dumb_question Posted December 22, 2005 Share Posted December 22, 2005 Hi everyone! I had hired a freelance programmer to do some work on my oscommerce based site off a freelance site. the guy did a poor job, took too long and then left leaving the site with bugs and incomplete. I gave him a poor review. This enraged him....he crashed my 4 sites...he had access to some of the passwords. He is threatening that he will never let me run the site. I am based in US. Can someone tell me what I need to do. Do I need to inform police or some other agency? the programmer is from India. Thanks Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 22, 2005 Share Posted December 22, 2005 Change all of your passwords. There is probably not much you can do after that. I suppose that if you can show the work was not as agreed and you paid by credit card, you could file a claim to get the money refunded to you. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
GraphicsGuy Posted December 22, 2005 Share Posted December 22, 2005 Since the programmer is in another country, I'm not sure the police can do much. If it was a forum member, I would suggest reporting him to the forum moderators. First and most important is that you need to change all your passwords although it also very likely that he installed back doors so that he can get in even if you do. Sadly, what you really need to do is set up new clean installs of the stores and rebuild them without using any of his work. Then reload your products. (be sure to back up your databases before taking down the old sites so that you can restore your products, customers etc). If that is not an option then you could find a more reliable programmer to use a code comparison tool to go through the sites file by file comparing them to default osc and making sure that nay differences are not back door codes. But from what you said about his work, it doesn't sound to me like it is worth that expense. You would be better off starting over. Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
dumb_question Posted December 22, 2005 Author Share Posted December 22, 2005 If that is not an option then you could find a more reliable programmer to use a code comparison tool to go through the sites file by file comparing them to default osc and making sure that nay differences are not back door codes. But from what you said about his work, it doesn't sound to me like it is worth that expense. You would be better off starting over. He is good...but very busy ...........he knows oscommerce very well--..he couldnt remove a bug on the site...that frustrated him....at that point he told me he will not continue...... My question was more from legal point of view...i am a legitimate US business...i had customer information in the database..which he can exploit( dont store any financial information though) I am sure there is some agency which handles such issues. Link to comment Share on other sites More sharing options...
GraphicsGuy Posted December 22, 2005 Share Posted December 22, 2005 He is good...but very busy ...........he knows oscommerce very well--..he couldnt remove a bug on the site...that frustrated him....at that point he told me he will not continue...... My question was more from legal point of view...i am a legitimate US business...i had customer information in the database..which he can exploit( dont store any financial information though) I am sure there is some agency which handles such issues. When it comes to cyber crimes performed from outside the US, the FBI might be willing to take a report, but unless you are a Fortune 500 company, I wouldn't expect it to get much action. They have no jurisdiction in India and the crime involved is of a small enough scale (no offense intended, just reality in the grand scheme of international crime) that they wouldn't pursue it through diplomatic channels. I understand your desire to take legal action. But realistically, aside from the recomendation to try to reverse any credit card charges for the work, there isn't much you can do. In my opinion, the more important focus at this point is to secure your stores so that he can't get in. Keeping in mind that if he is unethical enough to do what he has already done, he likely installed back door code. So changing your passwords isn't going to keep him out, although you should still do that in the interim. Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
kwalker Posted December 22, 2005 Share Posted December 22, 2005 I would at least see if my hosting company could give me a backup of my sites. If they do it,,, strip your images and databases from them. Then I would start over with a new server, one he has never had access to. I wouldn't use the same server anymore. If you can't get a backup of your files, oh well..... simply start over,,, again, on a server he has never had access to. At least try to get your database and images... The other stuff is mainly a matter of compiling it back again. For the Record:... ALWAYS HAVE A BACKUP OF YOUR DATA.... AND DEFINITELY WHEN YOU ALLOW STRANGERS TO WORK ON IT! What will you do (GOD forbid) if they killed-over? BACKUP - BACKUP - BACKUP Kevin "What I didn't know yesterday, I know today & will remember tomorrow" (By Kwalker) What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download? Link to comment Share on other sites More sharing options...
Cameo1968 Posted December 22, 2005 Share Posted December 22, 2005 Man I'm sorry to hear about this. Stuff like this isn't cool! Hope things work out for ya! Link to comment Share on other sites More sharing options...
ozcsys Posted December 23, 2005 Share Posted December 23, 2005 If you hired him off a freelance site I would also report him and forward the emails he sent to you. They should at least close his account on the site. The Knowledge Base is a wonderful thing. Do you have a problem? Have you checked out Common Problems? There are many very useful osC Contributions Are you having trouble with a installed contribution? Have you checked out the support thread found Here BACKUP BACKUP BACKUP!!! You did backup, right?? Link to comment Share on other sites More sharing options...
