Deadbeat Clients - Valid Way to Prevent Them from Stealing Pages?

I’m having an issue with a client who is 9+ months past due on paying me for adding some pages to his web site (he did pay me for the original work). I explained that I own the additional pages (my work product) until he pays in full. After his missed his final deadline (and my patience ran dry), I temporarily removed the pages, and added entries in .htaccess to redirect requests to those pages to an “unavailable - contact [client’s e-mail address] for more info” page.

However, if he’s got backups of those pages and figures out what’s going on in the .htaccess file (or finds someone to help him), there’s nothing to prevent him from simply uploading the pages and clearing the redirects from .htaccess.

So this got me thinking - how can I maintain more control in the future with new clients? Having a solid legal contract is a must so I can establish legal grounds for removing unpaid-for content. But a deadbeat client could just ignore my contractual rights and put his own content back. So here’s my idea - I’d like to hear opinions (both legal and technical) on whether this would work and if there are any flaws in my thinking…

Keep the stylesheet on a server I control rather than with the rest of the files on the client’s server. Use fully qualified server/pathnames on all asset references (images, etc.) so that the web pages render properly.

If I find myself in a situation with a client who refuses to pay, all I need to do is this:

html {
display: none;
}

It’s unlikely that any of my clients would be making his own backups of all content, so by the time I had to implement this, it would be too late for him. I suppose a more tech-savvy client could try to do a view-source on the html/php, trace back to the css file, and figure out what’s going on. If I remove all other css code except the ‘html’ selector, though, even seeing the file wouldn’t help him. He could also just remove the “<link rel=stylesheet…” line and get the raw content to render, but it’s not going to look very good.

I’m not trying to be evil here, or hurt my clients in any way. I’m just try to protect my rights and my “property” until it’s paid for.

So what do you think? Would this be a legitimate way to do things?

Thanks!

I don’t know about legally, but technically it doesn’t work.
All they have to do is load their own stylesheet with body { display: block; } after yours and the website is visible again.

Ah, yes, but the client would have to be savvy enough to know that. My proposed method isn’t going to stop (or maybe even slow down) a web coding jockey. The intent is just to make things more difficult and time intensive for deadbeat clients (who wouldn’t need me if they understood web coding) than simply uploading files from a backup set.

A contract that allows you to collect fees associated with collecting their debt would probably be the better thing. When it reaches a certain point, it is fraud and theft and you need to just get a lawyer.

However, If you are working with pages that are rendered through PHP, it should be easy enough to write something to kill the page, such that you simply hit html://site.com/index.php?turnThatCrapOff=1 and it does something to nix the functionality such as switch out the css files or something of that sort.

Personally I wouldn’t disable those pages. They’ll just hire someone else to sort it out and you’ll definitely not get paid, plus you’ll probably be liable for legal action by making changes to their site without their permission (regardless of what you put in your contract, it doesn’t trump existing laws).

So, first off, don’t let unpaid bills go on for 9 months, that’s way too long. Have a defined procedure for bill payments and stick to it.

Put the pages back online. Send them a final reminder by registered post, give them 14 days to pay in full and tell them if they don’t pay there will be no more reminder and you’ll file in the small claims court.

If they don’t pay after those 14 days, go to small claims, win, and then get the debt collectors on them.

Of course, it may not be worth it, depending on the sums involved. If so, lesson learnt - get upfront payments where possible, otherwise develop a proper net 30 payment system, and best of all, try to spot deadbeats before taking them on as clients (that’s the tricky one).

I know just enough PHP to be dangerous. Is there a PHP pro here who can provide some working code based on TexasBob’s suggestion?

If my client doesn’t have the funds to pay me, he may have trouble finding someone else to do the work. He might get lucky with his neighbor’s dentist’s kid, or he could end up with his site even worse off.

Regarding liability for legal action, I have a clause in my contract that essentially says, “I own everything and retain full rights to it until you pay me in full. If you don’t pay me as per the terms of this contract, I have the right to temporarily disable the stuff you haven’t paid for, and you hereby waive all rights to collect damages of any kind that may result from the removal of content.” Sure, a good lawyer could challenge that, but I think it gives me a pretty solid legal foundation to stand on.

