How To Protect A Website Access From The Coder?

[bolognamare]

Hi, i paid a coder to develop a website, i choosed the hosting server.

Certainly the coder will put one or more backdoors to bypass any protection.

Another coder suggested me to ask to the hosting people the availability to change the FTP passwords when i need it.

He says that if i change them the coder cannot modify anything, he can only look to reports and other things, but he CANNOT MODIFY ANYTHING.

Is he right?

What kind of precaution can i take to avoid problems?

Please use simple words, i'm not a coder so i need your patience to make me understand your technical language.

Thanks to everyone in advance!

[LivinLOS]

I have no idea what you are attempting to do so dont know about the sites programming..

If the site is using basic HTML then I think the advise is OK but if the site is using php or cgi or other coding then it would be fairly trivial for coding backdoors to be included.. This of course relates to dynamic content rather than static HTML pages.

[bolognamare]

I have no idea what you are attempting to do so dont know about the sites programming..

If the site is using basic HTML then I think the advise is OK but if the site is using php or cgi or other coding then it would be fairly trivial for coding backdoors to be included.. This of course relates to dynamic content rather than static HTML pages.

The coder use php 4.3.x and mysql 4.x ONLY to realize the website, when his work is ended what could he do to modify the program without my agreement?

Changing the FTP passwords is enough?

Edited January 7, 2006 by bolognamare

[Crushdepth]

Unfortunately, if they are competent then you can't really stop them leaving a back door if they want to. If you have reason to be worried about it (and can afford it), you could consider having the code/site reviewed by another programmer with experience in PHP/MySQL and security (they will probably pick up some unintentional vulnerabilities anyway), but its better to use a reputable company in the first place.

It's a good idea to change *all* of your passwords including for the website hosting account, database user accounts (you may need to change password details in your website code to match), domain name registrar, ftp, email, administrative accounts on the actual website (if there are any) etc. All of these can be used to take your site offline.

Probably the best insurance is to back up your site regularly (both the file structure *and* the database). Keep the backups on CD in a safe place, and keep the old ones as a 'time series' so you can restore it from any point in the past. That way if they trash your site, at least you've still got it and can get someone you trust to rebuild or patch it.

Edited January 7, 2006 by Crushdepth

[Gumballl]

I'm confused... your are talking about web hosting (HTML), and then FTP.

Are you implying that your "coder" (btw, software developer), will need to FTP to your site to make improvements to the web site over the life-cycle of the project?

If so, avoid FTP, because it is not very secure. Ditto for telnet. Consider using SSH (secure shell).

As for you, consider picking up a System Administrator book at your local bookstore. I'm assuming your using Linux, right? A book like this should provide you with clear instructions on how to setup accounts, change passwords, and even delete accounts. I should also discuss how to modify access permissions for files and directories.

What you could do is set up a user account for your "coder", and then let him do his thing, but isolated from the rest of the system. Then, when convenient for you, perform the necessary steps to move your "coder's" modified web pages and scripts into their appropriate locations within the directory structure of your system (this step would require super-user priveleges, which only you should have).

Don't know how to do this... well, then you have three choices... 1) learn how to do it, or 2) trust your coder to do it, or 3) put trust in yet another person.

BTW, if you cannot trust your employee, I suggest you find another one. And also, I recommend that you stop watching movies about computer hackers... most are completely bogus. If you are worried about backdoors, setup your router/firewall correctly and administer the accounts on your system; then your system will be just fine, and impervious to the average hacker.

[bolognamare]

If you have reason to be worried about it (and can afford it), you could consider having the code/site reviewed by another programmer with experience in PHP/MySQL and security (they will probably pick up some unintentional vulnerabilities anyway), but its better to use a reputable company in the first place.

It's a good idea to change *all* of your passwords including for the website hosting account, database user accounts (you may need to change password details in your website code to match), domain name registrar, ftp, email, administrative accounts on the actual website (if there are any) etc. All of these can be used to take your site offline.

Probably the best insurance is to back up your site regularly (both the file structure *and* the database). Keep the backups on CD in a safe place, and keep the old ones as a 'time series' so you can restore it from any point in the past. That way if they trash your site, at least you've still got it and can get someone you trust to rebuild or patch it.

