Do you charge clients whose websites have been hacked?

Report · Aug 14, 2020

I recently had to troubleshoot a website that was removed for excessive use of SQL resources. In doing so, I discovered that the database was down because a hacker had added a new MySQL user name in some sort of attempt to hijack the database. Luckily I was able to restore the database my returning the original user name in the configuration file.

So my question is: Do you charge your clients for fixing their hacked websites? It seems like a good way to anger a client and yet, without the expertise of the web designer their sites would remain down.

Report · Aug 14, 2020

Well it depends if you feel you have done your best in terms of producing code which is secure against hacking attacks. Was the attack down to weakness in the code or a weakness in the server security. You have to make your own mind up who is at fault and who should pay.

I largely gave up web-development because I was spending too much unpaid time sorting out issues which were beyond my control and would have been hard to justify to the client why I charged them.

I would advise to make a charge as nothing can be guaranteed 100% especially if you feel it was something beyond your control. Clients need to set aside a contingency budget for unexpected events.

I've literally spent days of my time sorting out what was the fault of the hosting company and not charged the client, because its not the clients fault. If the client gives you regular work and its good paying work you can do it for free but like most freelance developers I suspect your doing work for the price of a hamburger and fries in which case you might as well get a decent job doing something that pays, without all the hassle associated.

Report · Aug 15, 2020

So have you given up creating new websites entirely? Or do you just update the ones you already have?

Report · Aug 15, 2020

Hi Paul,

Yes, I now only update websites which I've built previously, which keeps some money coming in.

I guess I reached a point where I couldn't really take it any further and I became a little bored with web-development in general and the direction it is/was taking. I dont see it getting any better as 'infants' are really just using frameworks these days and pretty poor practices which are being forced upon them by a race to the bottom. I don't want to be part of that scene as its unsatisfying in terms of job satisfaction.

I see a lot of developers who are either burnt out very early or are disillusioned about the constant learning of new techniques which seem to be non-stop. These days you cant call yourself a developer unless you know 4 or 5 css front end frameworks, 4 or 5 front-end javascript frameworks, 4 or 5 back-end workflows, css, javascript, database architecture and that just the very, very basics! phewww

It would be nice to just choose a stack and focus on that but if you do that you are limiting yourself to a very small pond to fish in as development moves too fast and you can easily get left behind.

I'll just share the coding knowledge I've built up over several years and hope it helps someone.

Report · Aug 15, 2020

The question is - did you build the database cannection code and server behaviours using mysql, (such as used by the Dw server behaviours) in the last 10 years?

If the answer is yes, then you are responsible for the problem. PHP issued a security notice about using mysql back in 2009/10, saying that the mysql database connection code was insecure and should NOT be used. Instead developers should use mysqli or pdo to connect-to and query a database.

If you did use mysql, (and not mysqli/pdo) and the site was built in the last 10 years, then the client could also ask you to rebuild the server side, for free. Simply because you as the developer are legally responsible to build a site that is, 'fit for use'. Which includes not using out-of-date and insecure code.

Report · Aug 15, 2020

It's a Joomla site so it uses the latest MySQLi database. It was, however, still using PHP 5.6 which I upgraded to 7.2 with no problems.

Adobe Community

Do you charge clients whose websites have been hacked?