|Basic question about dealing with registrars and web/DNS hosts re: login |
I'm going to be taking over as webmaster for a couple of small websites. The current webmaster has been sloppy and negligent for some time. At this point, the sites owner is a little concerned that this guy might refuse to provide the login and passwords he's using, or worse, try to sabotage the sites once told that he's no longer needed for them.
What is the safest way to make the transition and protect the integrity of the sites? I've never dealt with this sort of thing before and am not sure how to go about it - or what is and isn't possible. I've designed and maintained a few of my own websites in the past, but a friend bundled my domain with a bunch of his and he dealt with the ISP. The owner isn't at all experienced in these things, he's let this guy handle things pretty much entirely. Can the owner contact the ISP directly and get the current login information without them also automatically informing the current webmaster? If so, can I then login and check things out without the current webmaster knowing?
Thanks in advance for your help with this sticky situation.
No brainer really, gain control over the hosting account and change all passwords. If it's entirely controlled by the current developer, stay away until the domain owner sorts that out, "web drama" shouldn't be one of the challenges a developer has to face.
Rocknbil, that's my question however - HOW does the owner best sort it out? He's asking for advice, and is nervous about it. While I completely understand this shouldn't be something I'm responsible for, as he also knows, it is something I would like to help him with because he doesn't have a clue how to best go about doing this.
I'm hoping some folks here do know about dealing with the ISP for these sorts of issues, and will help me with the information. The easiest would be if he can get the current login info direct from the ISP <b>without</b> them notifying the current webmaster - is there some way he can do that? I have no idea what ISP protocol's are for this sort of thing.
The owner should request the passwords for at least the DNS, control panel and FTP.
It should be normal practice for the site owner to keep copies of these things.
Once gained, they can be changed. After that you can get involved.
ISPs can change passwords but it is unusual.
I had this issue when I resigned as webmaster for a community art group. The hosting service simply split the site and domain off to a separate account. I cancelled automatic billing, removed my credit card details and handed over the account details.
The outgoing webmaster will have to sort out the unbundling.
Depends entirely on who is the "registrant" and the "administrative" fields in the domain name control panel..at the registrar.."registrant" should be the actual owner..if it isn't..and if the actual owner is also not listed as the "administrative"..then the registrar will not change things nor give out passwords to anyone else..except in exceptional circumstances such as the death of the owner and a written official request from the lawyers acting from their successors..
btw..normally ISP refers not to the registrar nor to the place the site is hosted at ..ISP is Internet Service Provider..which is the company that you as an individual or a business pay to be able to connect your computer to the internet..
Looking one of the sites up with whois, then double checked at the registrar, it shows the owner as both Registrant and administrative contact. The registrar is register.com, and the DNS servers:
I'm sorry to be so ignorant about this - and Leosghost, thank you for the terminology correction! I've never dealt with this side of things.
So, does the owner need to contact both the registrar and the DNS server, which I assume is rout66.net?
Please walk me thru exactly what he needs to request from each - and whether that would trigger any notification to the current webmaster or not?
Should I re-post this question with a more applicable subject line (my bad on the ISP bit!)?
No need to repost :)
I can't do you a walk through right now as I'm cooking very late dinner ( regular users here snirk now :))..
But if no one else steps in ? I can do so later..
Meanwhile ..if you are worried about losing the current site files ? if the current webmaster "notices" something ..
I would suggest downloading an easy free safe site ripper..httrack ( get the one for your OS ) the windows one has a GUI , the linux one has a terminal interface ..very easy to config..there is aportable one for windows which you can get to run AFAIK on Apple machines in VM if you don't have bootcamp set up..I don't know if the linux version will work on Apple machines "as is" ? ) ..and see if you can use it to get the entire site in an offline copy..
By the time the current webmaster notices ( if they have not blocked standard site rippers ..many don,'t ) ..you'll have a copy and will just need to contact the Registrar ( if the owner doesn't have the access codes to the current hosting account, it will no longer matter ) ..the current webmaster can then do nothing, as you will have all you need to put the entire site up again fast, somewhere else..
