Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 18-03-2019, 16:55   #801
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
Can you prove you own the account you don't have access to? If you contacted the hosting company, they might be able to 'break' the DNS-ing?

Is the account you don't have access to still alive? Once the domain name expires, isn't the DNS record removed? So, if you create a new website, and assign that domain name to that website? (ie, account).
Chris Locke is offline   Reply With Quote
Thanked once by:
Psycho (18-03-2019)
Old 18-03-2019, 17:11   #802
Psycho
Trusted User
 
Psycho's Avatar
 
Join Date: Jul 2002
Location: Croydon, London
Posts: 10,254
Thanks: 867
Thanked 177 Times in 108 Posts
Quote:
Originally Posted by Chris Locke View Post
Can you prove you own the account you don't have access to? If you contacted the hosting company, they might be able to 'break' the DNS-ing?

Is the account you don't have access to still alive? Once the domain name expires, isn't the DNS record removed? So, if you create a new website, and assign that domain name to that website? (ie, account).
Thanks!

It was a bit of a hypothetical question, as I have been contacted by someone who has a website but the person who built it has gone off the radar - they built the website, hosted it on their account and registered the domain name for them, so now they don't have access, ownership or control over any of it.

I think the best option is to start fresh with a new website, now domain name and a new hosting account.

Psycho
__________________
Graphic Design Website: www.ph-design.co.uk
Twitter: @pHdesign2011
eBay Auctions: Nothing at the moment
Trader Feedback: Trader Feedback Thread
Psycho is offline   Reply With Quote
Old 19-03-2019, 07:31   #803
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,058
Thanks: 2,847
Thanked 2,953 Times in 1,282 Posts
Hmmm ... it couldn't work like that, cos otherwise people would steal sites.
I want product.com, so find that it's hosted by ABC.
I set up a new hosting account with ABC, and create a new website that wants to be product.com ... won't work.

But in your scenario, I would try to find the original developer (he may well be happy to hand everything over).
driver8 is offline   Reply With Quote
Thanked once by:
Psycho (19-03-2019)
Old 19-03-2019, 10:37   #804
Psycho
Trusted User
 
Psycho's Avatar
 
Join Date: Jul 2002
Location: Croydon, London
Posts: 10,254
Thanks: 867
Thanked 177 Times in 108 Posts
Quote:
Originally Posted by driver8 View Post
Hmmm ... it couldn't work like that, cos otherwise people would steal sites.
I want product.com, so find that it's hosted by ABC.
I set up a new hosting account with ABC, and create a new website that wants to be product.com ... won't work.

But in your scenario, I would try to find the original developer (he may well be happy to hand everything over).
Thanks!

Apparently the original developer isn't being very helpful and/or can't be contacted any more.

The original developer purchased and owns the domain name, which expires later this year, and apparently would only sell it for a very high price.

So, one thought was to wait until it expires and quickly buy it at a standard price but there is the worry the original developer will just renew it with the hope of selling it on at a very high price.

I think it's best to buy a new but similar domain name - there is one available with a hyphen between the two names.

They don't use an email address linked to the domain name either, so that wouldn't be a problem.

Just out of interest, what is the best practice when building a website for a client, so that a similar thing doesn't happen?

Most of the time a client will just wants you to manage everything - purchase the domain name, host the website on your account, etc. But if you drop dead they won't have access to anything.

Giving them an admin account for the website would allow them to hand over management of that to a new developer. Also, that would also allow them to package and move the website to a new hosting account, but they wouldn't have ownership of the domain name until it expired and then they can repurchase it.

Psycho
__________________
Graphic Design Website: www.ph-design.co.uk
Twitter: @pHdesign2011
eBay Auctions: Nothing at the moment
Trader Feedback: Trader Feedback Thread
Psycho is offline   Reply With Quote
Old 19-03-2019, 10:48   #805
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
> there is one available with a hyphen

Just my two-penneth. Avoid hyphens. I work for call-assist, so they've got call-assist.co.uk. All day I hear people give out our website or email address 'call dash assist ... no, that's a dash, not dash ... hyphen ... yes, a line .... so that ... sod it, I'll drop you an email ....". You may as well register r.dot-dash.co.uk - that'd be great to read out...

As for the 'client' side of things, I guess it depends on the size of the client. A big company, or Terry the Plumber? A big company couldn't lose their domain (its one of their biggest assets - all their marketing it built around it?) so I'd assume you'd use a solicitors as a middleman. Bit like a will I guess - "in the event of the company going poof, I hand over all rights to XYZ.com. Until then, keep your grubby mitts off." but a bit more legal speak....
Technically, its you who owns the name, rights, etc - the company is just 'renting' it from you? Depends on the agreement when the client was set up. Its a bit like software - you don't own it, but 'rent' it, etc. Even though you hold the physical media. I'm wobbling now, on something I don't really know anything about.
Chris Locke is offline   Reply With Quote
Thanked once by:
Psycho (19-03-2019)
Old 19-03-2019, 10:53   #806
Psycho
Trusted User
 
Psycho's Avatar
 
Join Date: Jul 2002
Location: Croydon, London
Posts: 10,254
Thanks: 867
Thanked 177 Times in 108 Posts
Quote:
Originally Posted by Chris Locke View Post
> there is one available with a hyphen

Just my two-penneth. Avoid hyphens. I work for call-assist, so they've got call-assist.co.uk. All day I hear people give out our website or email address 'call dash assist ... no, that's a dash, not dash ... hyphen ... yes, a line .... so that ... sod it, I'll drop you an email ....". You may as well register r.dot-dash.co.uk - that'd be great to read out...

