Privacy, Porn and giving web developers a bad name!

A friend of mine contacted me during the week and asked me to install Google Analytics and fix some minor annoyances on his site because he couldn’t get hold of the guy who originally developed his site for him (I know he should have hired me to develop it but we didn’t know each other then).

The site is called Tiesite.dk and it’s a e-commerce site from which Kasper sells fine Italian ties and the developer (who shall go unnamed) built the site on open source source solution osCommerce.

You wouldn’t think that there was much you could get wrong with that now would you?

Well you’d be wrong!

After I set up FTP and logged in, I downloaded a complete backup of Tiesite to give to Kasper.

As I looked through the file structure of the site I found two separate image folders which between them contain approximately 4mb of pornographic images.

I wasn’t quite sure what to make of it. I was certain that Kasper wasn’t involved in the distribution of porn, online or otherwise, so I phoned him to ask him if he knew anything about. He didn’t, he was just as shocked as I was.

Unfortunately the porn wasn’t the worst of it.

As I continued to look through the file structure I noticed a backups folder under the admin folder and had a peak at it’s contents. Inside were backups of 3 different SQL databases from 3 OTHER COMPANIES.

I was shocked. Two of the companies appeared to be run of the mill e-commerce sites (the name of each web site is in the start of each SQL backup file) but one of them was an online Adult store which sells porn DVD’s, sex toys and all that sort of stuff.

That particular database was almost 13mb in size and a quick view of it, by simply opening it in Notepad to see what site/company it belonged to also revealed that it contained users names, address and other private data.

I wasn’t quite sure what to do. I talked with Kasper and explained what I had found and we promptly agreed that the first step was for Kasper to get some legal advice.

We did, and have been following the course suggested by his lawyer which has involved deleting all of the porn and databases from the server.

Contacting the developer for his side of the story will likely prove pointless as Kasper has been unable to reach him for more than a month now.

I’m shocked that a developer can be so careless and I can’t even fathom why these things would have been uploaded to Kasper’s web hotel in the first place.

The porn is a clear violation of Kasper’s web hotels terms of service and if it was discovered before we deleted it would have resulted in his account being terminated, resulting in a loss of revenue from his site and the need to find a new web host. 

It makes me wonder how many other sites this guy has developed where the owners are unaware that they  have inappropriate and potentially damaging material sitting on their web hotels?

Have any of you guys ever run in to such a display of carelessness and irresponsibility?

What would you do if you were in Kasper’s shoes?

(Image by idiotboy)