[TYPO3-jobs] Customers hiring TYPO3 Developers to steal sites

Andreas Becker ab.becker at web.de
Wed Apr 30 11:05:24 CEST 2014 

Hi Dieter and Christoph

You are right about Trustworthyness and also about Expectations but the
point in that case is actually the other side that another Developers steal
the site! It is not the customer doing it. It is i.e. Employees from
Mittwald which logged into the site without prior consent and surfed around
as they told and verified their access times and IPs. With Developers
working from private IPs it is a bit more complicated as you need to
contact the ISP ie. Unitymedia or Telekom Austria. In this point it is
really good what we have here where we are working from. Here every company
has to keep an access log for 6 months and also everybody who provides
Internet Access to others than himself.

Fakt is also that the site for sure will go online sometime and somewhere
and I guess they can't keep it not published for 5 years. (Verjaehrungs
Fristen for minor offenses) If it is a minor or a major offense to log into
a website without prior consent, needs to be clarified for possible future
similar cases.

If I ask a friend of you to give me the key of your house so I can enter it
and take out the TV or whats how ever. Well IMHO as soon as I would put one
step inside your friends house it would be called "Hausfriendensbruch" in
Germany. IMHO no one and for sure not any Hosting Company has the right to
put their feet into one of your websites even they have the key (login
data) from i.e. your client.

The employee at Mittwald told me that it would be a normal process for them
to enter sites, as often they get asked from new clients to transfer their
old sites from the former hoster. Even in that case I would say they won't
be allowed to access the site without prior consulting the former Hosting
Company!

That you have to trust clients etc pp is all ok and true but don't we need
to trust our Fellow Developers and especially a Hosting Company like
Mittwald too that they don't enter sites without prior consent of the
Developing Company. And for sure it would be not OK if they would access a
server run by an Agency which develops that site.

Concerning Admin rights etc. When you do training with customers to train
them that they are actually lateron able to manage their site themselves,
there is often the point where they simply will have admin access.

But even worst is actually that another TYPO3 Developer is the hacking into
the site your are developing and installing extensions and doing probably
other nasty things in the sites.

What would you actually do with that Developer - actually with those people
who entered the site without your prior consent?

Andi


On Wed, Apr 30, 2014 at 12:57 PM, Christoph Burgdorfer <
burgdorfer at coandcouk.com> wrote:

> Hi Andi,
>
> I would say, any business relationship is based on two main factors:
>
> • Trust
> • Expectations
>
> Trust is simple: Either there is mutual trust between the business
> partners, or there is none. What's important here is: It's hard to gain and
> easy to lose.
>
> Expectations is a bit more tricky: All business partners have to be on the
> same page when it comes to expectations. I.e. what to get in what time for
> what price at what quality. This requires a lot of "managing expectations".
> This is not an easy task, especially if agencies underestimate the
> importance of it, sell a service rather than a product and if the client is
> a bit "difficult". But it's crucial, because with mismanaged expectations
> the agency ultimately loses trust and therefore the client in a vicious
> spiral.
>
> My recommendation for a service business: 40% of the communication with
> the client should be about managing their expectations. 30% about
> operational and organisational things such as chasing up stuff, and another
> 30% about proactive recommendations and ideas.
>
> The point I'm making: Managing expectations is the most important part of
> any client-agency communication. It is how to avoid disgruntled clients
> who, once  there is no trust left, would do such a bad thing.
>
> I'm not saying you did a bad job nor would I justify the behaviour of the
> client. You probably have delivered an amazing software. But if their
> expectations are up there with the stars it's impossible to please any
> client. And unless they had the malicious intention to do this from the
> beginning (which I doubt because of the contract) under-managed
> expectations is the only possibility how I could explain (but not justify!)
> such a behaviour.
>
> Hope this helps,
> Christoph
>
> Managing Partner, coANDco
>
> If the text of this e-mail doesn't make sense, it's probably because it
> has been tapped on a mobile device with one finger.
>
> Check out our latest fun project:
> http://www.whereareyou-app.com
>
> > On 30 Apr 2014, at 04:24, Andreas Becker <ab.becker at web.de> wrote:
> >
> > Hi All
> >
> > In another case we would like to get your ideas too.
> >
> > We heard already a lot about Developers which got not paid by customers
> and
> > it seems that in Germany there seems to be quite a lot, thow we never had
> > problems with customers of US (it is just the opposite of a lot of German
> > customers like it seems - as US clients mostly pay in advance).
> >
> > The current case:
> >
> > A customer which has a valid contract with an agency pays 50%, but then
> is
> > not willing to pay the rest. Instead he hires another TYPO3 Developer
> from
> > Austria to steal the complete website! Before that customer also
> contacted
> > Mittwald where he hosted his old sites.
> >
> > An employee of Mittwald also verified that the customer asked them to
> move
> > the site to their server. Also Mittwald developers used the Access Data
> of
> > the customer to access the TYPO3 website on the Server of the Agency
> which
> > is running under a Domain belonging to that agency. As one of their
> > employees told us he wanted to check if it would be a login for to a
> panel
> > (he also said that he has no big idea about TYPO3). Anyway!
> >
> > The Austrian developer than installed bnbbackupext to pull a complete
> > backup.
> >
> > We don't want to discuss here if a customer should have admin access or
> not
> > - this one had admin access - others have not - or VPN access etc - it is
> > more about the TYPO3 Developers who access the site without prior
> > permission, with the access Data they have got from the customer.
> >
> > But we would like to hear your opinion and ideas about how you would
> handle
> > the fakt, that other TYPO3 Developers or MITTWALD.de Employees move into
> a
> > website on your server, even they see in the header comment, the URL not
> > belonging to the customer etc. AND on several other places that the site
> is
> > NOT developed by the customer and that it is a site in development.
> >
> > And how do you deal with the "internationalization" problem?
> >
> > i.e. a German Customer living and working in Spain asks Mittwald where he
> > hosts his old site to move the site without the agencies consent from
> their
> > server to Mittwald and than finally hires an Austrian in Austria do do
> that
> > job as Mittwald (so they told us) only moves sites via FTP and SSH.
> >
> > Lets hear your ideas and opinions what you would do in such a situation
> > where non paying customers hire other TYPO3 Developers to get the TYPO3
> > website.
> >
> > Thanks to logflies on the server and in TYPO3 you have all IPs so you can
> > verify that one IP came from unitymedia (probably a private account near
> > Bielefeld), than the 46.... which belonged to Mittwald (already verified
> > with them) and the third from Austria belonging to "Highway Customers -
> > Telekom Austria". Also a Skype Recording has been send to the agency (I
> > think it was not intended by the customer ;-) were the customer is
> talking
> > to one of those developers who accessed the site and where an employee of
> > the customer suggests to pull the website without agency consent.
> >
> > Thanks for your ideas and answers.
> >
> > Andi
> > _______________________________________________
> > TYPO3-jobs mailing list
> > TYPO3-jobs at lists.typo3.org
> > http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-jobs
> _______________________________________________
> TYPO3-jobs mailing list
> TYPO3-jobs at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-jobs
>

More information about the TYPO3-jobs mailing list