Results 1 to 15 of 15
  1. #1

    Managing inactive client with outdated website CMS

    Hello fellow webhoster,

    In the case of an inactive client (meaning he no longer manage his website but his subscription is still active) having an outdated CMS on his website and attempt to contact him render no reply, what would you do?

    This in relation with outdated CMS such as wordpress or joomla is being targeted to be hacked, which means his website can be a way for hacker to compromise the server.

    Please give your thought, thank you.
    Last edited by markhard; 11-07-2013 at 05:02 AM. Reason: fixing title
    HalfDedi.com • Half Dedicated Half Price
    We provide affordable VPS hosting solution Singapore datacenter

  2. #2
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,877
    Suspend and notify ... but only if it gets hacked, or has resource violations from too many hack attempts.

    Too many unsavvy computer users insist on updating simply because a new version exists. They're upgrade junkies. And it's stupid. You can't always update, and being updated doesn't always increase security anyway. Security is security. Updates are updates. They're separate.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  3. #3
    Join Date
    Oct 2013
    Posts
    11
    I prefer to not to do anything about their site. I will suspend when there is any issues or something.

  4. #4
    Join Date
    Aug 2013
    Location
    Patras, Greece
    Posts
    11
    You could just send him one last message containing your concerns about a possible intrussion exploiting their service and damaging your whole server. If you receive no reply, then supsend him for 24 Hours. If he is still "alive", he will contact you, or else he doesn't care. So you don't care either.

  5. #5
    Join Date
    Apr 2009
    Location
    New York City
    Posts
    5,054
    I would send him a email stating that would be his final warning and that he's going to need to update his script asap because it is a security issue tell him if he does not do so that he'll be suspended and no refund will be given back. He should reply then and let you know what's the situation.

  6. #6
    Join Date
    Sep 2007
    Posts
    1,016
    Be very careful about suspending a clients account based on such a concern. The clients failure to respond leads me to believe that you're correct about the clients inactivity. However does your Term's of Service or Acceptable Use Policy cover the management of outdated scripts and the resulting action that could be taken against an offending account?

    Suspending the account before a security incident and/or without the support of your Term's of Service or Acceptable Use Policy isn't very professional in my opinion. However I understand your concern and point of view. I am incredibly impressed that you monitor your servers close enough to identify outdated scripts and inactive clients.

  7. #7
    Join Date
    Dec 2001
    Location
    Above The Clouds
    Posts
    6,999
    You should only suspend if the site is being exploited with malware uploads, sending spam or generally being used as a gateway to hack other people. If we had to suspend every site that didn't have an updated WP or Joomla we'd probably be out of business.
    Laurence Flynn @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK ● Speed ● Performance ● Reliability

  8. #8
    I think send email then suspend after 24 hours is great choice even some customers maybe not happy about that because suspending an account just for few hours will decrease their visitors and cause bad result in search engine result position.

  9. #9
    If your attempt to contact him was via email, I would try another method of contacting him. Either by phone or snail mail or both. It's possible his contact email is no longer checked and he is clueless that there is a problem. If you make that kind of attempt to contact him and can document it, he will have received better-than-average customer service from you and whatever you do in terms of his account subsequently will be much less "out-of-the-blue."

    If you still can't contact him, I'd only suspend him when there is a problem as mentioned above.

  10. #10
    Join Date
    Apr 2008
    Location
    Rotherham, UK
    Posts
    193
    I would suspend and notify the customer via email saying its for security reasons.

    If you leave while it gets hacked, then you may have more issues.
    Louis M. | Host Surf UK
    UK VPS, Dedicated Servers, Cloud Servers
    Managed & Unmanaged | 24/7 Technical Support
    0 Day Cancellation & No Setup Fee

  11. #11
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Quote Originally Posted by Host Surf UK View Post
    I would suspend and notify the customer via email saying its for security reasons.

    If you leave while it gets hacked, then you may have more issues.
    This but we open a ticket, and they normally reply.
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

  12. #12
    Join Date
    Mar 2005
    Location
    Ten1/0/2
    Posts
    2,509
    We actively scan for installed version of the most popular CMS installs on our server and send an e-mail the the account owner.

    In most cases, this is enough for them to log in and look at the very least.

    We only suspend an account if it is in breech of our TOS.
    CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
    Running Linux since 1.0.8 Kernel!
    Providing Internet Services since 1995 and Hosting Since 2004

  13. #13
    Quote Originally Posted by kpmedia View Post
    Too many unsavvy computer users insist on updating simply because a new version exists. They're upgrade junkies. And it's stupid. You can't always update, and being updated doesn't always increase security anyway. Security is security. Updates are updates. They're separate.
    Just about all the WP and Joomla CMS updates are security updates its not like an OS update that offers new features. These updates should always be installed. Yes you can run into problems updating but your chances of running into problems not updated is 10 times higher. The best thing to do is read the change notes on what the update is about. Then make the decision to update.

    To address the OP question, about clients that are no longer active in the maintenance of their web site. This will happen all the time my recommendation is you do not want to suspend the site or even try to force them to update or even bug them about updates. Maybe send out a monthly news letter about site security so you can get them thinking about it.

    Make sure your servers are secure just because the site gets hacked does not mean they can compromise the entire server. There are security settings you can set to make sure the server stays secure. Then suspend the site once it gets hacked.

    No shared hosting company is going to bug their clients about updating their web site. There are so many other things to worry about then hundreds of customers web sites. At least we cannot do that its just to many.

    Use Softaculous this will let the web master know when a new version is out and you can set it to "Auto Upgrade" so that their sites stays updated. Most host offer this free anyway.

    Good luck its all about server security you will have web sites hacked that's not a matter of if its just when. You want to focus on keeping them contained and from damaging the rest of the sites on the server which is really hard to do if you have secured the server right.
    Last edited by BuzyBee-Kevin; 11-15-2013 at 10:37 PM.

  14. #14
    Unless there are known security vulnerabilities with the CMS version he's using, than I suggest to leave it alone, unless it's already hacked or undergoing any malicious activities.

  15. #15
    Join Date
    Apr 2011
    Location
    Core Files
    Posts
    7,795
    Been down that road. In the long run after numerous attempts, the domain expires and they are long gone.

    I know a few cases where the host went in an updated the site for the customer. Not the safest practice since it could have broken things.


    If nothing is wrong with it, leave it alone. Set some form of a reminder to keep an eye on it occasionally...and depending on your setup, if something does go wrong with the account, you should be alerted, which then justifies a suspension.

Similar Threads

  1. Managing client databases in Plesk
    By prashant1979 in forum Hosting Software and Control Panels
    Replies: 5
    Last Post: 12-28-2012, 07:52 AM
  2. CMS for Server Managing Suff
    By aqoz in forum Web Design and Content
    Replies: 4
    Last Post: 06-06-2012, 06:33 AM
  3. Similar Content Managing CMS To This...
    By Ariolander in forum Web Design and Content
    Replies: 2
    Last Post: 06-10-2008, 12:52 AM
  4. Managing client orders
    By Aurora900 in forum Hosting Software and Control Panels
    Replies: 9
    Last Post: 01-23-2006, 11:48 PM
  5. client managing software?
    By phaz in forum Hosting Software and Control Panels
    Replies: 4
    Last Post: 06-09-2005, 08:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •