Server frustration and bad practise

I’ve had a very frustrating couple of days dealing with a server hosting company on behalf of one of my clients.  Amazingly, despite finding a rather nasty Trojan sitting on their server, the hosts, www.netbenefit.com initially refused to wipe the site unless my client was able to come up with the original login details.  We produced FTP passwords, user passwords etc, but all to no avail.  Two weeks, and much pleading later, they eventually completed the wipe, and I was able to add a clean version of the site.  Below is an excerpt from my email ping pong:

“Dear Shofon/Imran,

As your own investigations have proven, there is a trojan on the site.  The more time we waste with these log in details, the more website users will become infected.  Surely this should take precedence over my client not being able to find the correct log in?  If you do not have authority to wipe the site and remove the threat, then I would ask that you pass this email on to your supervisor, and ask them to contact my client, xxx, directly on xxx  between the hours of 9.00am and 5.00pm tomorrow to get this issue resolved.

Many thanks

Andrew Nicholson”

Their reponse:

“Thank you for emailing NetBenefit.

Unfortunately we will not be able to do your request until we confirm the overall account username and password. We have to follow the procedure laid out by the company and so will not be able to do the change until the correct details are provided.

Shofon Mia
Online Support Advisor”

Whilst I admit being very frustrated by this appalling approach to online security, it is in fact symptomatic of a deeper issue my client is facing.  That of my client not actually owning his site.  Yes he updates it, and manages the content on it.  Yes, all the contact details feed in directly to him.  But the actual owner of the site was a developer way back when who registered the site, built it, and then skipped the country.  This is a historic issue that many website owners are facing today.  Rather than owning their sites, they are in fact merely lodgers.  Way back in the annals of time, when most business owners didn’t know their Dreamweaver from their SEO, web developers regularly volunteered to sort out the URL registrations for the business, applying under their own name for ownership.  This would be fine, up until the point where the business owner and developer went their separate ways.  At which point the real ‘owner’ of the website could demand a large sum of departure money.  This is of course a dreadful practise, and much akin to handing your house keys to the builder after he’s finished building your home, and you’ve moved in.  But it happened non-the-less.

By and large, this unsavoury practise has now petered out (if your developer even suggests registering your URL in their name, run a mile), but there are other more subtle means of extending control over a website.  I came across a company last week who will build you a website for a few hundred pounds.  Bargain, you say!  What they don’t mention is that they continue to own all visual content on the site.  Images, graphics, layouts etc.  So if you want to part from them at any time, you have to “buy out” the images.  Which will cost you a pretty penny!

As with everything in life, you get what you pay for.  If a developer is offering you a ridiculously cheap deal, ask yourself why?  You wouldn’t work for less than minimum wage, and it’s highly unlikely a professional web developer will either.  Make sure you own all the content, and the URL, and don’t expect to get something for nothing.  If you have any doubts, drop me a line, and I’ll look over the contract for you – better that than be stung later on.