Paranoia kicking in - gave guy from india access to ftp account from fiverr...

11 replies
Im not saying that because he is indian he's inherently untrustworthy, just more likely to be "opportunistic" when exploiting peoples stupidity.

So i ordered a 20$ gig to have him modify my theme, and i gave him ftp access to my public_html folder on hostgator. Now given that theres only dumby content on there (just to fill the void until all the pieces are in place) im not worried about him stealing content or anything like that.

What i am worried about: should i have given him access to the ENTIRE wordpress directory (which incidentally is my entire public_html folder)?

Is there any info in there that he can glean that i should be aware of? I dont know a whole tonne sbout code, but what got me worried was that i was able to find my database mame and database user.

I dont think thats to big a deal, but what about anything else?

Could he alter some php script to somehow hack me later on down the line? Which folders should i restrict him to next time?

Thanks, this has been another common sense lacking question by me. :p
#access #account #fiverr #ftp #gave #guy #india #kicking #paranoia
  • Profile picture of the author Conchairtoe
    And i should add he had 58 100% reviews, so i dont think i TOTALLY messed up
    {{ DiscussionBoard.errors[9882028].message }}
    • Profile picture of the author Alexa Smith
      You took a chance, as people often do, in these circumstances.

      Some hosts have ways for the customers to give "techies" only very limited access to exactly what they need to work on.

      The chances are very high that you'll be perfectly ok, of course.

      Just change your passwords, after he's finished?

      {{ DiscussionBoard.errors[9882141].message }}
  • Profile picture of the author David Keith
    anyone you give ftp access code could install any sort of software on your server they want that could do any number of malicious things.

    Chances are you won't have any issues, but it is possible. truthfully, there is really no way to avoid leaving yourself somewhat open if you hire developers.

    thats why for me, i have a separate hosting account for development (actually several) and only my core developers get access to my main server(s).

    changing passwords is smart, but it won't help if a develop has installed some malicious code on your server. Not trying to scare you, just trying to make you aware.
    {{ DiscussionBoard.errors[9882537].message }}
    • Profile picture of the author Kay King
      There are things he COULD do - but if you trust his rating it seems he has not previously taken advantage of his customers.

      The time to consider this was before you hired someone - no point in it now. No sense in going paranoid on the guy now after you've hired him. It's a chance you take any time you give access but this appears to be a brand new site so not sure what he would gain by compromising it.

      I would think he has more to gain by doing a good job and getting another good review by a happy customer.

      Due to the current pandemic I will no longer be shaking hands or giving hugs. You may wave, bow to me or give me the finger...your choice.

      {{ DiscussionBoard.errors[9882560].message }}
  • Profile picture of the author Gambino
    I have given access to my sites to probably over 100 different freelancers over the last 6-7 years. I have never had a problem of any kind. Except one American from this forum. I would guess you'd be fine, especially considering his reviews.
    {{ DiscussionBoard.errors[9882630].message }}
  • Profile picture of the author TheProductReviewGuy
    On Fiverr, you can always choose who to buy from. Search for the people who are top rated sellers with over 98% positive feedbacks. They won't risk taking advantage of someone's account if it meant that their reputation is on the line.
    {{ DiscussionBoard.errors[9883083].message }}
  • Profile picture of the author EmergencyMonkey
    I had to give access for an oDesk project I paid for. It was so nerve racking. A guy from Europe. He was excellent and kept me posted almost every 20 minutes by email. I gave him access with a password that was: itrustyou It worked out but was quite stressful the thought of being so exposed. I would protect myself better if I had to do it again.
    {{ DiscussionBoard.errors[9883089].message }}
    • Profile picture of the author FredJones
      Don't see why you need to panic just because he is Indian. I've faced scammers from many parts of the world, including India and USA.

      True, being from India the risk does increase a bit, but if that's someone with 100% positive feedback on Fiverr over 58 gigs on this particular service, then I don't suppose you're the first one to have given the access to him and those who had given him access had also given him positive reviews. So, my street-smartness tells you're in safe hands.

      My street-smartness further tells, irrespective of the nationality, you ought to change your password BEFORE you give the site out, unless the password is absolutely unique to that account. I hope you had this thought before giving out, and your password is used in no other account of yours. Just in case... It probably won't come to this.

      $1 gold: WSO That Instantly Transforms You Into A Content Production Engine

      $2.95 GoDaddy .com domains today: Click here.
      I am offering a free website - get it now (and they offer you a free domain with this).
      Find high-commission easy Amazon niches within 5 seconds here.

      {{ DiscussionBoard.errors[9883650].message }}
  • Profile picture of the author Conchairtoe
    Of course ill be changing the pw lol im just worried about malicious code. I only gave him access to the wordpress folder, so i guess ill compare the local version's file composition to the end product he gives me.
    {{ DiscussionBoard.errors[9884012].message }}
  • Profile picture of the author Zenoth
    Just make sure the seller has a good rating before you buy. No matter he is from India or from another country.

    You can also create a custom FTP account from your hosting panel and try to limit his access only where needed.
    {{ DiscussionBoard.errors[9884037].message }}
  • Profile picture of the author Winning34
    Bit late now, but instead of giving him access to your server, you should have sent him your existing theme files for him to upload to a test server and then if/when approved, he sends you the new version back. If he's a designer, he should have a test server somewhere.
    {{ DiscussionBoard.errors[9884454].message }}

Trending Topics