dumb_question Posted December 24, 2005 Author Share Posted December 24, 2005 If you hired him off a freelance site I would also report him and forward the emails he sent to you. They should at least close his account on the site. did that....they suspended him immediately. Link to comment Share on other sites More sharing options...
dumb_question Posted December 24, 2005 Author Share Posted December 24, 2005 Yes ...had the back up...but it is relatively old....called(15 times) the host(ipowerweb)...to have them upload the site backup...but no response...level one tech said i would get the email from "professinal services" but..havent heard from them yet. My site site was totally down for two days but they wouldnt care. Ipowerweb is a disaster. Their servers crash frequently . last week their servers were down for 14 hours at a strectch and that was the 3rd such episode in last 2 months that I know of. I was thinking of switching but this episode has made me consider it without any wait. Can someone recommend a good dependable hosting service. is there any relatively impartial site that compares different companies? I would at least see if my hosting company could give me a backup of my sites. If they do it,,, strip your images and databases from them. Then I would start over with a new server, one he has never had access to. I wouldn't use the same server anymore. If you can't get a backup of your files, oh well..... simply start over,,, again, on a server he has never had access to. At least try to get your database and images... The other stuff is mainly a matter of compiling it back again. For the Record:... ALWAYS HAVE A BACKUP OF YOUR DATA.... AND DEFINITELY WHEN YOU ALLOW STRANGERS TO WORK ON IT! What will you do (GOD forbid) if they killed-over? BACKUP - BACKUP - BACKUP Kevin Link to comment Share on other sites More sharing options...
dumb_question Posted December 24, 2005 Author Share Posted December 24, 2005 When it comes to cyber crimes performed from outside the US, the FBI might be willing to take a report, but unless you are a Fortune 500 company, I wouldn't expect it to get much action. They have no jurisdiction in India and the crime involved is of a small enough scale (no offense intended, just reality in the grand scheme of international crime) that they wouldn't pursue it through diplomatic channels. approached some authorities with success . dont want to spill beans here. All i can say is that he is being watched. Link to comment Share on other sites More sharing options...
GraphicsGuy Posted December 24, 2005 Share Posted December 24, 2005 approached some authorities with success . dont want to spill beans here. All i can say is that he is being watched. Great! Hope they bust him. Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
♥Vger Posted December 24, 2005 Share Posted December 24, 2005 approached some authorities with success . dont want to spill beans here. All i can say is that he is being watched. If he is, as you have said, based in India - move on, get a new site and don't waste any more time on it. Sadly if you go for the "lowest bid gets the job" approach then it's almost always going to be some 'wannabee' from India or Asia - because $50 in India or Asia buys a whole lot more than it does in the west. Vger Link to comment Share on other sites More sharing options...
GraphicsGuy Posted December 24, 2005 Share Posted December 24, 2005 approached some authorities with success . dont want to spill beans here. All i can say is that he is being watched. I was talking with a friend who works in the FBI offices in Los Angeles and mentioned this. In short, he said unless he is already currently under investigation for high profile hacking activities, don't hold your breath. It's not that they don't care about "little guys" like us. It's just that there are many thousands of hackers and unless one poses a credible threat to hgih risk data (i.e. banking, insurance, govt., etc.) they can't dedicate the extensive resources needed to deal with an international offender. Like Vger said, the best thing to do is focus your efferts on getting your sites back up. Sounds like you are changing hosts, that is good. Also, be sure that any file backups used to restore the sites predate his access to your server. Otherwise, he may still have access via a backdoor. Afaik, current database backups should be fine unless your admin is secured by a method that stores passwords in the database. In that case you can still use the database, but you should make sure that all passwords are removed and new strong passwords entered. (someone correct me if I'm wrong about the database backups not being potentially dangerous) Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
dumb_question Posted December 25, 2005 Author Share Posted December 25, 2005 Site is back up and running. It is just that iopwerweb is extremely slow. Otherwise it wouldnt have an issue at all. I appreciate everyone for their support. I was talking with a friend who works in the FBI offices in Los Angeles and mentioned this. In short, he said unless he is already currently under investigation for high profile hacking activities, don't hold your breath. It's not that they don't care about "little guys" like us. It's just that there are many thousands of hackers and unless one poses a credible threat to hgih risk data (i.e. banking, insurance, govt., etc.) they can't dedicate the extensive resources needed to deal with an international offender. Like Vger said, the best thing to do is focus your efferts on getting your sites back up. Sounds like you are changing hosts, that is good. Also, be sure that any file backups used to restore the sites predate his access to your server. Otherwise, he may still have access via a backdoor. Afaik, current database backups should be fine unless your admin is secured by a method that stores passwords in the database. In that case you can still use the database, but you should make sure that all passwords are removed and new strong passwords entered. (someone correct me if I'm wrong about the database backups not being potentially dangerous) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.