Evil client = Evil code

Events happening in the community are now at Drupal community events on www.drupal.org.
Posted by planetney on September 5, 2013 at 6:58pm

So it has been a year almost and this client will NOT PAY ME!

SO, he changed the FTP accounts and now is ignoring my calls and probably making money off the site, BUT he left the USER1 acct unchanged...

Any ideas???

ps- Keep in mind he can always ask the hosting company for a copy of the previous day mysql, but I think they only back up for up to 5 days.

Categories: ,

Comments

If you want to toy with him

Posted by jessehs on September 5, 2013 at 8:44pm

Try installing this Misery: https://drupal.org/project/misery

See how long it will take him to figure out why the site periodically messing things up... :-)

Muahahahahha!

Posted by planetney on September 5, 2013 at 9:33pm

Thank you!

If you can get in to user 1,

Posted by Garrett Albright on September 6, 2013 at 6:56am

If you can get in to user 1, you can execute PHP. If you can execute PHP, you still pwn the server.

The host backs up the database, but do they back up the files? Is there a repo elsewhere the client has access to?

Don't joke with a client that won't pay. Ruin their site to the greatest extent possible and ransom it back to them. Your contract did say that you own the code until it's paid off, right?

hmmm

Posted by planetney on September 6, 2013 at 2:42pm

The guy owns a mining company so he definitely has the money. We never signed a contract because I actually meet the guy and we just shook on it, never thought he would do me like this.
I have all the emails from him and his staff though, I even had to pay a guy to help me with openlayers and google maps integration. They are based in PERU. What could I do in terms of PHP? I do have access to user 1. Hosting company probably backs up data as well. I do not have ftp access anymore. Thank you guys!

Berne Convention

Posted by As If on September 6, 2013 at 7:58am

Actually, in the US and in any other country party to the Berne Convention, your original work remains your own until you have explicitly transferred copyright ownership to another party. In this sense, getting a signed contract is more important for the client than it is for the developer.

The right way

Posted by fuzzy76 on September 6, 2013 at 11:19am

Contact their hosting provider and notify them that the website is considered stolen code. Some providers (if given reasonable proof) might close the site down.

Hypothetically speaking...

Posted by griz on September 11, 2013 at 9:04pm

I think the first thing you (削除) should (削除ここまで) could do is create several backup users with the permission to administer permissions. Then when you are (削除) inevitably (削除ここまで) hypothetically locked out you can get back in. You might want to let the users sit unused for the five days it takes to get them into every last backup they have.

use the power of the php module!

Posted by bircher on October 8, 2013 at 11:53pm

Hello, so basically if you are still in control of uid 1 you can be evil and take the site offline so that only hacking the db will get it back. That will either mean to pay you or to hire someone with enough knowledge to fix it.

steps to site domination:

  • enable php.
  • create a new block or edit an existing one.
  • set the input filter to php
  • write:
    <?php
    if (time() >= 6daysfromnow) {
    die(
    "beware! the developer was not paid for creating this site!");
    }
    ?>
  • place the block somewhere
  • wait for the backups to incorporate the block of doom

of course you could add
&& $_GET['allow'] != "thesecretkey"
so that you will have easy access to the page to disable the block once you get your money...

this does not take a lot of creativity, but you see the general line of thoughts.
oh and yes I am happy php is not part of Drupal 8 any more...

Drupal for Evil

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /