2
How to be sure that the website's security isn't under any risk after he has done his job? (I'm a beginner, I use Ubuntu-16.04-PHP). Thank you!
Knowledge Knight
Posted 2017-02-20T18:09:25.837
Reputation: 33
I gave full access to a webmaster (freelance) how do i check for malicious scripts/viruses that he could have left?
Answers
3
I can recall a couple of answers about this on other SE sites. This and this.
tl;dr: It's really, REALLY difficult to be sure. About the website itself, static analysis and installing a known, (code)reviewed version of the website could help. About the server itself, nuking it and installing from know sources is the only way to be 100% sure.
Next time, please don't grant to anyone, more privileges than the bare minimum. You probably saved time back then but it came back to bite you so you'll end up spending a lot more.
Alfabravo
Posted 2017-02-20T18:09:25.837
Reputation: 552
1Infact, don't give them access. Have all code come via someone eyeballing the code to make sure it's sane. Have it submitted via a content management system so you can see who's changing what, and hopefully why. If you can't do this yourself, you hire people who at least have a reason to care (it's their job and you pay them). If you think they aren't worth it, maybe your website isn't either? – djsmiley2k TMW – 2017-02-20T18:36:28.187
3You don't give him access in the first place... – djsmiley2k TMW – 2017-02-20T18:16:49.243