have to check and make sure I still had both kidneys when the doctor was done! After all I did fall asleep and allowed a skilled professional access to my whole system. I guess he is entitled to take everything he pleases to sell on the black market because well I didn't tell him he couldn't and I sure didn't secure all my organs before I passed out from the anesthesia!
unfortunately we live in a world where honest people are few and far between and it is very sad indeed. personally when a client hires me to do a job i try and to go above and beyond what they hire me to do that way i can secure a good relationship with the client and invoke return service if needed along with generating more clientle via word of mouth from one satisfied customer to another. if you treat your clients with respect and honesty, they're likely to come back to you when they need something else done. unfortunately not many people these days seem to grasp that concept.
I would also keep an eye on the account. Whilst the prime suspect is inevitably the programmer people do use backdoor methods to install scripts etc onto peoples webhosting and the programmer may be an innocent party in this.
Best thing is to make Temporary FTP account for programmers , when work is done , simply delete or deactivate em
I setup a temporary ftp for the programmer, and I deleted it right after the job was done. As for the backup, I forgot to do a complete backup, however I could recreate all the websites from the files on my computer if need be.
Update: NO-ONE ever do business with MALOID. He first setup a proxy, and now stole fifty bucks off me. He changed the paypal email address to his own, so he received fifty dollars for a payment that should have gone to me. I'm going to file a chargeback for the service he did. Maloid, if you are reading this, please own up and at least send me the fifty dollars that you took from me. I usually don't name and shame, but this is one dumbass who tried to take advantage of me
Just wanted to say that the proxy was already there when I got access to the FTP and the fifty dollars is a payment that I made to myself trough the paypal sandbox. I just forgot to change his email back after the test.
Highly unethical Maloid. You have a duty of care to do the work requested (and paid for directly as per your formal or informal contract) and nothing else.
Alright, I've talked to maloid. It is true that the transaction was just a test, however in analytics it showed up as a real transaction. Maloid leaving his email address could be an honest mistake. I have no idea how the proxy got there then. However with the payment + changed email + proxy + matching dates, it is easy to see how I jumped to conclusions on this. I'm sorry about having a go at Maloids reputation.