pumanegra2012 - 5:55 pm on Sep 15, 2009 (gmt 0)

Hi folks,

My dev skills are minimal, and as a result, I need to rely in offshore web developers to help me configure my sites.

I hired web developers from India on Odesk to help me fix my half baked website redesign project that was abandoned by another developer I hired. The guy I hired (who had 5 star reviews) said that he was the "Project Lead" and that another developer would work on my site, under his guidance. I was a little annoyed by the bait & switch, however, I checked out the company's portfolio of sites, which included some I recognized, checked out the source code for SEO friendliness & hired them.

Not only did these guys leave the job unfinished, I discovered weird code added to one of my blog posts, with the edit log indicated that he was the last person to log in (code shown below).

As I'm somewhat new to this (please provide your answers in an easy, step by step noob friendly way):

1) Any idea what this code is and what it does? I did a Google search off a snippet (LeoHighlights_iframe) and find many sites that appear to have this code.

2) What best practices do you recommend when hiring and providing admin access to an offshore web developer sourced from Odesk or Elance?

- I gave him access to my entire public_html folder. Was this wrong? What ought I do in the future?

3) How do I scan or audit my website for malicious code?

4) Looking at this developer's code - it looks messy and I will still need to hire yet someone else to finish the job and clean up the code, resulting in more expense & headache.

Any tips on how to hiring & vetting offshore developers? I have had such bad experiences hiring India & Pakistan contractors I am considering only hiring from the Philippines.

Much thanks in advance!

_____________

Here is a snippet of the mystery code, as it is too long to publish:

<input id="gwProxy" type="hidden" /> <input id="jsProxy" onclick="jsCall();" type="hidden" />

<span id="leoHighlights_iframe_modal_span_container"> </span>
<div id="leoHighlights_iframe_modal_div_container" style="border: 1px solid black; position: absolute; visibility: hidden; display: none; width: 394px; height: 40px; z-index: 32768; background-color: white;" onmouseover="leoHighlightsHandleIFrameMouseOver();" onmouseout="leoHighlightsHandleIFrameMouseOut();">
<div id="leo_iFrame_closebar" style="position: absolute; top: 0px; left: 0px; width: 394px; height: 40px; z-index: 32768; background-image: url(chrome://shim/content/highlightsFilter-1/header.gif);"><a href="javascript: leoHighlightsIFrameClose();"></a></div>
</div>
<script type="text/javascript">// <![CDATA[
createInlineScriptElement("var%20LEO_HIGHLIGHTS_DEBUG%20%3D%20true%3B%0Avar%20LEO_HIGHLIGHTS_DEBUG_POS%20%3D%20false%3B%0Avar%20LEO_HIGHLIGHTS_INFINITE_LOOP_COUNT%20%3D%20300%3B%0Avar%20LEO_HIGHLIGHTS_MAX_HIGHLIGHTS%20%3D%20200%3B%0Avar%20LEO_HIGHLIGHTS_IFRAME_ID%20%3D%20%22leoHighlights_iframe%22%3B%0Avar%20LEO_HIGHLIGHTS_IFRAME_DIV_ID%20%3D

on so forth for an entire page