THANKS A LOT Crushdepth !!! REALLY!

Yes i have reasons to be worried about, money are involved.

When the website starts working well i need to ask the hosting people to change the following paswords:

1. website hosting account;

2. database user accounts and i may need to change the code...MAY? how can i understand that? i suppose that i need another coder help. Am i right?

The previous step, n°1 (and the n°4), are not enough to avoid any change?

3. domain name register : i was thinking to make register the website domain from the hosting people (i need to trust them, they host the entire website, surely for the first times), is it a bad idea (price apart)?

Is it better to register the domain with someone not involved with the hosting people (and with the coder of course)?

4. ftp;

5. email/emails;

6. administrative accounts: i integrate the website with a HTTP e-wallet like paypal (that uses SSL), members are redirected on the paypal website to load their virtual accounts on my website, is it safe or can be under the coder control anyway? Suggestions?

The "best insurance way" that you suggest is surely necessary (both the file structure *and* the database).

Daily backup, weekly backup?

Can i do that easily?

Or is it possible only to the hosting people?

Do i need that the website stops working for the necessary time to make the backup, or can be done while the website works? Suggestions?

The hosting people suggested me the same website/code review from a reputable company, but is it possible that the coder has added some undeletable backdoors that, if deleted, make the entire website stop working (or something worse), and if i try to make changes (like changing the passwords) can he put offline the entire website with a simple backdoor password?

Rebuilding and patching an "infected from backdoors" website does it takes a lot of time (and money) to a code reviser? and the problem could be not solved, the reviser could do the same..

What do you suggest?

I'm evaluating if is it possible to host the same website on another server to avoid any offline, is it possible?

Is this second hosted website called "mirror"?

Can they work in parallel with the same domain name?

Is enough to contact another hosting company and copy the last backup (changed ONLY with the new hosting parameters)?

Can you explain me if it's possible and if there are better alternatives.

Really THANKS THANKS THANKS A LOT!!!

Edited January 7, 2006 by bolognamare

[bolognamare]

My first question was born from this answer from the hosting people:

[MY QUESTION] : Can i change the FTP passwords (access to the website code) everytime i need? when the coder has finished his job (or second time added features) i want to avoid that he can do anything without my agreement (of course, correct me if i'm wrong, he can add backdoors but without the ftp password he cannot do changes? Am i right?

[THE HOSTING PEOPLE ANSWER] : The answer is absolutely yes! We always encourage our clients to change their FTP passwords anytime after an outside party has completed their programming assignments. You will only need to send us the request and our technician will have this done within 24 hours. It is true, a programmer can add a backdoor to their programs. Perhaps it would be worth the investment to have a second programmer check the scripts once the initial program is completed. You can then learn if you can trust this programmer or not. We may be able to suggest a programmer to do this as we work with a few on a regular basis. I'm not sure what the cost for this will be.

Also, we will not give out any passwords to anyone but who you authorize. So if you are to change your e-mail address anytime in the future, please send us the request from your current e-mail address and let us know what your new e-mail address will be. This way we can verify it is you by your e-mail address.

Is it a good answer?

I'm not a coder so i think: "yes" , but i prefer an IT opinion than my instinct.

I'm confused... your are talking about web hosting (HTML), and then FTP.

I think that the quoted words answer to this question.

Are you implying that your "coder" (btw, software developer), will need to FTP to your site to make improvements to the web site over the life-cycle of the project?

If so, avoid FTP, because it is not very secure. Ditto for telnet. Consider using SSH (secure shell).

The coder will realize a working demo, that will be hosted on the hosting people server (another country).

I suppose he will use the FTP transfer to upload all the scripts and to do improvements and necessary changings.

Improvements will end after all the test controls, no real money will be involved until this time.

Then when the website is FULLY working I will test the coder honesty changing the passwords.

If he doesn't do anything bad (like i hope, but i cannot be sure of that) i will give him new works (for other websites).

As for you, consider picking up a System Administrator book at your local bookstore. I'm assuming your using Linux, right? A book like this should provide you with clear instructions on how to setup accounts, change passwords, and even delete accounts.