As for the 'client' side of things, I guess it depends on the size of the client. A big company, or Terry the Plumber? A big company couldn't lose their domain (its one of their biggest assets - all their marketing it built around it?) so I'd assume you'd use a solicitors as a middleman. Bit like a will I guess - "in the event of the company going poof, I hand over all rights to XYZ.com. Until then, keep your grubby mitts off." but a bit more legal speak....
Technically, its you who owns the name, rights, etc - the company is just 'renting' it from you? Depends on the agreement when the client was set up. Its a bit like software - you don't own it, but 'rent' it, etc. Even though you hold the physical media. I'm wobbling now, on something I don't really know anything about.
Thanks!

I know what you mean about the hyphen. I think they can get a ".com" version rather than the original ".co.uk" without the need for the hyphen. But I think that will cost more. I'll suggest it to them.

It's just a "Terry the Plumber" company.

Psycho
__________________
Graphic Design Website: www.ph-design.co.uk
Twitter: @pHdesign2011
eBay Auctions: Nothing at the moment
Trader Feedback: Trader Feedback Thread
Psycho is offline   Reply With Quote
Old 19-03-2019, 10:54   #807
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
> which expires later this year, and apparently would only sell it for a very high price.

My memory is hazy, but wasn't there laws or things to stop this? I know years ago companies would buy mmicrosoft.com or aamazon.com (or even amazon.co.uk before amazon could buy it) to catch people who misspelt websites, and the main companies would be charged thousands to buy those domains. SO something was set up so only companies who could prove their purchase of that domain was legit and they weren't 'cybersquatting' or whatnot. Aah, may only be a US thing. Presume that still applies if its a .com address though?
Chris Locke is offline   Reply With Quote
Thanked once by:
Psycho (19-03-2019)
Old 19-03-2019, 10:58   #808
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
> It's just a "Terry the Plumber" company.

.biz names might be cheaper than a .com ? Or just a .uk? Or just add 'online' to the end of the old domain! haha!
Chris Locke is offline   Reply With Quote
Thanked once by:
Psycho (19-03-2019)
Old 19-03-2019, 18:37   #809
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,058
Thanks: 2,847
Thanked 2,953 Times in 1,282 Posts
Loads of places sell a .com for less than $10 - I've just moved over to PorkBun - cheap, smooth transfer, good dashboard, no issues.

Trying to 'snipe' an expiring domain is tricky - there are companies that specialise in doing that, and hoover up all the best ones (highest traffic). So as a layman you're best off using some sort of tool cos the exact expiry date/time isn't set in stone, annoyingly (a variable grace period for the previous owner, afaik).

Standard advice is to register domains with 1 company, have web-hosting with another, so that applies to Terry the Plumber too - if he couldn't personally register his domain, ask a relative rather than his webdev (who would then hold all the power).
driver8 is offline   Reply With Quote
Thanked once by:
Psycho (20-03-2019)
Old 20-03-2019, 08:31   #810
doogie
PSN doogstar
 
Join Date: Mar 2001
Location: XBL doogsta69
Posts: 1,068
Thanks: 26
Thanked 51 Times in 44 Posts
Quote:
Originally Posted by Psycho View Post
I think they can get a ".com" version rather than the original ".co.uk" without the need for the hyphen.
You're in luck! Nominet are very business friendly - I had a case a few years ago where the business had been using the domain but due to a dispute with a previous web developer he was holding it ransom. I got in touch with Nominet (think the dispute resolution department), supplied proof of the business of the same name, proof of the historic use of the name (archive.org if it's down) and they then ruled that the business had legitimate use and transferred it over for the standard registration fee.
doogie is offline   Reply With Quote
Thanked 3 times by:
Chris Locke (21-03-2019), driver8 (20-03-2019), Psycho (20-03-2019)
Old 21-03-2019, 08:54   #811
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,058
Thanks: 2,847
Thanked 2,953 Times in 1,282 Posts
Envato Sale - always worth a browse, as it's not usually the obscure tat.

85 WP themes + 74 WP plugins (some top sellers, and many with 1000+ sales)
driver8 is offline   Reply With Quote
Thanked once by:
Chris Locke (21-03-2019)
Old 03-04-2019, 07:44   #812
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,058
Thanks: 2,847
Thanked 2,953 Times in 1,282 Posts
Interesting geeky long read about WP plugins and security ... an IT whodonit ...

Me ? I've been following/using WordFence (WF) for some years now, and respect their work ethic and transparency. They know their stuff, and are likely 100% correct (like Jem).

