Forum Moderators: phranque
Anyway...looking around a few of this guys sites and he has on most of them a "private members area" which you need a password to get in to, trouble is the password is in the view source and can be seen by everyone, i clicked it and it has addresses, mobiles, emails of people, depending which site the amount of details varied but still, dodgy thing to have just lying around on the internet im sure youd agree. This guy uses the same password for each private members area site, so you know it and you have access to them all
Then to top it all off he puts Goodle AdWords on each of his websites so he continues to make money for himself after the sites have been completed which i also think is very sly considering some of the sites are for charities or places which are ran by volunteers and funds are provided by the public!
I have a newsletter which goes out to my subscribers each month, some of which are users of his services? Thing is I dont want to sound like a b*tch mentioning it in my newsletter that the average 10yr old kid nowadays knows how to view source let alone anyone trying to commit ID Fraud and should i mention about the AdWords trick hes pulling?
What do you think?
1. Adsense. That's between him and his clients.
2. Security. If you find a problem on a site, a personal note to the webmaster is the best approach.
i just think its a high security risk, ive tried emailing him and calling him without a response
i even emailed him instructions on how he should be securing directories on the server rather than with javascript
adsense, fair enough, but these local charities are run by little old ladies who wouldnt even know what Google was let alone adsense
I believe you're just angry he might make a little bit of money with Adsense on his badly designed sites.
I just feel that hes been a bit sneaky in regards to placing adsense on these charity and volunteer websites who give up their free time and money just to be conned out of the cash they could have for improving the services that the visitor came on the website to look at in the first place
You can take advice given here or rest assured that karma will catch up to him. You don't need to squeal. What you need to do is approach the current client in such a way that you wish to help. "Here is what I will guarantee I won't allow to happen . . . . "
One of two things will come of this approach: the client will lock up, because no one wants to admit they've made a wrong decision, or they will hire you on the spot and fire Mr. Brown-noser. IMO, this is the Right Thing to Do for all involved.
ive tried emailing him and calling him without a response
Why, why why would you want to help someone like this? If he hasn't done his homework, he doesn't deserve help, especially with the lack of an ear for his shortcomings. It's the clients you should be concerned about, not the instrument of their destruction.
If it were me, I would document everything, load all of my guns and go in blazing with his biggest clients. Keep it completely professional though. This is what I can do, this is what I will do, this is what is what I would improve, this is why, this is how I will work with it..... Try to keep as far away from being personal as possible. Business only!
1) You may pick up some nice business.
2) He will suddenly have a lot of problems that current customers should expect to see fixed FREE and fast.
3) Small town, connected guy - it will be personal. Make your choices about how to get some of the business, but dot every i and cross every t, because it could get ugly.
but these local charities are run by little old ladies
Are the people he has as clients individuals you actually want as customers? Little old ladies doesn't sound like a very profitable niche to me. I find the best thing to do with competitors, large, incompetent, or otherwise is to ignore them. Build up your marketing and brand and win more customers that are profitable and lucrative.
In the town I live in I have web developers that are agencies and much larger than me and freelancers like myself, some better than me some worse. I have never had a problem making a living full time at this for 5 years now because of the skills and connections I built up outside of whatever they are doing.
Sometimes it makes sense to study what a competitor is doing if it is a tactic that is very effective and figure out a way to neutralize it or improve on it.
However it appears to me you might have a bit of sour grapes with this guy because you don't respect his skills, but he keeps picking up customers with his connections that perhaps you might want. I suggest if that is the case, find people he hasn't worked with and win them as customers. Spending too much time worrying about what this guy is doing or not doing is wasting your most valuable resource...time.
But that is not your problem except if you are concerned for the good name of the organizations involved or you just want to be a good neighbor to your community. And if either are the case the last thing you want to do is publicize the problem. That would just be an act of bitterness detonating the bomb rather than defusing it, and it would likely boomerang on you with you being blamed as the person responsible for the security breech.
