SitePoint Sponsor

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 57
  1. #1
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Deadbeat Clients - Valid Way to Prevent Them from Stealing Pages?

    I'm having an issue with a client who is 9+ months past due on paying me for adding some pages to his web site (he did pay me for the original work). I explained that I own the additional pages (my work product) until he pays in full. After his missed his final deadline (and my patience ran dry), I temporarily removed the pages, and added entries in .htaccess to redirect requests to those pages to an "unavailable - contact [client's e-mail address] for more info" page.

    However, if he's got backups of those pages and figures out what's going on in the .htaccess file (or finds someone to help him), there's nothing to prevent him from simply uploading the pages and clearing the redirects from .htaccess.

    So this got me thinking - how can I maintain more control in the future with new clients? Having a solid legal contract is a must so I can establish legal grounds for removing unpaid-for content. But a deadbeat client could just ignore my contractual rights and put his own content back. So here's my idea - I'd like to hear opinions (both legal and technical) on whether this would work and if there are any flaws in my thinking...

    Keep the stylesheet on a server *I* control rather than with the rest of the files on the client's server. Use fully qualified server/pathnames on all asset references (images, etc.) so that the web pages render properly.

    If I find myself in a situation with a client who refuses to pay, all I need to do is this:

    html {
    display: none;
    }

    It's unlikely that any of my clients would be making his own backups of all content, so by the time I had to implement this, it would be too late for him. I suppose a more tech-savvy client could try to do a view-source on the html/php, trace back to the css file, and figure out what's going on. If I remove all other css code except the 'html' selector, though, even seeing the file wouldn't help him. He could also just remove the "<link rel=stylesheet..." line and get the raw content to render, but it's not going to look very good.

    I'm not trying to be evil here, or hurt my clients in any way. I'm just try to protect my rights and my "property" until it's paid for.

    So what do you think? Would this be a legitimate way to do things?

    Thanks!

  2. #2
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,067
    Mentioned
    153 Post(s)
    Tagged
    2 Thread(s)
    I don't know about legally, but technically it doesn't work.
    All they have to do is load their own stylesheet with body { display: block; } after yours and the website is visible again.
    Rémon - Hosting Advisor

    SitePoint forums will switch to Discourse soon! Make sure you're ready for it!

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  3. #3
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ScallioXTX View Post
    All they have to do is load their own stylesheet with body { display: block; } after yours and the website is visible again.
    Ah, yes, but the client would have to be savvy enough to know that. My proposed method isn't going to stop (or maybe even slow down) a web coding jockey. The intent is just to make things more difficult and time intensive for deadbeat clients (who wouldn't need me if they understood web coding) than simply uploading files from a backup set.

  4. #4
    SitePoint Zealot TexasBob's Avatar
    Join Date
    Jan 2011
    Location
    Fredericksburg, TX
    Posts
    118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A contract that allows you to collect fees associated with collecting their debt would probably be the better thing. When it reaches a certain point, it is fraud and theft and you need to just get a lawyer.

    However, If you are working with pages that are rendered through PHP, it should be easy enough to write something to kill the page, such that you simply hit html://site.com/index.php?turnThatCrapOff=1 and it does something to nix the functionality such as switch out the css files or something of that sort.

  5. #5
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2004
    Location
    UK
    Posts
    2,673
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    Personally I wouldn't disable those pages. They'll just hire someone else to sort it out and you'll definitely not get paid, plus you'll probably be liable for legal action by making changes to their site without their permission (regardless of what you put in your contract, it doesn't trump existing laws).

    So, first off, don't let unpaid bills go on for 9 months, that's way too long. Have a defined procedure for bill payments and stick to it.

    Put the pages back online. Send them a final reminder by registered post, give them 14 days to pay in full and tell them if they don't pay there will be no more reminder and you'll file in the small claims court.

    If they don't pay after those 14 days, go to small claims, win, and then get the debt collectors on them.

    Of course, it may not be worth it, depending on the sums involved. If so, lesson learnt - get upfront payments where possible, otherwise develop a proper net 30 payment system, and best of all, try to spot deadbeats before taking them on as clients (that's the tricky one).

  6. #6
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TexasBob View Post
    However, If you are working with pages that are rendered through PHP, it should be easy enough to write something to kill the page, such that you simply hit html://site.com/index.php?turnThatCrapOff=1 and it does something to nix the functionality such as switch out the css files or something of that sort.
    I know just enough PHP to be dangerous. Is there a PHP pro here who can provide some working code based on TexasBob's suggestion?

  7. #7
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by shadowbox View Post
    Personally I wouldn't disable those pages. They'll just hire someone else to sort it out and you'll definitely not get paid, plus you'll probably be liable for legal action by making changes to their site without their permission (regardless of what you put in your contract, it doesn't trump existing laws).
    If my client doesn't have the funds to pay me, he may have trouble finding someone else to do the work. He might get lucky with his neighbor's dentist's kid, or he could end up with his site even worse off.