1) WF: Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin

2) Jem: Security alert: pipdig insecure, DDoSing competitors

3) pipdig: A PUBLIC RESPONSE TO SOME SERIOUS ACCUSATIONS (UPDATED)

4) WF: Dishonest Denials, Erased Evidence, and Ongoing Offenses

or if you prefer audio:

5) WF Podcast: The Pipdig Story
driver8 is offline   Reply With Quote
Thanked once by:
ljp (03-04-2019)
Old 09-05-2019, 18:11   #813
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,058
Thanks: 2,847
Thanked 2,953 Times in 1,282 Posts
Looking for hosting ? This is an amazingly comprehensive review of all the big players.

Click on one of the 6 green buttons, for your preferred price-band.

WordPress Hosting Performance Benchmarks (2019)
driver8 is offline   Reply With Quote
Thanked 2 times by:
Chris Locke (10-05-2019), Psycho (09-05-2019)
Old 09-05-2019, 18:44   #814
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,058
Thanks: 2,847
Thanked 2,953 Times in 1,282 Posts
Ouch ! Anyone a WPMUDEV member ? 100s of disgruntled comments ...

This Is Gonna Be Emotional, We’re Setting over 90% of Our Premium Plugins Free!
driver8 is offline   Reply With Quote
Old 05-06-2019, 10:22   #815
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,355
Thanks: 306
Thanked 125 Times in 101 Posts
Argh! I've just setup a new Wordpress page and it looks like its been compromised...

If I access a URL directly, all looks fine. If I search for one of our pages via Google and follow that link, a spam ad has been inserted in the header.

Unfortunately this has happened after logging a website migration request with my hosting company - during which I had to send them all my passwords via their secure portal...

What's the quickest way to track down the offending code?
ascender is offline   Reply With Quote
Old 05-06-2019, 12:30   #816
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
Your hosting company should have logs of who edited what and when. However, as its just an IP address, its a bit useless (could be faked) etc.
To be honest, if even a small part of the website has been compromised, I'd restore it to a clean copy. You could remove the ad, but can you be sure there isn't a rogue bit of PHP or added page which could give someone back door access? Is the website worth the risk? I'm assuming you have copies of either the website/database from the website, or prior to uploading?
As for being compromised in the first place, have you got an up to date Wordpress install, and with proper valid plugins? I've handled sites with 'unknown' or no longer supported plugins, so Wordpress says, "yup, its up to date - you're safe!!" but in reality, the plugin is 4 years old, riddled with bugs, and hackers love it.
Chris Locke is offline   Reply With Quote
Thanked once by:
ascender (05-06-2019)
Old 05-06-2019, 12:42   #817
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
> I'm assuming you have copies of either the website/database

Thats reminded me. Don't forget the database could also be compromised, and as records don't have 'modified' dates on them, tracking down modifications is harder.
If it is a bit late, I'd recommend 'iThemes Security' - covers a wide range of areas within Wordpress.
Chris Locke is offline   Reply With Quote
Thanked once by:
ascender (05-06-2019)
Old 05-06-2019, 12:47   #818
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,355
Thanks: 306
Thanked 125 Times in 101 Posts
So.... There's been a directory created in downloads - just trying to check who created it, but that's where all the rogue code is. I've deleted the director and the file and its removed the issue. No other files/directories seem to have been modified during a similar time.

I've got very few Wordpress plugins and they're all up to date - the site was only created in the last week.

You're right, I should just restore the whole thing to a copy from before that directory was created.

I've never had this happen before and am very suspicious about the timing of it happening after sharing passwords with the hosting company.


Thanks for the messages.

Last edited by ascender; 05-06-2019 at 12:54.
ascender is offline   Reply With Quote
Old 05-06-2019, 12:49   #819
JonLaidlow
Scoundrel
 
Join Date: Mar 2001
Location: UK
Posts: 2,529
Thanks: 152
Thanked 137 Times in 87 Posts
The Wordfence plugin - free edition - will scan the wordpress core files and identify any that have rogue code in them. I found one recently where the wp-config file had an extra line of php, presumably some kind of SQL injection attack.
JonLaidlow is offline   Reply With Quote
Thanked once by:
ascender (05-06-2019)
Old 05-06-2019, 13:15   #820
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,355
Thanks: 306
Thanked 125 Times in 101 Posts
Quote:
Originally Posted by JonLaidlow View Post
The Wordfence plugin - free edition - will scan the wordpress core files and identify any that have rogue code in them. I found one recently where the wp-config file had an extra line of php, presumably some kind of SQL injection attack.
I'd just found Wordfence and it looked good, so was good to see you posting about it too. Have installed that now.
ascender is offline   Reply With Quote
Reply

Bookmarks

Tags
plugins, themes, Web Design, Wordpress

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Links not working in wordpress???? Guest 48579 Computing Forum 2 28-08-2006 04:41
How to build a website which allows others to build a site ? KeyserSoze Computing Forum 18 08-10-2005 23:14
Wanting to build a website Guest 16622 Computing Forum 8 13-07-2004 18:25

All times are GMT. The time now is 02:46.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.