[TYPO3-jobs] Customers hiring TYPO3 Developers to steal sites

Andreas Becker ab.becker at web.de
Wed Apr 30 13:32:12 CEST 2014 

Thanks Xavier and Dieter

I talked yesterday to Mittwald and they told me that it is for them a
normal business to move sites from another hoster to their hosting space.
The customer itself is a Mittwald customer who intended to use their moving
service. The site he wanted to move wasn't on a Mittwald webspace, as this
would be more or less an inhouse act. But here they entered foreign ground
without permission. Unfortunately for the customer he had no ftp or ssh or
any other server credentials beside the admin access for TYPO3 Dev Site.
The Mittwald employee told us that he accessed the site. He said he wasn't
sure if behind a TYPO3 login perhaps a panel would be to move the site.
Already earlier that day another Mittwald Employee Accessed the site too.

A real good thing on TYPO3 is actually the logging as it is working just
perfect :-) So you can see what has been done in the backend and where they
moved.

If I receive from a customer an ssh access (but not with an ftp access),
than I assume probably same like you Xavier that it would be OK to move the
site. But usually I check first who were the former developers and where he
is hosting and who is owning the domain (Whois).

Mittwald actually told the customer that they only move sites with ftp and
ssh and can't help him - BUT first they accessed at all the TYPO3 website
with the obvious intend to move it!

The server and hosting space is not a space from that customer, what is
visible actually already when they access the site. The URL is not at all
an URL which matches the website. It is an "agency/development" URL which
is also registered not on the customers name. So they actually acted on
foreign and not on their own ground, which is quite easy to find out by
checking whois.

For the other two TYPO3 Developers who accessed the site it is absolute no
question. Especially for that one who installed bnbbackupext. He acted like
a Thief and Intruder and the IP address will lead to him somehow.
Fortunately!

@Dieter "they" is not Mittwald but actually the other developers (non
mittwald) - sorry was a bit unclear - especially the last one who installed
bnbbackupext is meant. The support from Mittwald was actually very helpful
by answering and verifying what happened and what the customer has asked
them to do.

With sueing you are right Dieter! But here perhaps another problem occurs
as all parties are sitting actually in different countries.

So you would need to sue the Austrian Developer in Austria and the German
Parts in Germany while you need to fight probably for your money even
elsewhere.

It is a case with many different aspects:

- juridical - sueing, etc - a case for a lawyer

- ethical - is it OK as a TYPO3 Developer to move into the obvious
development website of another TYPO3 Developer - even If I don't like him,
I would say NO it is not OK.

- technical - well if there is a problem with backing up a site or securing
a site we don't need to move into the site at all, so why should we enter
it.


===
Andi


On Wed, Apr 30, 2014 at 5:08 PM, Xavier Perseguers <xavier at typo3.org> wrote:

> Hi Andi,
>
> I have the feeling there are two different concerns here.
>
> > The employee at Mittwald told me that it would be a normal process for
> them
> > to enter sites, as often they get asked from new clients to transfer
> their
> > old sites from the former hoster. Even in that case I would say they
> won't
> > be allowed to access the site without prior consulting the former Hosting
> > Company!
>
> If someone comes to me and gives me admin access (FTP, TYPO3 admin, ...)
> and mandates me to move her website somewhere else, I'm asking myself by
> reading this conversation why I would not do it? I mean it's a job to be
> done, I'll most probably invoice it and again by reading, I'm asking
> whether I would get in touch with the former hoster, I guess no, why
> would I? (wait, I've something to add after next paragraph).
>
> Now, the second point is that (if I read carefully enough) you expect a
> contact to be established with the former hoster in case the
> corresponding client did not pay something. Well, that's a full other
> story and IMHO not related to being moved around but to some former
> contract and the client has to honor it and pay the due fees of course,
> that's out of question.
>
> Now to come back to first point, the case where I would get in touch
> with the former hoster/company would be if the website is not a "simple"
> website but some "platform" that the client may be using but is not
> hers. But, in that case, I wouldn't expect the client to have been
> granted admin access anyway.
>
> I cannot and don't want to judge what Mittwald did or did not, that's
> none of my business here so this was just my own personal opinion on
> that matter.
>
> Kind regards
>
> --
> Xavier Perseguers
> TYPO3 CMS Team Member
>
> TYPO3 .... inspiring people to share!
> Get involved: http://typo3.org
>
> _______________________________________________
> TYPO3-jobs mailing list
> TYPO3-jobs at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-jobs
>

More information about the TYPO3-jobs mailing list