Thanks for the suggestion.

I suppose yes, it's a Unix server.

The PHP version for the UNIX server is 4.3.10-2.4 and the MySQL version is 3.23.58-16

I should also discuss how to modify access permissions for files and directories.

Have I to ask that to the coder or to the hosting people? the second i presume

What you could do is set up a user account for your "coder", and then let him do his thing, but isolated from the rest of the system. Then, when convenient for you, perform the necessary steps to move your "coder's" modified web pages and scripts into their appropriate locations within the directory structure of your system (this step would require super-user priveleges, which only you should have).

I think it's over my capabilities..

Don't know how to do this... well, then you have three choices... 1) learn how to do it, or 2) trust your coder to do it, or 3) put trust in yet another person.

I'm thinking to follow the step 2 until the coder end his work and then the step 3 if, after a simple password changing, the honesty of the coder is not proved from his actions.

Only at this point, if my prediction was right, i will ask the help of an "affordable" code reviser.

If you are worried about backdoors, setup your router/firewall correctly and administer the accounts on your system; then your system will be just fine, and impervious to the average hacker.

The hosting people (it's a big company with a lot of good feedbacks, even if offshore) provide my hosted (shared with others) server with a good firewall and all security precautions and their COMPLETE assistance, yes my knowledge maybe is more movie based but i don't want to risk to haven't evaluated in advance any future and expectable bad event.

Edited January 7, 2006 by bolognamare

[Deksan]

Hi, i paid a coder to develop a website, i choosed the hosting server.

Certainly the coder will put one or more backdoors to bypass any protection.

Another coder suggested me to ask to the hosting people the availability to change the FTP passwords when i need it.

He says that if i change them the coder cannot modify anything, he can only look to reports and other things, but he CANNOT MODIFY ANYTHING.

Is he right?

What kind of precaution can i take to avoid problems?

Please use simple words, i'm not a coder so i need your patience to make me understand your technical language.

Thanks to everyone in advance!

As changing the password often is a must do, you could also ask a different person to read

the php and check the database after the installation to ensure that no backdoor has been implemented.

Good luck.

Ps: You could also just threaten the coder that you ll submit his code to another coder for verification

and see how he will react. If he asks why you could just tell him that it s better for both of you

to be sure that the code is clean and has no flaw and that an external and objective eye is often

the best way to see this kind of things.

Edited January 9, 2006 by Deksan

[Hikage]

I just skimmed this thread, but it looks like your talking about system security as opposed to application security? If so, fine, change the ftp pw, keep a check on user accounts, db users accts, logs etc.

On the application side, if your app has an authentication entry point that checks against some user store (eg db), then you really need to be able to trust the programmer or be able to read code to verify no back doors exist. That's the hard facts for you. Deksan comes up with a good idea to tell the coder you will verify.

I've built many authorization/authentication systems using a myriad of technologies, so I know a little about this.

[francois]

hi'

building websites, I can say that even if I do eveything, choosing hosting and so on, my customer get the password, I keep it or ask him when changed only upon request.

an update of the site, password needed, can be changed as many times as you want

it's a question of trust between you and your buillder

I keep the pass, if my customer ask for a maintenance, as simple as this.

but anyway, they have it too.

francois

[bolognamare]

Deksan comes up with a good idea to tell the coder you will verify.

It could be nice!

hi'

building websites, I can say that even if I do eveything, choosing hosting and so on, my customer get the password, I keep it or ask him when changed only upon request.

an update of the site, password needed, can be changed as many times as you want

it's a question of trust between you and your buillder

I keep the pass, if my customer ask for a maintenance, as simple as this.

but anyway, they have it too.

francois

so IF i change the passwords the coder can use a backdoor only to "read" and not to "write", or not?

Can i backup the entire work (when fully working), copying it on a cdrom or dvdrom and give it to another coder for checking? Can you estimate a range of possible costs for this checking?

Edited January 9, 2006 by bolognamare

[Deksan]

Deksan comes up with a good idea to tell the coder you will verify.