Then from the admin panel at the registrar you'd just "repoint" the domain name to the nameservers at the new host which would connect any visitors directly to the new files placed on the new host..
Oh yeah..I nearly forgot..as soon as you get access / into the domain control panel at the registrar...you change the password..that way you or your friend control the domain name ( that is the most important thing ) and the ( soon to be ex ) webmaster cannot get back in and make your lives miserable....
Then get a current copy of the site, do it right now if you can via httrack..changing the password will automatically notify the admin and owner contacts ..but only those..so if your friend is both ..then the current webmaster will not be notified of the change..which means you'll get the time to get a copy of the site via httrack..
By the time they notice that they don't have the logins to either the domain control panel or the new site hosting ..it will be too late ..and you won't have to worry about them any more ..:)
Thank you Leosghost! I hope I haven't confused things with terminology again - to try to be sure we're on the same page: The owner doesn't want to change where the site is hosted, just have me edit the site as necessary rather than the other guy. At least as I understand it, site is on a commercial server (route66.net) and the guy who's been doing site layout/text etc. changes isn't affiliated with them.
Soooo, will the owner still need to contact the registrar & host companies, or just the registrar? (I'll still need to know exactly what he'd need to get from them, so I can pass the info to the owner)
Ironic you mention HTTrack - I downloaded and started using it for the first time because of this issue. So I have a copy of one of the sites, but I'll go ahead and rip the other two. Does it actually get ALL of the site files? There aren't any in the private ftp folder(s) that it's unable to access or anything like that?
My next joy is that it looks like there may be a small malicious script on each webpage of two of the three sites, that the current guy completely ignored. I've no idea what it's supposed to do or how it might affect site visitors - never dealt with trying to clean up infected sites. Sigh. (I already posted that as a separate question awhile ago)
If the site is made of static files, using a downloader will grab all of the public files. You'll not have any of the non-public files.
If the site is made by a CMS, using a downloader will grab only the generated pages of content, not any of the scripts that build the pages.
So, when you think you have "everything", you might have nothing except the content.
g1smd - I have no idea what he's used. He hasn't even declared the doctype on any of his pages, and main menus that ought to be consistent across the site aren't, his coding is sloppy and it looks like he doesn't bother to validate his code either.
It's been 4 or 5 years since I created and maintained a couple of sites of my own... one of those had an extensive form for data input and created resulting pages using perl - but the guts of the perl coding was done by a friend of mine although I picked up a bit. The perl files were in the private folders - so that's why I was worried about missing content/files using HTTrack. Anyhow, the other two sites I created were just html and a lot of graphics.
Two of the sites I might be taking over appear to be very simple - about a dozen pages total, no forums/blogs, no interactive features other than main site nav menu's & email contact addies. A log-in required for one & photo selection enlargements are just done with a simple nav redirect.
If a site was created by a CMS, how easy is it likely to be to figure out what CMS was used, which are the related ftp files? Would I have to have the same CMS program he used to be able to maintain the site, or once created as these already are, would I be able to manage them ok without the identical software?
If the current webmaster is as sloppy and negligent as you say, it should be easy to tell what you're getting.
If the pages end in .html or .htm, they're static and you've got them. If they're .php or .jsp or .asp or other-weird-stuff, they're dynamic and you'll need the password. I do not get the impression this is the kind of webmaster who has taken the extra trouble to rewrite his URLs from their real extension to something (or nothing) else.
Have you explored the site directories? Wouldn't surprise me in the least if they're auto-indexed, so you can see exactly what's where.
Oh, and you can ask the next passing Moderator to make up a more accurate title for this thread.
Inconsistent navigation suggests that a proper CMS isn't in use but the contact form and log in stuff means there is code that is processed inside the server that you don't see when you look via HTTP. You will need to grab the files that run the site via FTP.
Maybe the "form" is just a mailer ? with a php script handling it behind the scenes ?