|
|
Website Access Lockout
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
One of my clients has a website. This site was built by an external agency who are about to get canned. The agency built the whole thing and I believe they have some kind of backend system in the site which they can access in order to upload content or change certain things.
We (I) have total admin control of the web hosting account where the site resides so it's entirely possible for me to cut off public access to the site should I need to do so.
The concern is that if my client ends up in dispute with the web agency, the web guys could make embarrassing or malicious changes to the content of the site.
I don't believe this is likely, but my client is a pretty distrusting guy and he will likely want to make sure its not possible and if he's willing to pay for that then that works for me.
So my question is this: If I need to, can I get into the files on the web host and modify some config to lock out the web guys and grant myself or others admin rights to the back end system of the site?
I don't know what back end system is in place but I imagine it will be one of the popular ones. Anyone ever had to do anything like this?
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Administrator
Join Date: Jun 2000
Location: California
Status:
Offline
|
|
You'll need to know what's running at each level of the stack. Check for branding credits at the bottom of pages, and/or credits pages. You usually have to pay extra to remove branding, so chances are good the credits are still present. You can also check page source for possible credits.
Once you know what package is present, you can check their manuals and make sure you have (or can set up) admin access to each level. Then can cut off unwanted parties.
Sounds like you don't own the servers, but use hosted hardware. But you've got admin on that web account.
Is a DB service separate? If so, you'll need admin on that. Assuming a DB interface app (like phpmyadmin), you'd need admin on that too. Do you use a cloud service for your data instead? You'll need to track this down, make sure you have admin there too.
Web server is likely Apache or something from Microsoft, which you control via config files on the web host. Which you already have web admin access.
Publishing is likely a CMS (Content Management System) which could be a standard package, or something the agency coded up. You'll need admin for this. The most critical admin account(s) are likely hardcoded in a config file, with the rest done via DB. You'll need to find the manuals for this CMS, to figure out all the access privs. If it's a custom CMS the agency coded, you'll likely have to transition to a standard package to get full control. Without the source code and documentation, you'd remain dependent on the agency and could not cut ties completely.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status:
Offline
|
|
If you own the server etc can you yoink it so no one can mess with it? then sort out the access on another location.
If wordpress does the client have any login at all? If they are not admin not sure how to bypass that.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Apr 2007
Location: Iowa, how long can this be? Does it really ruin the left column spacing?
Status:
Offline
|
|
With my host, you can set up several kinds of access including direct-web access, ftp, maybe more like through special plugins. You'll have to go through each setting and make sure you change passwords or disable access through that avenue.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Thanks guys. I hadn't considered the agency might have used their own online storage to host images and other resources. Even if I locked them out, they'd be able to swap one image out for another with the same filename and have it appear on the site.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status:
Offline
|
|
download site images;
upload images to correct host;
search/replace image paths?
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Having overcome a moment of minor brain damage, I'm 65% sure it's a Wordpress site. Probably.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status:
Offline
|
|
Wordpress? Then unless they were doing things very oddly, all the images should be on that site. (Unless they did the dev on their own server and never changed the links when they moved it to client server? bad devs if so)
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Thats good info thanks! I've never really used WordPress so I'm mostly clueless.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|