So your options are really limited to privately notifying the webmaster and site owners of the problem. You've already attempted to alert him once without success. I'd email him again with a "perhaps my first message was misplaced" note and blind customized carbons to each of the site owners. Send a different customized email to each site owner so you don't alert them of the possible problem with other sites, although if they are intelligent they'll figure it out. But once you've notified them you've done your due diligence.
You are upset in that you think site owners, and especially community organizations, are being fleeced by your competitor because you believe they don't know any better. But do you know that? Not all websites are built for the posted prices. I can easily imagine the scenario being your competitor offering these organizations free websites in return for the portfolio and publicity value plus his being able to run Adsense on them "to help cover out of pocket expenses." They might not get a great website but the price is right and they've made an informed decision.
Plus there's the councilman factor. Rocknbil is right in that "it's who you know." You recognized that also. But it is also "who they are". No doubt many people who don't value a website won't turn down a councilman professional webdesigner's offer to create them a website, without a lot of concern for quality as long as the price isn't too steep. No illicit coercion implied, it's just the way of things. Even the groups run by volunteers with public funds will understand that.
i think ill send him an email and bcc in the relevant people and forget about sending a public newsletter.
I hate that i come across bitter as im really not like that at all, i dont want these "little old ladies" to be my clients but i also dont want to see them fleeced by what could potentially be a dodgy doings by this gentleman.
I personally wouldnt normally get involved in anything like this but as i have a "community" website if anything i think im just being a good resident and just doing what any other person may do and think is right if they were in the same situation?
The trick is to come up with a way of placing the idea into the affected peoples' minds that they should review security without actually pointing any fingers. As soon as you start pointing fingers then you have to be ready for the other three that are pointing back at you.
So, how's this for an idea. Do you have a local paper in the town? Would they be interested in an article written by you in general terms about website security in this new online world? Perhaps you could give some case studies (without any details) explaining how easy it is to gain access to private information via poorly design/secured sites. (Without incriminating yourself of course.)
The upshot of this MIGHT be that some of this fellow's clients start questioning their own site's security. You MIGHT gain a bit of a reputation in the town. You MIGHT achieve your objectives without treading on any toes.
But then again, people MIGHT not listen, at which time, you have done your best and you move on with business as usual.
Just an idea.
Onya
Woz
ive just spoken to my local newspaper who said theyd be happy to put something in for me as long as i dont mention names or websites or anything that could point to the situation in general.
Would anybody give me some assistance on what to write as im not too good
thanks in advance
Onya
Woz
Another problem, is that even if you write it, be prepared for some sub-editor with no clue about the topic in hand to hack your article to pieces until it no longer says what you wanted it to say, and contains numerous technical errors. They always do.
So, how's this for an idea. Do you have a local paper in the town? Would they be interested in an article written by you in general terms about website security in this new online world? Perhaps you could give some case studies (without any details) explaining how easy it is to gain access to private information via poorly design/secured sites. (Without incriminating yourself of course.)
Please keep us posted as to how the article works out!
I have one other idea...
I am sure everyone here gets the relentless barage of emails about "free consultations," "trial link campaigns" and offers of free trial periods for services encompassing every facet of their website. However, these are almost always form letters which lack sincerity and individualized approaches.
What if you were to send such an email to the websites' owners? Personalized, of course, with a snippet of the improvements you could/would make to the specific website. Offer a free phone consultation or to meet in person and review their website more in depth.
I don't think this would appear as a personal attack on anyone. Email campaigns are an accepted form of advertising...and free consultations seem to be the industry norm. No ethical boundaries would be toed. No scare tactics would be used -- you'd just be repackaging the investigative work you've already done and be offering to correct the problems you have noticed. Even if you don't get any work out of it, you'd have made inroads with these organizations and potentially earned the opportunity to, if nothing else, inform these people of the security issues they may face.
You can't do much more; you can't make people correct problems, only notify them of the potential issues and hope they make the right decision.
quick update, i managed to contact the gentleman who said he'd take my points on board and change the site! Victory lol!
And i still get to go ahead with my article!
:-)
thansk for everyones help! Im off to post another thread about file permissions on my server now!
Byyeeee
is a man, about 60 years old
Note: old_expat is 68 this week.