    Regarding liability for legal action, I have a clause in my contract that essentially says, "I own everything and retain full rights to it until you pay me in full. If you don't pay me as per the terms of this contract, I have the right to temporarily disable the stuff you haven't paid for, and you hereby waive all rights to collect damages of any kind that may result from the removal of content." Sure, a good lawyer could challenge that, but I think it gives me a pretty solid legal foundation to stand on.

    Quote Originally Posted by shadowbox View Post
    So, first off, don't let unpaid bills go on for 9 months, that's way too long. Have a defined procedure for bill payments and stick to it.
    Yup. Lesson learned. I did start pushing aggressively to get paid when things were 60-90 days late. The client promised things and delayed, saying he was expecting a big deal to come through soon and then he could pay me. I realize now he was just trying to get away with not paying me for as long as possible. I suggested he do that with his mortgage company and see what happens.

    Quote Originally Posted by shadowbox View Post
    Put the pages back online. Send them a final reminder by registered post, give them 14 days to pay in full and tell them if they don't pay there will be no more reminder and you'll file in the small claims court.

    If they don't pay after those 14 days, go to small claims, win, and then get the debt collectors on them.

    Of course, it may not be worth it, depending on the sums involved. If so, lesson learnt - get upfront payments where possible, otherwise develop a proper net 30 payment system, and best of all, try to spot deadbeats before taking them on as clients (that's the tricky one).
    I did send a final reminder back in September, and we worked out a payment plan (because I knew there was no way he was going to pay me in full). He did pay half the outstanding balance in December and was supposed to pay the other have by the end of January. I did politely threaten to use the small claims court process, but I don't think it scared him too much. I have a trail of e-mail evidence clearly showing the client's acknowledgment of the debt and his promise to pay. I'm pretty sure I would win in court, but the collecting part is the problem. If he had the resources, I do think he would pay me. But his company is in trouble, and I don't think a judgment against him would bother him. A collection agency would do a good job harassing him, but I doubt they'd ever collect.

    I am learning a lot from this experience, and am making changes. Now, I don't start any project before I get a 50% deposit up front. I've got a net 30 payment system in place, with proper finance charges for late payments. And I'm trying to do a better job at getting well-funded clients who have adequate budgets for the projects they hire me to do.

    I guess the gist of my original post is finding a way to "enforce" in a technical way my "property rights" namely that I own the web pages I produce until the client pays me for them. Car dealers / finance companies can repossess a car, and mortgage lenders / banks can foreclose and repossess a house. I'm looking for a way for web designers / developers to repossess a web site!

  8. #8
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2004
    Location
    UK
    Posts
    2,673
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    The thing is, when they repossess a car or house, it's a 'thing' they can sell and get money for to pay the debt. Repossessing pages of a web site is a waste of time in that sense, because you'll not be able to sell them.

    I guess this is all about 'sending a message' of intent to the client. However one thing needs addressing - do you host the web site on your own server? If not, did you use the client's own FTP details to access their server (or a server they pay a third party for)?

    If so, that IMO is incredibly dodgy ground to be treading, regardless of what your contract says. Going back to your analogy, houses get 'repossessed' after a judge issues a court order; what you don't want to do is put the pages on the client's property (the site), then 'break in' and steal them back. So to speak.

    IMO, once you've handed stuff over to the client, you just don't have the right to take it away without a court saying so - your contract doesn't trump the law of the land This is why you should pursue the 'debt' in the correct, legal manner. In fact, even if you host the site itself, I'm not sure what the legalities are of you entering the client's server space without their permission.

  9. #9
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @shadowbox - Good points and good analogy. My client does host with a third party, although I have access via FTP. So I guess it's more like I've sold him a TV that he failed to pay for. I can't break into his house to repossess it.

    An attorney friend suggested that I go ahead a file a complaint in small claims court, if for no other reason than to "be first" in case my client tries to sue me. If I've already got a complaint on file, his suit may look more vindictive than legitimate to a judge.

  10. #10
    Life is short. Be happy today! silver trophybronze trophy Sagewing's Avatar
    Join Date
    Apr 2003
    Location
    Denver, Phang-Nga, Thailand
    Posts
    4,379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think you are going about it in the wrong way. You are investing time and energy into protecting this content, but you would be better off investing time and energy into preventing this problem in the first place.

    Look for ways to build your business and your reputation so that the quality of your clients improves. Over time, you'll have fewer deadbeat clients and won't worry about this kind of stuff.