It could be nice!

hi'

building websites, I can say that even if I do eveything, choosing hosting and so on, my customer get the password, I keep it or ask him when changed only upon request.

an update of the site, password needed, can be changed as many times as you want

it's a question of trust between you and your buillder

I keep the pass, if my customer ask for a maintenance, as simple as this.

but anyway, they have it too.

francois

so IF i change the passwords the coder can use a backdoor only to "read" and not to "write", or not?

Can i backup the entire work (when fully working), copying it on a cdrom or dvdrom and give it to another coder for checking? Can you estimate a range of possible costs for this checking?

I believe you can backup everything, the "code checker" can assist you to do it. Cost wise

it depends on the volume of data / code to read. If you have a company running try to pay

him a week like 2000 baht -3000 baht / day and make him come to your office while he works.

Make a contract also with a NDA

http://en.wikipedia.org/wiki/Non-disclosure_agreement

Finally if you are planning to make lot of money and running website, I should advice you to emplay

an IT guy you trust to run things for you.

Ps: i think 2k-3k / day is fair salary in thailand that makes 40k-60k per month.

[bolognamare]

Finally if you are planning to make lot of money and running website, I should advice you to emplay an IT guy you trust to run things for you.

Ps: i think 2k-3k / day is fair salary in thailand that makes 40k-60k per month.

It seems the old sad truth, if i give a cookie to the coder i can eat the cake (even if i had paid him YET to realize the cake).

But if the coder can look only the cake that he realized (if i change the key of the cake room) it's not a big concern for me.

He can copy my good idea, but he will never be the first, look to amazon, ebay, milliondollarpage, only the first ones make the money, the second ones collect the cake dust.

So my concern is (nobody answered me about that), is it possible that the coder adds a "timing bomb code" in the scripts that he can activate after the password changing.

Is it possible?

Am i paranoid?

Edited January 10, 2006 by bolognamare

[francois]

Finally if you are planning to make lot of money and running website, I should advice you to emplay an IT guy you trust to run things for you.

Ps: i think 2k-3k / day is fair salary in thailand that makes 40k-60k per month.

It seems the old sad truth, if i give a cookie to the coder i can eat the cake.

But if the coder can look only the cake that he realized (if i change the key of the cake room) it's not a big concern for me.

He can copy my good idea, but he will never be the first, look to amazon, ebay, milliondollarpage, only the first ones make the money, the second ones collect the cake dust.

So my concern is (nobody answered me about that), is it possible that the coder put a "timing bomb code" in the scripts that he can activate after the password changing. Is it possible?

Am i paranoid?

hi'

to clarify this a bit;

you have a password access to your ftp account, if you change the pass no one else than you can enter and modify your site unless you get hacked ...

if your builder inseted a backdoor, he can intrude anytime!

one question : do you trust the guy who built for you or not?

one good idea, let your project checked once more by a trusted person, and then upload it yourself, you said that you had the hosting already

francois

ps;the cost is a bit up to the builder, and on you, are you generous or did you both agree on this work through a contract?

[bolognamare]

you have a password access to your ftp account, if you change the pass no one else than you can enter and modify your site unless you get hacked ...

if your builder inseted a backdoor, he can intrude anytime!

one question : do you trust the guy who built for you or not?

one good idea, let your project checked once more by a trusted person, and then upload it yourself, you said that you had the hosting already

francois

ps;the cost is a bit up to the builder, and on you, are you generous or did you both agree on this work through a contract?

So if the coder inserts a backdoor BUT he cannot hack it because the provider has enough Watchguard and Firewall, and enough other protections to avoid an hacking activity, the coder can only "read" and not "write" my scripts, right?

Or the backdoor bypass any server security system added from the provider of the hosting service?

I don't know if i can trust the coder, i hope yes, i don't know him, he lives very far and i don't want to meet him.

I need to trust him until he ends my job (only at this point he will be paid).

I trust more the people on this forum! and their helpful aid.

The coding work in my western country costs 12 times more. I will pay the right price, and the coder agrees.

There is not a real contract, when he ends the coding job (and the necessary test) and i agree that the work is end (and as i wanted it), he is paid from an intermediary that holds the money (and trasfer them to him after my last ok).

Edited January 10, 2006 by bolognamare