xbiz world
xbiz premiere
educational

Hardening Sites by Obfuscating File Structures

When it comes to improving adult website security, sophisticated software, expensive hardware and other means are often employed; but budget-conscious operators can use a bit of strategy to harden their sites by obfuscating common directory and file structures, as well as other simple tricks that amount to a free and easy means of increasing security.

Fundamental to this process is understanding the basic strategy being used: as many hackers look for certain files or folders that either have vulnerabilities to known exploits, or reveal details about the software, systems and services that a targeted web server uses, simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

... simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

For example, WordPress is often pointed to as being “insecure,” but this is akin to the Windows operating system being “insecure,” if for no other reason than the most popular products make the most popular targets. In this case, WordPress installations by default use the “wp_” database prefix — the presence of which clearly identifies the underlying technology platform and opens the doors to automated MySQL injection attacks.

This vulnerability can easily be addressed by using a different database prefix, which is hopefully not readily guessable such as “sitename_” or another obvious point of attack. While not an impenetrable barrier, this simple measure blocks a substantial number of attacks — especially random assaults, where a specific site is not targeted, but rather, any site that a malicious payload stumbles upon and can infect.

Moving the wp_config.php file up one level from its normal directory structure and setting its file permissions to 400 or 440 is another recommended hardening measure that handily illustrates the process that webmasters should go through on their own websites.

Is there a particular filename or path that identifies your site’s workings? Are version numbers visible, or used within the HTML code, such as within the “meta generator” tag? These are clues that hackers seek when attempting to compromise a website.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

The Search for Perfection in Your Payments Page

There has been a lot of talk about changes to cross sales and checkout pages. You have likely noticed that acquirers are now actively pushing back on allowing merchants to offer a negative option, upsell or any cross sales on payment pages.

Cathy Beardsley ·
opinion

Unpacking the Payment Card Industry's Latest Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements and guidelines that apply to all businesses that accept credit card payments, and is designed to ensure the security of those transactions.

Jonathan Corona ·
opinion

Compliance With State Age Verification Laws

During the past year, website operators have faced a slew of new state age verification laws entailing a variety of inconsistent compliance obligations.

Lawrence Walters ·
opinion

Merchants in Spotlight With Visa's VIRP

By now, most merchants know about the Visa Integrity Risk Program (VIRP) rolled out in spring 2023. The program is designed to ensure that acquirers and their designated agents — payment facilitators, independent sales organizations and wallets — maintain proper controls and oversight to prevent illegal transactions from entering the Visa payment system.

Cathy Beardsley ·
opinion

How to Know When Hosting Upgrades Are Really Needed

I was reminded about an annoyingly common experience that often frustrates website owners: upgrades. Sometimes, an upgrade of physical system resources like CPU, RAM or storage really is required to solve a problem or improve performance… but how do you know you’re not just being upsold?

Brad Mitchell ·
profile

WIA Profile: Natasha Inamorata

Natasha Inamorata was just a kid when she first picked up a disposable camera. She quickly became enamored with it and continued to shoot with whatever equipment she could afford. In her teens, she saved enough money to purchase a digital Canon ELPH, began taking portraits of her friends, shot an entire wedding on a point-and-shoot camera and edited the photos with Picnik.

Women in Adult ·
trends

Collab Nation: Top Creators Share Best Practices for Fruitful Co-Shoots

One of the fastest ways for creators to gain new subscribers and buyers, not to mention monetize their existing fan base, is to collaborate with other creators. The extra star power can multiply potential earnings, broaden brand reach and boost a creator’s reputation in the community.

Alejandro Freixes ·
opinion

Bridging Generational Divides in Payment Preferences

While Baby Boomers and Gen Xers tend to be most comfortable with the traditional payment methods to which they are accustomed, like cash and credit cards, the younger cohorts — Millennials and Gen Z — have veered sharply toward digital-first payment solutions.

Jonathan Corona ·
opinion

Legal and Business Safety for Creators at Trade Shows

As I write this, I am preparing to attend XBIZ Miami, which reminds me of attending my first trade show 20 years ago. Since then, I have met thousands of people from all over the world who were doing business — or seeking to do business — in the adult industry.

Corey D. Silverstein ·
opinion

Adding AI to Your Company's Tech Toolbox

Artificial intelligence is all the rage. Not only is AI all over the headlines, it is also top of mind for many company leadership teams, who find themselves asking, “How can this new tool help our company?”

Cathy Beardsley ·
Show More