    Meanwhile, don't engage in legal bickering as it can be time consuming. Just send invoices and document everything then take the client to small claims or sell off the debt. Take what comes and concentrate on the future.
    The fewer our wants, the nearer we resemble the gods. — Socrates

    SAGEWING LLC - QUALITY WEB AND MOBILE APPS. PREMIUM OUTSOURCING SERVICES.
    Twitter | LinkedIn | Facebook | Google+

  11. #11
    SitePoint Member
    Join Date
    Oct 2009
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by njwebwiz View Post
    I know just enough PHP to be dangerous. Is there a PHP pro here who can provide some working code based on TexasBob's suggestion?
    PHP Code:
    if(isset($_GET['turnThatCrapOff']) && $_GET['turnThatCrapOff'] == 1) {
        
    file_put_contents('stolenpage.php','');

    Checks if that get variable is set. If it is and the value is 1 then it'll rewrite stolenpage.php to have no content.

    I seriously do not recommend using any code like this anywhere. It's far too easy for any monkey to adjust the URL and get the page/s wiped. A proper authentication system might work - but as others have said; spend the time on prevention rather than cure.

    Plus that code above is pretty ******, it's just a quick "would do the job". But hey, if you've got clients who don't pay they deserve ****** code.

  12. #12
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2004
    Location
    UK
    Posts
    2,673
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    Actually, this does raise interesting points, and its not the first time the idea of removing content has come up.

    While the client has broken a contract, which is a civil issue, the developer here has, at a stretch, possibly committed a criminal act. He has on this occasion, accessed the client's site without the client's specific permission and while there, removed content and replaced it with different content. In the UK at least, this may fall under 'computer hacking' legislation. I know in the US there are similar laws.

    Unlikely to ever come to this, but it's worth considering all the consequences of just entering your client's site with the sole intent of removing content without their permission, regardless of what clauses in your contract they may have broken.

  13. #13
    SitePoint Wizard LiquidReflex's Avatar
    Join Date
    Aug 2003
    Location
    Minnesota
    Posts
    1,861
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If you stipulate that you "own" the pages until the final payment is made, I would suggest keeping the pages until that final payment is made. There are many projects that I take on that delivery of files are not sent until the final payment (this is especially true with a new client). At that point, the files are uploaded and they can be used by the client. This gives them incentive to pay the final installment. Once they have what they want (the pages on their website) what is their motivation to make the last payment?

    I do have NET 15 and NET 30 clients as well, but they are more established and I have worked with them before and have a trust built with them. You may have worked with this client before, so it may not have been something you could forsee, but at least it's an option.

    Trying to figure out a coding trick is going to cause more trouble than it's worth. Work yourself a solid contract so if someone does avoid payment, you have legal footing to take them to court and fight for it. You haven't mentioned how much they owe you so it's hard to say in this case, but I would probably just remove the files like you did and either follow through legally or chalk it up to lesson learned. You'll spend too much time trying to make a point to this one client when it would be better served impressing a new client.

    Good luck either way!
    Kevin Hauge : Modern Leaf Design : Follow Us on Facebook
    Client Axis v.08 - client / project management script

  14. #14
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,832
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    You hold the copyright until payment is received (and cleared). Threaten to file a lawsuit in small claims court.

  15. #15
    SitePoint Zealot
    Join Date
    Sep 2010
    Location
    Brighton, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How much do they owe? A few pages? I would write it off and not do business with them again. Word gets around, and taking it through the small claims court is a pain.

    Either that or knock on their door and say hi, where is my money.

  16. #16
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by shadowbox View Post
    While the client has broken a contract, which is a civil issue, the developer here has, at a stretch, possibly committed a criminal act. He has on this occasion, accessed the client's site without the client's specific permission and while there, removed content and replaced it with different content. In the UK at least, this may fall under 'computer hacking' legislation. I know in the US there are similar laws.
    Not to get nit-picky, but I wonder if this is two separate things: gaining access and removing content. Regarding the first, when does "specific permission" begin and end? I typically develop *on* the client's server (well, his 3rd party hosting provider's server) albeit in a hidden subdirectory. I don't know that things are as explicit as the client saying, "OK, during development, you hereby have my permission to access my server, but not after you're done."

    And on the issue of "removing" content, would altering the .htaccess file to redirect requests for the unpaid-for content, while *leaving* the content on the server still be considered removal?

  17. #17
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by LiquidReflex View Post
    If you stipulate that you "own" the pages until the final payment is made, I would suggest keeping the pages until that final payment is made. There are many projects that I take on that delivery of files are not sent until the final payment (this is especially true with a new client). At that point, the files are uploaded and they can be used by the client. This gives them incentive to pay the final installment. Once they have what they want (the pages on their website) what is their motivation to make the last payment?
    Well, it's more than a "stipulation". Under US Copyright law, as I understand it, I retain full and complete ownership of my work product until it is either fully paid for or I transfer the ownership rights to another party. As I mentioned in an earlier response, I develop on the client's hosting provider's server. With simple static (e.g. HTML/CSS) pages, it would be easy enough to develop on my server, then deliver code upon payment. But on a more complex site, say involving Wordpress and/or databases, it's time-consuming to pick up everything from a development server and move it to a production server.

