[TYPO3-jobs] Customers hiring TYPO3 Developers to steal sites

Dieter Bunkerd dieter.bunkerd at typo3-asia.com
Wed Apr 30 05:43:20 CEST 2014 

Hi Andreas,

I think, there's not much one can do against this, besides having a 
trustworthy client base.

For new and unknown customers I always develop on one of our own 
servers, where the client only sees the frontend with no (or limited) 
backend access and no FTP access. That's fair enough, since the client 
is able to watch the proceeding of his job any time he wants.

We start a project as soon as we've received a 50% down payment and 
transfer everything after the client has approved everything and has 
sent the rest of the money. Every project consists of at least 2 
invoices, bigger projects are divided into milestones, reaching the next 
one, requires another payment before we proceed.

This is considered totally normal by most customers, if not, I already 
know that something may be "doubtful" with this particular client.

If it is a big organization or a long-term client, other proceedings are 
negotiated. But payment after a completed milestone is always mandatory. 
Also the development on my own server. If clients provide their own 
server, they get the root password after payment.

The most important thing IMHO is to simply say "NO" to a client, if "gut 
feelings" tell you to do so. Never had problems with clients not paying us.

Hope this answers your questions a little bit.

Best regards
Dieter


On 30.04.14 10:24, Andreas Becker wrote:
> Hi All
>
> In another case we would like to get your ideas too.
>
> We heard already a lot about Developers which got not paid by customers and
> it seems that in Germany there seems to be quite a lot, thow we never had
> problems with customers of US (it is just the opposite of a lot of German
> customers like it seems - as US clients mostly pay in advance).
>
> The current case:
>
> A customer which has a valid contract with an agency pays 50%, but then is
> not willing to pay the rest. Instead he hires another TYPO3 Developer from
> Austria to steal the complete website! Before that customer also contacted
> Mittwald where he hosted his old sites.
>
> An employee of Mittwald also verified that the customer asked them to move
> the site to their server. Also Mittwald developers used the Access Data of
> the customer to access the TYPO3 website on the Server of the Agency which
> is running under a Domain belonging to that agency. As one of their
> employees told us he wanted to check if it would be a login for to a panel
> (he also said that he has no big idea about TYPO3). Anyway!
>
> The Austrian developer than installed bnbbackupext to pull a complete
> backup.
>
> We don't want to discuss here if a customer should have admin access or not
> - this one had admin access - others have not - or VPN access etc - it is
> more about the TYPO3 Developers who access the site without prior
> permission, with the access Data they have got from the customer.
>
> But we would like to hear your opinion and ideas about how you would handle
> the fakt, that other TYPO3 Developers or MITTWALD.de Employees move into a
> website on your server, even they see in the header comment, the URL not
> belonging to the customer etc. AND on several other places that the site is
> NOT developed by the customer and that it is a site in development.
>
> And how do you deal with the "internationalization" problem?
>
> i.e. a German Customer living and working in Spain asks Mittwald where he
> hosts his old site to move the site without the agencies consent from their
> server to Mittwald and than finally hires an Austrian in Austria do do that
> job as Mittwald (so they told us) only moves sites via FTP and SSH.
>
> Lets hear your ideas and opinions what you would do in such a situation
> where non paying customers hire other TYPO3 Developers to get the TYPO3
> website.
>
> Thanks to logflies on the server and in TYPO3 you have all IPs so you can
> verify that one IP came from unitymedia (probably a private account near
> Bielefeld), than the 46.... which belonged to Mittwald (already verified
> with them) and the third from Austria belonging to "Highway Customers -
> Telekom Austria". Also a Skype Recording has been send to the agency (I
> think it was not intended by the customer ;-) were the customer is talking
> to one of those developers who accessed the site and where an employee of
> the customer suggests to pull the website without agency consent.
>
> Thanks for your ideas and answers.

More information about the TYPO3-jobs mailing list