Kill a website remotely

So, all you want is to prevent hotlinks? Why don't you use .htaccess? It works without involving Javascript: if the request referer is your domain, then the server will give access to the protected files, otherwise it will deny.

You can try this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|css|js)$ - [NC,F,L]

Where the last rewrite rule defines the extensions of the file types you want to protect. By searching you can find many .htaccess rule generators, the above was created by:

• http://www.htaccesstools.com/hotlink-protection/

But there are other solutions, always with .htaccess file, read here (bit old but always good start):

• http://alistapart.com/article/hotlinking

Bye!

thanks for your reply,

No i am not trying to prevent hot links i meant disable the website like if the kill switch is enabled then the website shows a blank page ofcourse at this point the website is with the client on his own server so i dont have the password. so before i hand over the website to the client i can put a code that can be accessed remotely for killing it or bringing it back up. The only reason for this is incase the client doesnt pay. Thanks

Oh, a backdoor! :D

I'm afraid it's not legal. If the client signed an agreement then, in cases you don't get payment, it's better to talk to a lawyer.

If you still want help with this, wait for other suggestions, I'm out.

I agree with Cereal, you would be treading on thin ice by including a kill switch and might be dragged into court for any loss the customer might incur (even if it is only perceived).

nope remember the client hasnt paid yet plus he hasnt signed an agreement.

Can you host the site until you have been paid? Once they have the code on their server there is very little to keep them from copying and recreating it outside of your control.

Perhaps a simple redirect for all files in htaccess would do. If you have ftp access all you have to do is keep a killsite htaccess file ready to upload. It won.t interfere with the rest of your files.

@joeharv they take the site and say they will pay later which leads to false expectations and even if they copy it they will copy it with the kill switch, @diafol thank you for the reply a htaccess would surely work only if i have access to the cpanel which in this case i dont so if there would be a way to kill it remotely, remember the killswitch will not affect the clients files and data it will just show a blank page till they pay then ill disable it.

I.m confused. So this system will not be hosted on a server you have access to?
Personally I always have the client.s site on my dev domain. I only transfer it on final payment. In the same way I only transfer passwords, rights to stuff etc after payment. Make sure that is in a contract. A contract is there to protect you as well as them. If you undertake work without a written contract things could get messy and there is considerable scope for taking the piss.

yes i agree and no the website is hosted on their domain i did fid a website that allows a kill switch to be put in place if ypu could help me figure it out and get it running i would really appreciate.

Hi all i already got a solution thanks for all the input. Cheers

Hi all i already got a solution thanks for all the input. Cheers

Did you go with a cruise missile perchance?

We have one other business model and think about that . We have a contract that is saying that all data belongs to the client and all software to our company. What that means is that we are obligated to make it work and if the client decide to go with another company he will receive all the databases + files (images + pdf's + zip or whatever). The client will not receive the software. That has a bad point for us, we must be sure all the time that our servers keep that part of the deal. Over the years we had one or two failures on that , but if the client is clever enough will acknowledge that there one or two failures is nothing. The most interesting misfeature of that model is from clients that want to change this and some of them going in another company that desperately need our back office software. To be honest some time I just gave them , not because they told stupid explanations why their (our old) client had signed up that agreement but because I was sure that their level of understanding would make our code unusable to them.

There is a way if your site involves database; however, I prefer not to discuss any further. The matter should be taken to court (a small claim court, possibly) if your client does not pay rather than being sneaky this way.

By the way, inserting this kind of kill switch into a product means you open a security hole to others; besides, it is unethical regardless the reason behind it...

Better to seal a good & solid deal with your clients which means contract with scope and agreeing to some down payment schedule before you start working on the phases of the project..