Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website Manager Seeing Copies Of My Email


  • Please log in to reply
9 replies to this topic

#1 Rraa

Rraa

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 April 2008 - 07:02 AM

I am a pedigree cat breeder who pays for a cat website to be managed for me. I send pictures of kittens and new text to update the site. Together with this website, I have an email account so that people who are interested may contact me about my kittens. From the View Source route, I see that as well as emails coming to me, it is also going to the website manager. It is possible that there is a straightforward reason why this should be but I am wondering why they would want to see emails addressed to me?

If this is not good practise, is there some way I can take this up with my website manager - not wishing to hurt his/her feelings - perhaps there is some way in which I can access the settings and change it myself?

Any guidance gratefully received.

Regards

Ra

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:50 PM

Posted 24 April 2008 - 07:51 AM

Actually, I would first look through your contract with your provider and see if there is anything in there that says they will be reading your email. And if there is, find another manager. IF there is not, then you ask why your manager is violating your privacy? Then threaten a lawsuit. Then get another manager.

I manage content on a couple of small websites, and there is no reason I would need to read their emails. None. Zero. If there is a problem with the website, they let me know. If there is something that needs to be changed, they let me know. The only reason that I would need to read emails going to my customers was if maybe I needed to help fill orders, or answer questions about the business, but then I would no longer be a content manager; I would be a business partner.

So here is the deal. You are a customer. They are providing you a service. You need to ask them why they are getting a copy of your emails. If you wanted to be less confrontational, you would say "I notice from the logs that it appears that a copy of all my emails are going to account x. Is that true? Who has access to that account? Did I authorize anyone to do that? Do you have a good reason why you need to do that.? If any of the answers are unsatisfactory, find another manager, change all the passwords to the site, and then fire the current manager. Do not let them know they are going to be fired until they are locked out of your website.

Period.

You could change the configuration on your own, but without knowing what your setup is, I couldn't help you with that.

not wishing to hurt his/her feelings

Screw their feelings. You should be indignant.

#3 Rraa

Rraa
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 April 2008 - 08:21 AM

Thank you Groovicus for your advice. :thumbsup: This is as I suspected. :trumpet: I shall have to ask them to send me an agreement contract. From what I recall, there is nothing that gives them permission to see my emails and I certainly did not sanction this. The other strange thing is that I have no power to set passwords on this site.

my url is www.bobergsiamese.com and it is managed by global websites. If you go to the Contact page and then right click on the white space and select "view source", perhaps you will see, as you scroll down, who emails go to. My own addy is ra@boberg....

I am actually considering building my own website now and will probably be visiting the appropriate forum to read what people have been saying and learn that way, about how to build one, which software packages are good etc.

Any ideas on how to change my password then? Should I be able to do this myself?

Thanks again for your time and advice. Anyone can answer - am not picking on you alone. :flowers:

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:50 PM

Posted 24 April 2008 - 08:39 AM

Again, you should have the passwords to your own site. You should have the ability to lock out anyone that you want, at any time that you want. It is your site. Tell your manager that you want all of the admin passwords. Period. Also ask them for a hard-copy of the site, including any database information. (Which reminds me that I have one customer that I have not provided this for just yet). If they want to know why, you explain that you have time and money invested in the website, and you want a hard copy for insurance purposes.

EDIT: It does appear that someone is getting copies of your emails... and they can't spell either.

#5 Rraa

Rraa
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 April 2008 - 08:48 AM

OK Groovicus - I know now how to proceed. :flowers: Thanks again for confirming my doubts. I do not like to :inlove: think ill of people :trumpet: and am generally apt to look on the positive side. However, you are right. I shall see if I can sort something out soon.

Thanks for your time and advice. Very much appreciated.

Kind regards

Ra
:thumbsup:

#6 pislkie

pislkie

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 24 April 2008 - 03:40 PM

I am a Web Master also in the UK and I can tell you that what you have just described is in contravention of ooodles of UK legislation. For example, the Data Protection Act 1998. Also, the European Convention on Human Rights also enshrines the "Right to Privacy". There are probably others as well.
>>>piskie<<<

#7 Rraa

Rraa
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 April 2008 - 04:21 PM

gosh - so its quite serious then ... :thumbsup: I really must think carefully about how to go forward and look into exact laws on good practise as applied to websites. If I am going to have to confront them, I must have something solid to back up my doubts. Obviously, it does not sound like this carrying on is quite legal.

Can I hack into my own website to change passwords?

:flowers:

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:50 PM

Posted 24 April 2008 - 05:26 PM

Can I hack into my own website to change passwords?

Probably not. If I saw you were doing something like that on my server, I would not hesitate to report the activity, regardless of whether or not you own the website. My server, my property.

Your better choice would be to contact the web host, and explain the issue, and see if you can get them to cooperate.

EDIT: You could just maybe ask them to alter that line of code so that they are no longer receiving copies of the emails. Start there, and see how they react. The person in charge may not even realize that it is there.

#9 pislkie

pislkie

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 24 April 2008 - 06:52 PM

On the other hand, they could be unscrupulous and remove it from the Client Side Forms and incorporate it in the Server Side Script that the form feeds. I think I would be giving serious consideration to a change of Designer and/or Webmaster.
>>>piskie<<<

#10 Rraa

Rraa
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 25 April 2008 - 03:54 AM

Thanks Groovicus and Pislkie for your advice. Very useful.

Groovicus, I appreciate your advice about not hacking - that was me showing my naivete - see how clueless I am ! :thumbsup: - LOL Anyway, I could start as you say by siimply requesting them to remove the code so they do not see my emails but I rather think that PISLKIE may be right on this one as I know of a case of a previous client of theirs complaining about this very matter on their website.

I think my best plan is to print out a bit of evidence, bide my time (another nine months of service) for this financial year for which I have already paid and then move to a different site. I shall, of course, put an update on my website asking interested people to contact me on another email address, unconnected to the website. I may also ask my website manager to close my email address associated with this site.

Thanks again guys for your advice.

Kind regards
Ra




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users