Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Website Access Lockout

Website Access Lockout
Thread Tools
Waragainstsleep
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 12, 2024, 02:33 PM
 
One of my clients has a website. This site was built by an external agency who are about to get canned. The agency built the whole thing and I believe they have some kind of backend system in the site which they can access in order to upload content or change certain things.
We (I) have total admin control of the web hosting account where the site resides so it's entirely possible for me to cut off public access to the site should I need to do so.
The concern is that if my client ends up in dispute with the web agency, the web guys could make embarrassing or malicious changes to the content of the site.

I don't believe this is likely, but my client is a pretty distrusting guy and he will likely want to make sure its not possible and if he's willing to pay for that then that works for me.

So my question is this: If I need to, can I get into the files on the web host and modify some config to lock out the web guys and grant myself or others admin rights to the back end system of the site?
I don't know what back end system is in place but I imagine it will be one of the popular ones. Anyone ever had to do anything like this?
I have plenty of more important things to do, if only I could bring myself to do them....
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Sep 12, 2024, 02:54 PM
 
You'll need to know what's running at each level of the stack. Check for branding credits at the bottom of pages, and/or credits pages. You usually have to pay extra to remove branding, so chances are good the credits are still present. You can also check page source for possible credits.

Once you know what package is present, you can check their manuals and make sure you have (or can set up) admin access to each level. Then can cut off unwanted parties.

Sounds like you don't own the servers, but use hosted hardware. But you've got admin on that web account.
Is a DB service separate? If so, you'll need admin on that. Assuming a DB interface app (like phpmyadmin), you'd need admin on that too. Do you use a cloud service for your data instead? You'll need to track this down, make sure you have admin there too.
Web server is likely Apache or something from Microsoft, which you control via config files on the web host. Which you already have web admin access.
Publishing is likely a CMS (Content Management System) which could be a standard package, or something the agency coded up. You'll need admin for this. The most critical admin account(s) are likely hardcoded in a config file, with the rest done via DB. You'll need to find the manuals for this CMS, to figure out all the access privs. If it's a custom CMS the agency coded, you'll likely have to transition to a standard package to get full control. Without the source code and documentation, you'd remain dependent on the agency and could not cut ties completely.
     
andi*pandi
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Reply With Quote
Sep 12, 2024, 03:06 PM
 
If you own the server etc can you yoink it so no one can mess with it? then sort out the access on another location.

If wordpress does the client have any login at all? If they are not admin not sure how to bypass that.
     
Laminar
Clinically Insane
Join Date: Apr 2007
Location: Iowa, how long can this be? Does it really ruin the left column spacing?
Status: Offline
Reply With Quote
Sep 14, 2024, 09:52 AM
 
With my host, you can set up several kinds of access including direct-web access, ftp, maybe more like through special plugins. You'll have to go through each setting and make sure you change passwords or disable access through that avenue.
     
Waragainstsleep  (op)
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 14, 2024, 09:49 PM
 
Thanks guys. I hadn't considered the agency might have used their own online storage to host images and other resources. Even if I locked them out, they'd be able to swap one image out for another with the same filename and have it appear on the site.
I have plenty of more important things to do, if only I could bring myself to do them....
     
andi*pandi
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Reply With Quote
Sep 15, 2024, 04:29 PM
 
download site images;
upload images to correct host;
search/replace image paths?
     
Waragainstsleep  (op)
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 16, 2024, 04:17 PM
 
Having overcome a moment of minor brain damage, I'm 65% sure it's a Wordpress site. Probably.
I have plenty of more important things to do, if only I could bring myself to do them....
     
andi*pandi
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Reply With Quote
Sep 16, 2024, 04:50 PM
 
Wordpress? Then unless they were doing things very oddly, all the images should be on that site. (Unless they did the dev on their own server and never changed the links when they moved it to client server? bad devs if so)
     
Waragainstsleep  (op)
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 18, 2024, 06:59 PM
 
Thats good info thanks! I've never really used WordPress so I'm mostly clueless.
I have plenty of more important things to do, if only I could bring myself to do them....
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 08:23 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,