When I got started in the security of adult sites back in 1995 it was all about passwords. Every time a password would get posted to the web the exposed site’s server would quickly get overloaded and crash.When I got started in the security of adult sites back in 1995 it was all about passwords. Every time a password would get posted to the web the exposed site’s server would quickly get overloaded and crash. I remember writing complex scripts to thwart password sharing and hacking attempts. I even went so far on some sites as to generate random passwords instead of letting the users choose their own passwords, which made things even more secure. We used all available methods to keep our sites secure, and it worked; two of the highest-profile adult sites of the time were never hacked or compromised. Ten years later, and webmasters still think it’s about passwords.
Adult webmasters seem to spend so much time worrying about people stealing passwords that they forget about the big picture. Your website is comprised of HTML, some scripts and code to make the site work (the “web application”), a web server, an operating system, a whole bunch of other applications and scripts, and of course the hardware that makes it all work. You know all of this, but it’s worth talking about.
How much of that list is really secure? Do you even know? If you do think it’s secure, is it secure enough? Probably not. Maybe you use some IP filters or “firewall” software to limit access to the server, but of course you have to allow port 80, port 443 for SSL/HTTPS, maybe access to your database for remote management, port 22 for SSH, maybe 21 and 23 for insecure protocols like telnet and FTP, and don’t forget about 25 for SMTP email. Now your “firewall” looks more like swiss cheese. No matter how cautious you are about writing secure scripts and code, unless someone else with a trained security eye has looked through your code, there are most definitely some holes to be found. But hey, you have a script to keep people from hacking passwords.
It’s about the big picture
A hacker is like a drop of water, always looking for the easiest route. Why should a hacker spend 50 hours trying to crack a password when he or she can exploit a hole in your server and gain administrator or root access in 5 minutes? On the average website there are dozens of ways that a hacker can take down your system, steal or corrupt data, or otherwise cause damage to your site and your wallet.
You’re in luck though. Most hackers are interested in one of two things: fame or money (or both). Similar to graffiti artists, many hackers will deface a website just to get their name known. Others are more interested in financial gain and will look to steal your customer’s credit card numbers or transfer money out of your accounts after hacking the access codes.
The risk assessment
Should you wait until you get hacked and then spend the money and time to fix the holes? Maybe, but let me show you how to decide. By doing a risk assessment you can let simple math help you decide whether or not it’s worth waiting or acting now. Let’s take this example:
You get hacked and thousands of credit card numbers are stolen. The hacker posts a few samples on the internet and contacts you looking for $25,000 to give back the rest and leave you alone. The hacker also contacts the press about the fact that your credit card list has been stolen. You can either pay the $25,000 and hope for the best (good luck), or you can take the hit. You know that every one of those credit card numbers is going to be cancelled and the customer will get a new card. Do you think you will ever get them to give you another credit card number? Do you think when someone comes to your website in the future he or she will remember the name of your site from the news and move on to another site? What would that cost? Thousands of lost customers and possibly the need to change the name of your site and rebuild your entire reputation online. Is that a $100,000 decision to make? $250,000 ? More?
Now that you know what it costs to ignore security, you can make an informed decision about what kind of money to put into securing your website. Here’s the risk decision: should you pay a few bucks to a security expert to lock down your systems, or should you take a $250,000 risk every day? It’s your call, but now you know how to figure it out.
How many hats should a webmaster wear?
One of the biggest mistakes that a webmaster makes is trying to do everything. Having been a webmaster and web project manager, it’s very easy to tell your boss or investors, “Sure, I can do that,” when you know that you really have no clue what you are doing. With most things the boss asks you to do, that’s the right attitude. Security is a different story.
Security is something that should be left to trained experts. Peace of mind is a wonderful thing, and if you go to sleep worried that someone is going to hack into your website, something is wrong. Hire a professional, it’s worth the money. That’s easier said than done in your business though. Historically there have been no qualified security experts that wanted to get involved in the adult website industry; until now.
I started iBouncer.com to bring the highest levels of computer, network and application security to adult websites. We have spent over twenty years providing the highest levels of computer, network and application security to banks, internet companies, insurance companies, entertainment companies and more. Now your adult website can lock in the high levels of security that you need in order to have peace of mind.
Contact iBouncer.com today for an introductory security scan special with the mention of this article.
