It's a great idea to leave a backdoor on all of your clients' sites controlled by a random dude.

I've found using private key login with ssh is the best way to leave backdoors. Very few inexperienced administrators will look for the keys. Some even leave your user account on the server after you are gone.

I was able to get into some sites I formerly had access to because my private key was never revoked. It was a bit of irony to use that same "unauthorized" access to remove my own key from the authorized_keys file.

Put it in the root account and name it something like "automatic FTP backup, don't remove!".

Oh, and by the way, don't do that. It's liability-hell, and probably illegal in most places, too.

Am I the only person that realised this is a joke?

After you've signed up:

"Here's a handy little text file with your login credentials. Might be smart to save it somewhere..."

http://csskillswitch.com/csskillswitch_pistoriusp.txt

Yeah, I got text Rick Rolled.

Probably because you are the only one silly enough to sign up? :)

this will work great as long as your customer doesn't know how to delete a line of css.

Should be pretty safe, then.

So, you just create a "body {display: none !important}" stylesheet externally, and @import it in your client's CSS? Set to a blank file normally, and the above when you "kill" it? And the site just offers hosting and the ability to throw the switch? (I could be missing something, as I haven't signed up for it, so this is just from reading their site & site's code)

An interesting idea, and could definitely work with some clients. If nothing else, it could temporarily damage them, which if they haven't paid up, they deserve. It does seem like something they could pay a web guy a few bucks to diagnose and fix, though.

>It does seem like something they could pay a web guy a few bucks to diagnose and fix, though.

If they knew it would only be a few bucks from "a web guy" they would likely be able to fix it themselves.

I think it's seldom (never?) I'd actually want to go this route [partial payments along a project helps reduce how much I have at risk], but if I were considering such... rather than a blank page, perhaps a display that said something like "A database error occurred. Please contact developer of this site." That might help the site owner read the subtext ("Payment is way past due.") and not make visitors wonder, "Why isn't my Google working on your site today?"

Interesting idea, but is it worth making a whole service out of? It's something that, if I wanted to do, I would be happy to do (and have less concern with doing) myself.

Or you could just not upload to the client's server until you cash the check. Demo with watermarked images and/or screen capture video.

The user interface of this page is remarkable. Sign up without choosing a username or password generates the missing part. Downloading the randomly generated username/pass in a file (broken or intentional rickroll right now).

There are a lot of very small and nice elements in this page worth stealing in a future project- kudos.