  18. #18
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did more than threaten. I just finished completing the paperwork to file in small claims court. I'll mail everything tomorrow. The fee was US$22, which is a small price to pay to at least get into the legal system before my client does. I would not be surprised if his company is near bankruptcy, so it's unlikely I'd actually collect anything. But at least he'll know any suit he files against me would probably be seen as retaliatory.

    BTW, for those who've been asking, the amount he owes me is about US$2,000. That might not seem like much to some of you, but I'm a small, one-person web shop. Plus, because his project was fixed fee, and I didn't do a good job of controlling scope creep, I ended up doing more work than I should have. My "equivalent hourly rate" on this project makes burger-flippers at McDonalds look high salaried.

  19. #19
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2004
    Location
    UK
    Posts
    2,673
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by njwebwiz View Post
    when does "specific permission" begin and end?
    I think that once the job was completed and you set the content live, your job was done. At that point, continuing to access the client's site should really require their specific permission (IMO). Of course, nothing is ever a cut and dry, so there is probably scope for you to argue that you have continuous access permission unless instructed otherwise.

    And on the issue of "removing" content, would altering the .htaccess file to redirect requests for the unpaid-for content, while *leaving* the content on the server still be considered removal?
    IANAL, but legally I suspect the two would be considered identical. The end result is that content was no longer accessible on the site due to your unauthorised access and the actions you performed during that access.

    Obviously we're taking things to an extreme here, for the sake of discussion. I'm not trying to scaremonger - I think you'll be fine, but perhaps you should think carefully before doing this in the future!

  20. #20
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sometimes "the principle" overrides common sense and practicality. I'm sure I've wasted 20 or 30 hours with this client, trying to collect money I'll never see. I realize in this particular case, I should have handled things differently. But in the larger scope, I think "creatives" (web designers, graphic artists, copywriters, etc.) are getting screwed. It's just too easy for clients to steal stuff and not pay. We can have all the contracts we want, and be on the "right side" from a legal perspective, but in the end, the one "holding" the stuff we produce seems to have the upper hand.

    It's just frustrating and makes me not trust clients. That's not a good way to do business.

  21. #21
    SitePoint Wizard
    Join Date
    Dec 2003
    Location
    USA
    Posts
    2,582
    Mentioned
    29 Post(s)
    Tagged
    0 Thread(s)
    My recommendation would be to not develop on their server. For large projects you have to, but by large I mean usually hundreds of thousands of dollars. Those always have contracts (or an idiot developer =p).

    For smaller projects however, it's almost always easier to set up your own local server and build it there. Then you just don't give it to them until you're paid in full.

  22. #22
    SitePoint Evangelist
    Join Date
    Aug 2005
    Location
    Winnipeg
    Posts
    498
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your going about it all wrong, IMO.

    Never update a clients site, have your own server. Secondly if all your doing is HTML, consider taking screen shots if you think your clients are savvy enough download HTML/content and upload to their site.

    Lastly, you should be using a CMS and allowing your clients to update their own content and avoid this issue all togather, unless I misunderstand the problem.

    Cheers,
    Alex
    The only constant in software is change itself

  23. #23
    SitePoint Enthusiast
    Join Date
    Aug 2007
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by PCSpectra View Post
    Never update a clients site, have your own server. Secondly if all your doing is HTML, consider taking screen shots if you think your clients are savvy enough download HTML/content and upload to their site.

    Lastly, you should be using a CMS and allowing your clients to update their own content and avoid this issue all togather, unless I misunderstand the problem.
    No, this was more than just HTML updates. The client needed e-commerce functionality as well as a custom database-driven application built. There were some static HTML pages added as well, but most of the work was more complicated.

    I do agree with the consensus, though, that (when possible) I should develop locally and only deliver stuff to the client after it's been fully paid for. That's going to add a bit of work, since with Wordpress and other database-drive stuff it's not as simple as just picking up a bunch of files and dropping them on another server.

  24. #24
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,629
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Maybe not - but it's not really THAT much more complicated. For the database you just need to export the config and content to file, then import into the target server database. (You just need to create the database instance first on the target). And it's quite easy to change/define different paths and account details between your local dev server and the target server.
    Ian Anderson
    www.siteguru.co.uk

  25. #25
    SitePoint Zealot
    Join Date
    Sep 2010
    Location
    Brighton, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Or you could just meet your client upfront for a quiet cup of coffee and a chat and make sure you get on well with them. It's not going to be fun for either of you if there's conflict there.

    That and ask for staged payments at well defined milestones throughout the project.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •