SitePoint Sponsor

User Tag List

Results 1 to 20 of 20

Thread: hack question!

  1. #1
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    hack question!

    hi!
    i have a malicious question for u!
    ive a client wich have his own ftp access to his server etc!
    ive made a website which is not yet onto this server!
    but it will be for few days!
    now...
    when he put the website on his server and i havent access to it...
    how is possible to make some timer to block the website if he dont pay me!
    what i can put into my code!
    any suggestion?
    thanx in advance!

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    You could put an access key in the database table that if not validated in 30 days will dissallow access to the site.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    Ribbit... Eric.Coleman's Avatar
    Join Date
    Jun 2001
    Location
    In your basement
    Posts
    1,268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    don't give it to him until your payed!!

    It could mean trouble if you put some type of "backdoor" or expiration in to the web site... not sure.

    - Eric
    Eric Coleman
    We're consentratin' on fallin' apart
    We were contenders, now throwin' the fight
    I just wanna believe, I just wanna believe in us

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its a big company...
    and they will pay me but it will be when they want and not soon!!!
    so i thought to disable the site in a mounth and they have to pay me then couse i wont restore the site if not!!!
    i know that is workaround speculation but....
    i thought about to make some code that put random numbers or letters around the website so it become a mess...
    but they could not be able to know what produce that mess so i come and restore
    i thought about link to php ini and get the error setup e_all e_notice etc and then put into a timer so if the php ini setup is e_all or e_notice_all or something it do some mess into the site without their suspect ( couse its a configuration problem )
    any suggestion about it!!!
    thanx in advance!

  5. #5
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    No harm in covering your back!

    Rewrite the php.ini using fopen,fwrite etc......
    (just remember to have a backup or restore function!)
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  6. #6
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how to find in which directory is php.ini on their server?
    i thout to write a function and code it with mycrypt then store into database.
    then eval the function into the script with a timer.
    then link the stored function with a lot key variable on the site so they if want delete the stored function the site crash!

  7. #7
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    doesn't php_info tell you?
    (that is a question as well as a suggestion!)
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  8. #8
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you very much!!!!!

  9. #9
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    any idea how to match the value of error setup in php ini?

  10. #10
    Geek of all trades ... GORF's Avatar
    Join Date
    Oct 2004
    Location
    New England
    Posts
    194
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    reminder,

    What language is the site in?
    Is there a database behind it?


    Try a small (external) JavaScript function called on each page.
    The script would be a countdown timer and, using an IF statement, would check to see if time has expired.

    If not expired, then display the page.
    If expired, redirect to a "The evaluation period for this site is past" page.
    http://www.tonsofwebsites.com Hosting Tons of Websites for years
    http://www.cpanelbuys.com Buying cPanel hosting companies
    http://www.namesvibe.com Cheap domains - Good vibes!

  11. #11
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sure then come a programmer and delete the javascript!
    i want make some security expire code!!!!
    which involve the php.ini
    they have to understand that there's no joking grrrr

  12. #12
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by reminder
    any idea how to match the value of error setup in php ini?
    No but I will look into it!

    Just thinking, if you make it look like a site/server/coding error instead of an actual "Pay me now or I close the site" notice, it might reflect badly on you as a programmer leading them to think, "I'm glad we didn't pay for this cos it doesn't work anyway....!"

    Just a thought

    SpikeZ
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  13. #13
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    np!
    they payed me last time 300 euro minus of the sum we accorded!
    so if they want pay me then they have to pay someone!!!
    thats my concept...
    if we all have to pay then THEY HAVE TO PAY TOO!!!

  14. #14
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    ahh, in that case why not just replace their php.ini file with one of your own!!!!
    (complete with nice polite message of course!)


    NOTE: Although I don't condone the use of such tactics, neither do I condemn them. In certain circumstances action should be taken to inconvenience clients who refuse to pay for services you have provided. Such action should cause annoyance and irritation to the person/company but not cause lasting damage to their business.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  15. #15
    SitePoint Guru toasti's Avatar
    Join Date
    Feb 2004
    Location
    Grahamstown
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just a thought, but seriously, what are the chances that they will enable any php script to a write privaledges to php.ini on the server..?

    If you are so worried, why dont you write a php scipt which will delete all the files if you dont get paid by a certain date? Of course again, the site shouldnt be set up to enable this either...

    Also, dont forget that you need to be able to switch this timer off if they do pay, cause otherwise they gonna be really pissed off when the site they just paid for defaces for no reason!

    ..or. what might be quite a nice idea would be, on the expiration date, make a backup .sql file of the database, e-mail it to yourself, and then just delete all the data from their database....

    knowledge is power, and so is information!

    ...but seriously. you might have more luck if you just do a good job and ask them nicely..and it would probibly be easier (althought maybe not as much fun), and much better for your reputation as a web developer (if you want to follow that prospect).

  16. #16
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    There is of course another course of action:
    allow them to have the site on their server, if they use it and utilise it in the way that it was designed for and still don't pay you, take them and the contract (which I hope you have) to the small claims court. I don't know which country you are in but there should be something similar.

    If they are a big company, they probably won't want the bad press that could be generated.....

    Off Topic:


    woo hoo
    400 posts in 3 months!

    I need to get out more..
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  17. #17
    SitePoint Addict markchivs's Avatar
    Join Date
    Oct 2004
    Location
    Malvern Hills, UK
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey reminder M8

    Why are you even thinking about this???? You are a professional freelance programmer my friend. You will gain absolutely nothing by trying to ruin your clients business because they fail to pay on time. It will just give you a bad reputation as an untrustworthy freelancer. Forget this maddness and go through the proper channels m8.

    If this client doesn't pay you I suggest you get legal advice from someone who knows.

    I recommend that for future clients you get payments at certain stages of the development. Do you not have some kind of contract with them? Especially if they are a big company I would of thought they would want to guarantee you deliver?
    Last edited by markchivs; Nov 23, 2004 at 06:43.



  18. #18
    SitePoint Addict
    Join Date
    Feb 2004
    Location
    belfast
    Posts
    386
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Or even better - just tell them that you are setting the site up for evaluation purposes only ... and once the final amount has been settled you will sign the site over to them.

    You have to remember ... all content - everything you produce ... belongs to you ... you have the copy right on the content. If they dont pay then you can as their ISP to remove the content. If its their own server then you must tell them that you are uploading it for evaluation purposes only ... and once they are happy with everything and have paid for it then you must get them to sign off on it.

    When uploading make sure to specify that it is NOT FOR PRODUCTION PURPOSES, that way if they dont pay you can login and remove it. Also stating this means that if they try to say - oh, your hurting our online business - you can say - NO, this version of the site was for evaluation only and not for production.

    Some extra reading here

    Hope this helps,

    Ronan

  19. #19
    Non-Member redhits's Avatar
    Join Date
    May 2004
    Location
    Romania
    Posts
    301
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Why not external page?

    Why you don't create an external page like
    http://redhits.com/key.php?ID=clientid


    and put some text there like 1 for OK , and 0 if he will not pay you


    then do this :

    $handler=fopen($url,'r');
    $value=trim($fgets($handler,1985));
    fclose($handler);
    if($value==1){

    ?>show the website <?
    } else {
    ?> <h1>Pay me!</h2><?

    }
    You could do this to all the pages... you can even hide things like this ... like don't put there payme ... just leave it blank or do a header(404 code);
    try to be smart...

  20. #20
    SitePoint Addict shrikie's Avatar
    Join Date
    Dec 2002
    Location
    Hyperion
    Posts
    234
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes and then encrypt that part


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •