Skip to main content
paulk7737514
paulk7737514
Inspiring
August 14, 2020
Frage

Do you charge clients whose websites have been hacked?

  • August 14, 2020
  • 2 Antworten
  • 667 Ansichten

I recently had to troubleshoot a website that was removed for excessive use of SQL resources. In doing so, I discovered that the database was down because a hacker had added a new MySQL user name in some sort of attempt to hijack the database. Luckily I was able to restore the database my returning the original user name in the configuration file.

 

So my question is: Do you charge your clients for fixing their hacked websites? It seems like a good way to anger a client and yet, without the expertise of the web designer their sites would remain down.

    Dieses Thema wurde für Antworten geschlossen.

    2 Antworten

    pziecina
    pziecina
    Legend
    August 15, 2020

    The question is - did you build the database cannection code and server behaviours using mysql, (such as used by the Dw server behaviours) in the last 10 years?

    If the answer is yes, then you are responsible for the problem. PHP issued a security notice about using mysql back in 2009/10, saying that the mysql database connection code was insecure and should NOT be used. Instead developers should use mysqli or pdo to connect-to and query a database.

     

    If you did use mysql, (and not mysqli/pdo) and the site was built in the last 10 years, then the client could also ask you to rebuild the server side, for free. Simply because you as the developer are legally responsible to build a site that is, 'fit for use'. Which includes not using out-of-date and insecure code.

     

    paulk7737514
    paulk7737514Autor
    Inspiring
    August 15, 2020

    It's a Joomla site so it uses the latest MySQLi database. It was, however, still using PHP 5.6 which I upgraded to 7.2 with no problems.

    O
    osgood_
    Legend
    August 14, 2020

    Well it depends if you feel you have done your best in terms of producing code which is secure against hacking attacks. Was the attack down to weakness in the code or a weakness in the server security. You have to make your own mind up who is at fault and who should pay.

     

    I largely gave up web-development because I was spending too much unpaid time sorting out issues which were beyond my control and would have been hard to justify to the client why I charged them.

     

    I would advise to make a charge as nothing can be guaranteed 100% especially if you feel it was something beyond your control. Clients need to set aside a contingency budget for unexpected events.

     

    I've literally spent days of my time sorting out what was the fault of the hosting company and not charged the client, because its not the clients fault. If the client gives you regular work and its good paying work you can do it for free but like most freelance developers I suspect your doing work for the price of a hamburger and fries in which case you might as well get a decent job doing something that pays, without all the hassle associated.

      paulk7737514
      paulk7737514Autor
      Inspiring
      August 15, 2020

      So have you given up creating new websites entirely? Or do you just update the ones you already have?

      O
      osgood_
      Legend
      August 15, 2020

      Hi Paul,

       

      Yes, I now only update websites which I've built previously, which keeps some money coming in.

       

      I guess I reached a  point where I couldn't really take it any further and I became a little bored with web-development in general and the direction it is/was taking. I dont see it getting any better as 'infants' are really just using frameworks these days and pretty poor practices which are being forced upon them by a race to the bottom. I don't want to be part of that scene as its unsatisfying in terms of job satisfaction.

       

      I see a lot of  developers who are either burnt out very early or are disillusioned about the constant learning of new techniques which seem to be non-stop. These days you cant call yourself a developer unless you know 4 or 5 css front end frameworks, 4 or 5 front-end javascript frameworks, 4 or 5 back-end workflows, css, javascript, database architecture and that just the very, very basics! phewww

       

      It would be nice to just choose a stack and focus on that but if you do that you are limiting yourself to a very small pond to fish in as development moves too fast and you can easily get left behind.

       

      I'll just share the coding knowledge I've built up over several years and hope it helps someone.

      Allgemeine NutzungsbedingungenAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices