What's new
Carbonite

South Africa's Top Online Tech Classifieds!
Register a free account today to become a member! (No Under 18's)
Home of C.U.D.

Need Serious Advice

  • Thread starter Deleted member 39861
  • Start date

Should I report this client.

  • Report the Client

    Votes: 16 50.0%
  • Put offer on the table and state the privacy law they are breaking if they do not fix it. I rmv site

    Votes: 1 3.1%
  • Inform Law enforcement , create a case. Inform my clients clients/users

    Votes: 17 53.1%
  • Do nothing, say goodbye to client. Leave site as is, and can be blamed for this.

    Votes: 1 3.1%

  • Total voters
    32
  • Poll votes is visible for users with special permission.
  • Poll closed .
D

Deleted member 39861

Guest
Hi All,

A little back story, I am a freelance programmer and I have my own hosting company. That being said, I have picked up a client on Monday. I was told it was a simple move because the client didn't trust their previous developer since he came from Zimbabwe and was part of the hacker group that brought down the government [apparently] (yeah some crazy stuff).

After going through the content and back-end work, this developer created a mess, code barely works. No functioning admin login panel (NO SESSION HANDLERS). Admin access granted to any to user. The SQL files right in the root dir. That's not even the worst part.

Looking at the work and what had to be done:
Take the old site toss it in the trash and start over: I told the client for a complete do over because the site was lucky it was functioning since the developer was using php 5.6 on a php v7.1.x server.

Then I stumbled upon the application form (worst part).
This form asks the user to fill in the following:
  1. Full name
  2. ID number
  3. basic income, current income, average income, expenses
  4. Home address
  5. Bank Acc number, bank name, branch name
  6. next of kin and there numbers
  7. Employment
  8. Paid type: monthly, self-employed etc
Once the form is submitted its posted to the db. Heres the worst part this is all publicly available since the developer did not create a login system.

This clients site has been leaking this information for I do not know how long, without the users knowing there privacy is being leaked.

I told the client for this job its going to be hands down R18k-R24k, due to the size of their website and the content plus the mess and a redesign of front end and scrapping all back end work. Let's leave out the fact that the previous guy rooted the server and has a RAT on it (using the server as a Command & Control unit).

When I informed the client about this information leak the client told me straight "only we know its fine" and that they aren't involved with credit card fraud and so forth.

They then gave me a counter offer of 3k paid off in 3 months. 3k to do basically a redesign, scrap all old not working code (90% of the code), move databases (100+ clients). WTF.

What should I do In this position because in our meeting the client said straight. if I can't do it for her price they will move on and get another Zimbabwe guy. Which guarantees that they don't care about there clients private information. I know I can open a case. I truly am stuck in a k*k sitch.

I have to either report this and if the client does not want to pay the proper fee, I think its best for me to take the entire site offline and alert all of there clients about the company not taking the clients privacy first ?. Because they are going to leave this as is and get a immigrant to continue with this malpractice.

Out of my clients mouth "I am dwas when it comes to this internet things". I am dead serious when I say they know nothing about there own website and they run a company from it.

Someone, anyone give me some sort of direction. If you have experienced something of the sorts.

Thanks
-TechN3rd
 
Decline their shitty offer and refuse to do business with them.


- Inform Law enforcement , create a case.

I Don't think you should take anything in to your own hands by alerting clients. Shouldn't the law enforcement do that?

Thanks for your reply.

I was thinking the same thing, I am going to the police station later today. I just do not want to get blamed for this bullS. Since they have no proof that this Zimbabwe guy even worked on there site. They called me and told me to do an offsite back-up I charged them and got paid by a bank account not even owned by the company name. I have the POP as well.

The only thing I did was login, zip the root folder and created a SQL backup. The rest is not in my hands. Although since they don't know anything they can state that I was the developer since the beginning they have my invoice (only 1 for the backups) and nothing from the other developer (PAID IN CASH).

I have no proof, except for telling my 1 friend I'm going to a new client and 1 backup invoice. Thats about it.

*pulls hair out*
-TechN3rd
 
Thanks for your reply.

I was thinking the same thing, I am going to the police station later today. I just do not want to get blamed for this bullS. Since they have no proof that this Zimbabwe guy even worked on there site. They called me and told me to do an offsite back-up I charged them and got paid by a bank account not even owned by the company name. I have the POP as well.

The only thing I did was login, zip the root folder and created a SQL backup. The rest is not in my hands. Although since they don't know anything they can state that I was the developer since the beginning they have my invoice (only 1 for the backups) and nothing from the other developer (PAID IN CASH).

I have no proof, except for telling my 1 friend I'm going to a new client and 1 backup invoice. Thats about it.

*pulls hair out*
-TechN3rd
But you have only done a small limited amount of work on the site. They cant prove you you did more work on the site. Does the invoice just state the Backup work?
Also hasn't the site been up for a significant amount of time before you even came into the picture?

I think if you come froward now there wont be any repercussions for you. They haven't technically done anything dodgy yet that you know of rtight?

It is a hell of a lot easier to just turn a blind eye and forget you even saw anything. Sometimes we get into trouble even though we are trying to do the right thing, especially in this country. But if you walk away you will never forget.

Hopefully a legal figure will chime in here and set you on the right path
 
But you have only done a small limited amount of work on the site. They cant prove you you did more work on the site. Does the invoice just state the Backup work?
Also hasn't the site been up for a significant amount of time before you even came into the picture?

I think if you come froward now there wont be any repercussions for you. They haven't technically done anything dodgy yet that you know of rtight?

It is a hell of a lot easier to just turn a blind eye and forget you even saw anything. Sometimes we get into trouble even though we are trying to do the right thing, especially in this country. But if you walk away you will never forget.

Hopefully a legal figure will chime in here and set you on the right path

Yup the invoice states the work I did. The suspicions came from me having to ask them twice to send the pop to pop@mydomain.cvb . Then looking at the accounts which did not come from the clients actual company name but another company. Not only that the back links to there "Certified Credit Providers" comes from a sketchy company name plus site looks dodgy. It's like a trap for those who are not tech savvy. I hate this detective in me. The mistake they did was giving me complete access to the site and thinking I'm stupid to not put 2 and 2 together.


-TechN3rd
 
3k? LOLOLOLOLOLOLOLOLOLOL. And people wonder why contrary to popular belief being a developer in this country actually sucks.

Tell them to fuck off and report them to any and every authority applicable.

You’ll probably need to keep the site live as evidence or they can just deny it. Keep a backup though.
 
Cut them loose, tell the cops and DDOS the site.
I was thinking about that but nuhhh. Those people kind of work hard for their money and need to know that this company is catching on k*k.
 
3k? LOLOLOLOLOLOLOLOLOLOL. And people wonder why contrary to popular belief being a developer in this country actually sucks.

Tell them to fuck off and report them to any and every authority applicable.

You’ll probably need to keep the site live as evidence or they can just deny it. Keep a backup though.

Yeah 3K :cautious:, and not in 1 payment but 3 monthly 1K payments :ROFLMAO::ROFLMAO::ROFLMAO:.

>>>You’ll probably need to keep the site live as evidence or they can just deny it. Keep a backup though.

I have their backup stored offline. Although they are not hosted with me at the moment. I was thinking, I'm going to tell them I'm moving the site over to my servers tonight. Keep it online on my end, since they would not be able to simply call there hosting provider and take it offline. Once I get their site on my servers, it will be online and kept as evidence ?

Should I do that though ?

ISSUE: Since this Eskom debacle all my servers are now in the US, which means different laws. Now should I leave it with the current hosting or make the move ?

-TechN3rd
 
After finding out that their up to some shady shit?

It will look like your in on it. Since they will be paying you to host it?

It will be online and kept as evidence ?

As good idea as it is, i don't know... you have the backup (offline) as evidence.


....
 
Yeah 3K :cautious:, and not in 1 payment but 3 monthly 1K payments :ROFLMAO::ROFLMAO::ROFLMAO:.

>>>You’ll probably need to keep the site live as evidence or they can just deny it. Keep a backup though.

I have their backup stored offline. Although they are not hosted with me at the moment. I was thinking, I'm going to tell them I'm moving the site over to my servers tonight. Keep it online on my end, since they would not be able to simply call there hosting provider and take it offline. Once I get their site on my servers, it will be online and kept as evidence ?

Should I do that though ?

ISSUE: Since this Eskom debacle all my servers are now in the US, which means different laws. Now should I leave it with the current hosting or make the move ?

-TechN3rd
Rather keep it where it is. Just don’t let on to them that you are going to report them.
 
Cut him loose. Report him. Possibly overwrite all the data with blanks/nulls to protect the innocent (they still have their backup).
Also don't work for so cheap... but if you really do wanna work that cheap... do you know C#? lol.
 
Step 1 - Create your own site similar to the one that they have in operation but with all rules and legislation in compliance
Step 2 - Inform the client and police of the situation of the current clients site
Step 3 - Offer the users of the site and the clients clients your alternative site
Step 4 - Profit
Step 5 - Drink the blood of your enemies

Step 5 is really optional but I like the dramatic effect...
 
It depends where they work...
I meant since OP is working for so cheap if he knows C# I'll take some cheap labour for my company... hahahaha.

It was a joke... people should be paid what they are worth.

Total Job worth: R24K
Offer: 3k
>>>I meant since OP is working for so cheap

Crazy, Obviously I will never work for that price. Going to clone the site then probably do what @Maximums_Rickimus said.

I'm still contemplating at the moment so I'm not too sure what to do as of now.

C# lol 😂

-TechN3rd
 
@MSI1104 legal expertise needed

They will fuck you up. Believe me.
 

They will fuck you up. Believe me.

Any advice to what should I do ?

Need some of your "legal expertise" please.

-TechN3rd
 
Any advice to what should I do ?

Need some of your "legal expertise" please.

-TechN3rd
Sorry I meant in general not you specifically.
A breach must be reported within 72 hours of becoming aware of same.
It HAS to be reported. Do not become the fall guy for these people.
The information regulator takes this very very seriously contact them for specific advice..
 
Sorry I meant in general not you specifically.
A breach must be reported within 72 hours of becoming aware of same.
It HAS to be reported. Do not become the fall guy for these people.
The information regulator takes this very very seriously contact them for specific advice..

So I contact someone with the link you provided. Simply ask for advice from them?

Although, do I move the client to my servers for now ?
Do I alert the police as well ?

-TechN3rd
 
Step 1 - Create your own site similar to the one that they have in operation but with all rules and legislation in compliance
Step 2 - Inform the client and police of the situation of the current clients site
Step 3 - Offer the users of the site and the clients clients your alternative site
Step 4 - Profit
Step 5 - Drink the blood of your enemies

Step 5 is really optional but I like the dramatic effect...
Remove step 3
@MSI1104 what do you think about @Maximums_Rickimus solution ?

-TechN3rd
 
Last edited by a moderator:
So I contact someone with the link you provided. Simply ask for advice from them?

Although, do I move the client to my servers for now ?
Do I alert the police as well ?

-TechN3rd
Okay in this instance the information regulator is the "police". Don't touch the site or do anything that will incriminate yourself. Always start at the regulator.
 
Okay in this instance the information regulator is the "police". Don't touch the site or do anything that will incriminate yourself. Always start at the regulator.

This. Hands off. Stop where you are. Do not pass begin. Do not collect R200. No more touchy.

Inform the information regulator. They will take it from there.
 
Okay in this instance the information regulator is the "police". Don't touch the site or do anything that will incriminate yourself. Always start at the regulator.

I kinda logged into the panel made a backup of the database and the site, I did that about 4 times, since this database and site grows daily.

-TechN3rd
 
Pretty sure it's illegal for a freelancer so steal IP, nevermind an entire company/idea :ROFLMAO: Anything you do for a client belongs to the client.
Though I guess it will depend on what you signed (contract/nda/etc etc) But at the very least it would be unethical. As a potential client, I would 200% not give you any work, knowing that you would just copy or steal what I paid you to work on... Keep that in mind.

As for the whistle blowing, as the SABC says.. It's the right thing to do ( minus the tv license part :p )
Good luck!
 
This. Hands off. Stop where you are. Do not pass begin. Do not collect R200. No more touchy.

Inform the information regulator. They will take it from there.

>>> "This. Hands off. Stop where you are. Do not pass begin. Do not collect R200. No more touchy."
😂😂

You made me laugh and stare at the screen for a moment.

-TechN3rd
 
Pretty sure it's illegal for a freelancer so steal IP, nevermind an entire company/idea :ROFLMAO: Anything you do for a client belongs to the client.
Though I guess it will depend on what you signed (contract/nda/etc etc) But at the very least it would be unethical. As a potential client, I would 200% not give you any work, knowing that you would just copy or steal what I paid you to work on... Keep that in mind.

As for the whistle blowing, as the SABC says.. It's the right thing to do ( minus the tv license part :p )
Good luck!

>>> Pretty sure it's illegal for a freelancer so steal IP, nevermind an entire company/idea.

Explain please?
>>> Though I guess it will depend on what you signed (contract/nda/etc etc) But at the very least it would be unethical

I signed nothing, nada, jack $#!7. I just got this client on Friday, met up with them on Monday.

>>> As a potential client, I would 200% not give you any work, knowing that you would just copy or steal what I paid you to work on... Keep that in mind
--- knowing that you would just copy or steal what I paid you to work on... Keep that in mind ---

What does that mean ?


-TechN3rd
 
I am referring to what Maximums mentioned. And the fact that it seems like you are considering it?
As a start, I would suggest you get some customer contracts. To protect them and yourself.
>>> As a potential client, I would 200% not give you any work, knowing that you would just copy or steal what I paid you to work on... Keep that in mind
--- knowing that you would just copy or steal what I paid you to work on... Keep that in mind ---

What does that mean ?

I am saying, myself personally, as a potential client, would not use you or your services, knowing that you would just take my stuff (IP) , slap a new logo on it, and contact MY clients saying you are offering a new/better service similar to what I paid you to host/service. Does that make sense?
 
I am referring to what Maximums mentioned. And the fact that it seems like you are considering it?
As a start, I would suggest you get some customer contracts. To protect them and yourself.


I am saying, myself personally, as a potential client, would not use you or your services, knowing that you would just take my stuff (IP) , slap a new logo on it, and contact MY clients saying you are offering a new/better service similar to what I paid you to host/service. Does that make sense?

>>> I am saying, myself personally, as a potential client, would not use you or your services, knowing that you would just take my stuff (IP) , slap a new logo on it

Oops, you misunderstood me.

>>and contact MY clients saying you are offering a new/better service similar to what I paid you to host/service

I would never do that. Let me re-read his post.

remove step 3

What I was considering, I thought I would create a working version of my clients site and show them the difference. Without the leak in information. So I can put a deal on the table. I simply fix up the mess the previous developer made and secure all content that is leaking. I will offer my price and if they do not wish to use the service, then I guess I have to report them.

Although @MSI1104 made some awesome inputs, I have contacted the IRS. I will have to see what they have to say, will be going to law enforcement tomorrow as well. I could not find the time to go today.
 

Users who are viewing this thread

Latest posts

Back
Top Bottom