Fiverr Forum

Worried About Giving Seller Website & Server Access [ARCHIVED]


#1

Hello. I’d greatly appreciate feedback on giving a seller administrative access to both websites and server files. My concern is we REALLY don’t know these people and what if something malicious is done to the web properties?

The seller states no harm will come about and that he hasn’t gotten “this far” in Fiverr by not doing the right thing, but I’m still concerned. How have buyers in similar position handled this?

Thanks!


#2

When I first started on this site, I was a bit naive, and gave access to a seller. He did an amazing job. But now, I wouldn’t trust anyone with such information. That’s just me though. How can you trust someone who’s working for $4? I remember reading a post about how a programmer put a malicious script on a buyer’s website. So its really up to you. You’l eventually have to trust someone to do it, but if I were you, I would create a temporary account with a new password for the developer. Good luck.


#3

@windoarsails



Yes it is a huge leap of faith to give someone you don’t know access to the backend of your web properties.



For starters…



Is the seller highly rated on Fiver?

Level 2 or better?

How long have they been on Fiverr?

What are their reviews like?

Does the seller have a YT channel with other reviews?

Can you search the seller on the web? They may have a presence elsewhere with good (or bad) information.





#4

What is the nature of the gig that he needs this kind of access? Think to yourself if you can make a temporary account for him that restricts access to only the areas he needs to get in or if he can provide you step by step instructions via screen-shots. As the person above has stated, does he have an established feedback, lots of previous feedback shining him in a positive light? Have you worked with him on previous orders without an issue(even if no info was needed on your end.)


#5

I would never let someone on fiverr get this kind of access. Strongly recommend that you rather pay someone you know, trust and/or are able to meet in person a bit more to do this particular type of work.



One little malicious script on your server and you’re screwed :frowning:


#6

I have gigs that require me to have server access or file access for the website in questions. It totally depends on the buyer if he trusts or not. Some provide me temporary access to their cpanel, some give ftp and some just send over their whole file zipped.



Personally I think why do something malicious when it can be traced back to you. if a seller does something malicious then he can be traced back to fiverr. One can contact Customer Support and report the seller. The seller risks losing all his earnings for 90 days.


#7

DON’T DO IT.



We provided just a link to a buyer to download his video because it was too large for fiverr and found that the buyer followed the link and sent a bug which deleted multiple files on the server. We know who it is but can’t do anything and neither can fiverr.



There’s a lot of fraud on fiverr so you need to be careful. Personally, I would never allow access. These Bas****s write code that can easily be placed on your server and they can track, gain access, download or destroy anything on your server.



Since credentials are not allowed to be given to you through fiverr, be safe, hire a professional outside of fiverr to do the work.


#8

Reply to @edume: So you mean we developers and programmers are Bas***s doing nothing but adding codes to destroy the buyer? Congrats Man!! You just labeled every gig in Programming & Tech sht and Worthless.



I’ve worked on so many projects here and no one ever came back to complain. Some Work I did on my own server and just sent the files and those who did not know how to do it asked me to deploy the application/website. What will I gain by placing a malicious code on something that I have created? And for your Kind “Nonsense” knowledge, Almost ALL I say ALL host have scanners that constantly scan website codes. No Known malicious code can escape such a scanner. Many of them have pre-written and defined bash rules that does not allow execution of such codes. They simply give a Internal server error. If such a thing is done then the buyer will be back complaining within hours of deployment.



"buyer followed the link and sent a bug which deleted multiple files on the server"

Such a ridiculous statement. Its your and your service providers fault that they gave unauthorized access to a unknown user. I can think of only 2 things. Either you used a direct link on a server that acts as a ftp server with a guest logon available or you used dropbox public folder.



Since you have so much to complain about fiverr, why don’t you just leave and forget about fiverr. This makes me think that whoever censored your posts were the right people/person. Over and out. No point in debating with someone who has no knowledge of the category.


#9

oops…



I’ve been doing Gigs that requires server access, and clients of mine is very trusting enough to give me full access (even shell/root access to their VPS, and WHM) to their servers and hosting account. I think of my clients that they are smart enough to decide to give me their credentials and access keys. They can utilize/use logging tools so they can track every activity we make on their servers.



Furthermore, after delivering a completed job to the buyer. I am strongly advising them to change all the credentials they shared with me, in case that credential is the one they primarily use. I also advise them to scan the website I’ve work on (using 3rdparty tools/webapp) to make sure that their website is clean when I delivered the work to them. I don’t really care about me getting into their servers and take advantage of it without them knowing it. What I care so much is that, buyer trusts me and that they can be sure that what they share with me remains confidential.



Earning your buyer’s trust… makes them loyal to you and they keep on coming back for your service when they needed it. In my case, I don’t only offer my Gigs here on Fiverr, but I also offer it here in my country and in my locality. And all of my clients here share their credentials with me and even made me an all access admin account for their webstore, making me their virtual store manager.



But not all Sellers are like me…



And one more thing… could somebody make this clearer for me?


edume said:
Since credentials are not allowed to be given to you through fiverr, be safe, hire a professional outside of fiverr to do the work.



#10

Reply to @atechkid: I would never hire a programmer from fiverr, you don’t know who it is and what they are capable of doing. atechkid, I looked at your gigs and none require access to a server.



Honestly, I’ve been on fiverr going on three years, there’s an increase in the amount of fraud and scams so why would anyone trust someone to access their server when you don’t know the person’s identity? It’s crazy. Don’t do it.


#11

Reply to @edume: I’m not sure if you really had a look but two of my gigs are related to installing linux modules and php scripts, both require me to have server access. Where and what will I install without the access. My other gig that deals with fixing php related problem also requires me to have server access else how would I check and fix the problem? Not everyone is a fraud.


#12

Reply to @atechkid: Yes, I stand corrected. Sure, not everyone is fraud but on a system like this you need to be careful.


#13

Obviously, trust is a major issue. It always is. But sometimes people feel safer when they’re paying bigger sums, as if more money is any kind of a safety net against fraud (when it really is not).



I work in an online marketing firm and clients often give us passwords and access to various accounts (facebook, gmail, etc), because not every site offers the options of adding temporary or restricted accounts.



Most of the sellers will be more than happy to take the time and talk to you via fiverr, so a certain trust relationship can develop. You can also take a look at other gigs they are offering that don’t require server or sensitive information access, and start there, deciding whether or how much to move forward with them.


#14

I personally leave it to instincts. if something in that hidden part of the brain tells me to scram, then believe me, I won’t be giving you my credentials no matter the number of incandescent reviews you have on your profile. Bottom line? I don’t want to be in any form of relationship with a person that I don’t trust. Same logic applies when I am the seller. If I suspect any of my buyers will give me a hard time, I prefer not to work with them. Fullstop.


#15

NO WAY should you give any seller on Fiverr admin access if you value your site. On TWO occasions I have had my website come crashing down within a week of closing out a job with a seller. If the relationship goes well and the seller is proficient in communicating, you might be okay. But if there is any hint you might be dissatisfied enough to give a seller a bad review, you’re dead. That happened to me TWICE (2015 and 2018). Both times I had problems with the seller (communication and technical problems), and indicated I was going to mark them down in the ratings. Here is what I learned: they can close out the job before its technically complete so that you can’t leave a review. Once they shut the door from their end, you can’t leave a review, so the ratings and reviews are not accurate reflections. Even if you’ve changed your password, they have ways of getting in and taking down your site. If you try to get customer support to assist you, they will tell you they have ZERO supervision over these technicians. There is ZERO accountability for poor service. They are independent contractors, mostly living in India. Its a cash cow for American business people who actually cannot stand behind the work these people do. So NO. Do not trust these people with anything you aren’t willing to lose.