Yup. Lesson learned. I did start pushing aggressively to get paid when things were 60-90 days late. The client promised things and delayed, saying he was expecting a big deal to come through soon and then he could pay me. I realize now he was just trying to get away with not paying me for as long as possible. I suggested he do that with his mortgage company and see what happens.

I did send a final reminder back in September, and we worked out a payment plan (because I knew there was no way he was going to pay me in full). He did pay half the outstanding balance in December and was supposed to pay the other have by the end of January. I did politely threaten to use the small claims court process, but I don’t think it scared him too much. I have a trail of e-mail evidence clearly showing the client’s acknowledgment of the debt and his promise to pay. I’m pretty sure I would win in court, but the collecting part is the problem. If he had the resources, I do think he would pay me. But his company is in trouble, and I don’t think a judgment against him would bother him. A collection agency would do a good job harassing him, but I doubt they’d ever collect.

I am learning a lot from this experience, and am making changes. Now, I don’t start any project before I get a 50% deposit up front. I’ve got a net 30 payment system in place, with proper finance charges for late payments. And I’m trying to do a better job at getting well-funded clients who have adequate budgets for the projects they hire me to do.

I guess the gist of my original post is finding a way to “enforce” in a technical way my “property rights” namely that I own the web pages I produce until the client pays me for them. Car dealers / finance companies can repossess a car, and mortgage lenders / banks can foreclose and repossess a house. I’m looking for a way for web designers / developers to repossess a web site!

The thing is, when they repossess a car or house, it’s a ‘thing’ they can sell and get money for to pay the debt. Repossessing pages of a web site is a waste of time in that sense, because you’ll not be able to sell them.

I guess this is all about ‘sending a message’ of intent to the client. However one thing needs addressing - do you host the web site on your own server? If not, did you use the client’s own FTP details to access their server (or a server they pay a third party for)?

If so, that IMO is incredibly dodgy ground to be treading, regardless of what your contract says. Going back to your analogy, houses get ‘repossessed’ after a judge issues a court order; what you don’t want to do is put the pages on the client’s property (the site), then ‘break in’ and steal them back. So to speak.

IMO, once you’ve handed stuff over to the client, you just don’t have the right to take it away without a court saying so - your contract doesn’t trump the law of the land :slight_smile: This is why you should pursue the ‘debt’ in the correct, legal manner. In fact, even if you host the site itself, I’m not sure what the legalities are of you entering the client’s server space without their permission.

@shadowbox - Good points and good analogy. My client does host with a third party, although I have access via FTP. So I guess it’s more like I’ve sold him a TV that he failed to pay for. I can’t break into his house to repossess it.

An attorney friend suggested that I go ahead a file a complaint in small claims court, if for no other reason than to “be first” in case my client tries to sue me. If I’ve already got a complaint on file, his suit may look more vindictive than legitimate to a judge.

I think you are going about it in the wrong way. You are investing time and energy into protecting this content, but you would be better off investing time and energy into preventing this problem in the first place.

Look for ways to build your business and your reputation so that the quality of your clients improves. Over time, you’ll have fewer deadbeat clients and won’t worry about this kind of stuff.

Meanwhile, don’t engage in legal bickering as it can be time consuming. Just send invoices and document everything then take the client to small claims or sell off the debt. Take what comes and concentrate on the future.

if(isset($_GET['turnThatCrapOff']) && $_GET['turnThatCrapOff'] == 1) {
	file_put_contents('stolenpage.php','');
}

Checks if that get variable is set. If it is and the value is 1 then it’ll rewrite stolenpage.php to have no content.

I seriously do not recommend using any code like this anywhere. It’s far too easy for any monkey to adjust the URL and get the page/s wiped. A proper authentication system might work - but as others have said; spend the time on prevention rather than cure.

Plus that code above is pretty ******, it’s just a quick “would do the job”. But hey, if you’ve got clients who don’t pay they deserve ****** code.

Actually, this does raise interesting points, and its not the first time the idea of removing content has come up.

While the client has broken a contract, which is a civil issue, the developer here has, at a stretch, possibly committed a criminal act. He has on this occasion, accessed the client’s site without the client’s specific permission and while there, removed content and replaced it with different content. In the UK at least, this may fall under ‘computer hacking’ legislation. I know in the US there are similar laws.

Unlikely to ever come to this, but it’s worth considering all the consequences of just entering your client’s site with the sole intent of removing content without their permission, regardless of what clauses in your contract they may have broken.

If you stipulate that you “own” the pages until the final payment is made, I would suggest keeping the pages until that final payment is made. There are many projects that I take on that delivery of files are not sent until the final payment (this is especially true with a new client). At that point, the files are uploaded and they can be used by the client. This gives them incentive to pay the final installment. Once they have what they want (the pages on their website) what is their motivation to make the last payment?

I do have NET 15 and NET 30 clients as well, but they are more established and I have worked with them before and have a trust built with them. You may have worked with this client before, so it may not have been something you could forsee, but at least it’s an option.

Trying to figure out a coding trick is going to cause more trouble than it’s worth. Work yourself a solid contract so if someone does avoid payment, you have legal footing to take them to court and fight for it. You haven’t mentioned how much they owe you so it’s hard to say in this case, but I would probably just remove the files like you did and either follow through legally or chalk it up to lesson learned. You’ll spend too much time trying to make a point to this one client when it would be better served impressing a new client.

Good luck either way!

You hold the copyright until payment is received (and cleared). Threaten to file a lawsuit in small claims court.

How much do they owe? A few pages? I would write it off and not do business with them again. Word gets around, and taking it through the small claims court is a pain.

Either that or knock on their door and say hi, where is my money.

Not to get nit-picky, but I wonder if this is two separate things: gaining access and removing content. Regarding the first, when does “specific permission” begin and end? I typically develop on the client’s server (well, his 3rd party hosting provider’s server) albeit in a hidden subdirectory. I don’t know that things are as explicit as the client saying, “OK, during development, you hereby have my permission to access my server, but not after you’re done.”

And on the issue of “removing” content, would altering the .htaccess file to redirect requests for the unpaid-for content, while leaving the content on the server still be considered removal?

Well, it’s more than a “stipulation”. Under US Copyright law, as I understand it, I retain full and complete ownership of my work product until it is either fully paid for or I transfer the ownership rights to another party. As I mentioned in an earlier response, I develop on the client’s hosting provider’s server. With simple static (e.g. HTML/CSS) pages, it would be easy enough to develop on my server, then deliver code upon payment. But on a more complex site, say involving Wordpress and/or databases, it’s time-consuming to pick up everything from a development server and move it to a production server.

I did more than threaten. I just finished completing the paperwork to file in small claims court. I’ll mail everything tomorrow. The fee was US$22, which is a small price to pay to at least get into the legal system before my client does. I would not be surprised if his company is near bankruptcy, so it’s unlikely I’d actually collect anything. But at least he’ll know any suit he files against me would probably be seen as retaliatory.

BTW, for those who’ve been asking, the amount he owes me is about US$2,000. That might not seem like much to some of you, but I’m a small, one-person web shop. Plus, because his project was fixed fee, and I didn’t do a good job of controlling scope creep, I ended up doing more work than I should have. My “equivalent hourly rate” on this project makes burger-flippers at McDonalds look high salaried.

I think that once the job was completed and you set the content live, your job was done. At that point, continuing to access the client’s site should really require their specific permission (IMO). Of course, nothing is ever a cut and dry, so there is probably scope for you to argue that you have continuous access permission unless instructed otherwise.

And on the issue of “removing” content, would altering the .htaccess file to redirect requests for the unpaid-for content, while leaving the content on the server still be considered removal?
IANAL, but legally I suspect the two would be considered identical. The end result is that content was no longer accessible on the site due to your unauthorised access and the actions you performed during that access.

Obviously we’re taking things to an extreme here, for the sake of discussion. I’m not trying to scaremonger - I think you’ll be fine, but perhaps you should think carefully before doing this in the future! :shifty:

Sometimes “the principle” overrides common sense and practicality. I’m sure I’ve wasted 20 or 30 hours with this client, trying to collect money I’ll never see. I realize in this particular case, I should have handled things differently. But in the larger scope, I think “creatives” (web designers, graphic artists, copywriters, etc.) are getting screwed. It’s just too easy for clients to steal stuff and not pay. We can have all the contracts we want, and be on the “right side” from a legal perspective, but in the end, the one “holding” the stuff we produce seems to have the upper hand.

It’s just frustrating and makes me not trust clients. That’s not a good way to do business.