If you are serious about your adult business then we suggest you read this article. An adult Webmaster who believes that PC security issues haven’t changed recently is truly mistaken. Let me show you why hackers will always be one step ahead, and let me explain to you why it is important to choose your protection wisely.If you are serious about your adult business then we suggest you read this article. An adult Webmaster who believes that PC security issues haven’t changed recently is truly mistaken. Let me show you why hackers will always be one step ahead, and let me explain to you why it is important to choose your protection wisely. Without taking the proper precautions you might be asking for big trouble without even knowing it.

Password Authentication

The need to authenticate a user is as old as the Internet pioneers’ idea to sell access to more exclusive parts of the Internet (read: adult sites!); password authentication was the chosen means for identifying authorized users. The Internet, however, is changing. Abusers and hackers are developing an amazing collection of tools to perform all kinds of illegal actions. No matter what their goal might be, there is a tool out there that can do the job.

Hackers and Adult Sites

The adult Webmaster is the gatekeeper to more adult entertainment. Hackers and potential subscribers are very aware of what lies behind password authentication. They know that beyond password screens is a world filled with beautiful women, hardcore sex and erotic pleasure. An adult Webmaster who believes his or her site doesn’t need protection could be compared to a night club without a bouncer; you’re inviting the scum inside.

The Rise of Blocking Scripts

Back in the good old days, all you needed was a blocking script to protect your site. It would do the desired job and all you had to do was download it, install it and add some code to your HTML pages. If you believe a blocking script can still protect your online adult business then you are in big trouble! Hackers are on the move, and they have developed new ways to penetrate the security holes in your Web site. And no script on this world will ever be able to help you. In this case it’s like running a night club with a blind bouncer. The scum will still get in.

Understanding Blocking Scripts

An IP address is all blocking scripts use when authenticating your users and checking for unauthorized entry. A blocking script will make sure that no more than three different IP addresses are used each day to access your site with any given username/password combination. The trouble starts when hackers and abusers change their IP addresses.

Problem No. 1

The main problem with a blocking script is that it cannot see who a genuine user is. It can’t recognize your subscriber’s home or work IP address. It can’t see who the abusers are. It will simply allow any three IP addresses to log in.

Problem No. 2

Hackers are given the same information about the protocol of these scripts as you. All of the information they need can be found at the Web site of the script’s creator. Hackers know how a blocking script attempts to prevent them from accessing your site. Give them some time and they will find a way to bypass the script.

Bad Subscribers? Password Traders?

We noticed a lot of adult Webmasters are blaming their subscribers for providing illegal access to their Web site. Sure, there might be some who are giving out their password; however, hackers can get working usernames and passwords of your existing members without any help from your customers.

How Do Hackers Do It?

To find working user accounts, hackers simply run a wordlist against your member’s entrance screen. Using wordlists they can try over 500,000 possible combinations that might get them in to your protected area. How come these attempts go unnoticed, you say? By using a proxy list, hackers will stay totally anonymous. Each username and password combination will be tested with a different proxy. To your server, it will look like 500,000 different users from all over the world are taking one guess at a working account.

Your Blind Bouncer

Back to blocking scripts. In this case, John Doe is an honest member of your adult pay site. He never shared his password with anyone. John comes to your site and enters his username and his password. The script does not recognize John’s IP address as a genuine user because it can’t. The script will only check if there were more than three IP addresses using this account today. Since John never shared his account details, he is considered “user number 1” today and he is permitted to proceed.

Here comes our hacker. He runs a wordlist against your member’s area and finds John Doe’s account information. All was done with this proxy: 818.20.30.40. The hacker receives a green light from our blind bouncer. The script will not be able to detect our hacker as an intruder simply because the script will check for IP addresses that have tried to login today. The script will see John Doe’s IP address is “user number 1,” so there is room for two more IP’s to get in. Our hacker becomes “user number 2,” who is granted access to your site.

A while ago all this hacker needed to do was provide his mates with John Doe’s username and password. His community mates (often thousands of other hackers and abusers) would just need to go to your site and fill in the username and the password. However, now you’ve enabled the blocking script. Things have changed. Now all the hacker needs to do is provide his community friends with the proxy he used: 818.20.30.40. All those interested in illegal access to your site will simply go to their Internet Options settings and change their proxy. Since the blocking script placed this proxy in its safe list for today, all abusers will be able to get in. The script is fooled that it is one user over and over again, while there are thousand of users penetrating your site for free. They will be able to browse your site for the next twenty four hours, not to mention steal your content and bandwidth.

Even More Trouble

Hacker communities are getting bigger and bigger. Some hacker communities we are monitoring have over 30,000 active, registered members. Hackers and abusers (by abusers we mean all that don’t know how to hack but do visit hacker communities) are doing each other favors by exchanging working passwords and proxies. Hackers are educating the inexperienced abusers, providing them with the right tools and hacking tutorials. Their network is getting wider each day. Popular sites are becoming regular targets on their wish lists. Are you sure you can afford this joke?

Your Blind Bouncer Again

As you can see, a blocking script will by no means protect your business. Sure, it will make it harder on the hackers. Now they need to copy and paste one additional line. (I’m being sarcastic now, for those who are lost in their thoughts!) The cold hard fact is that no script will be able to protect your adult business like it claims it will. Many Webmasters will simply change the settings in their blocking scripts once they’re done reading. Reduce the access to one IP address a day? What happens when our hacker is the first to log in? What if John Doe is at work in the mornings? Congratulations, you eliminated your own subscriber and invited in the abusers. Don’t play with your business, it’s not a toy.

A Good Side to Blocking Scripts

You didn’t think we would take down blocking scripts without giving them some credit? A blocking script is better than nothing at all. It might discourage inexperienced hackers and abusers. If you already purchased a script, keep it. If you haven’t, don’t bother.

The Solution?

You don’t need a script, as all script can be bypassed. Any new scripts to surface might sound promising, but will become outdated after a few weeks. You might need a protection service, and FatBro.com might be what you’re looking for. Instead of waiting for abusers to come to your site, Fat Bro will block all hacked accounts before abusers even get a chance to get there. What’s the secret of Fat Bro, you ask? By using a mixture of script indexing and a process of scanning over 1200 hacker communities plus human monitoring of the same, Fat Bro will give you results. It will protect your site against all unwanted access. Visit www.fatbro.com and educate yourself on the advantages of FatBro.com’s adult site protection service.

Boris is the co-founder of FatBro.com. He started his career in the Web design industry with Shine Advertising in 2001. Various projects for adult Webmasters have introduced him to the wonderful world of adult Web sites. Since late 2001, he is the proud owner of IBS Ltd., located in the Netherlands. His expertise is security maintenance. As of May 2004, there are 11 employees working for IBS and his latest project is FatBro.com. Boris can be reached through email at boris@fatbro.com.

If you are serious about your adult business then we suggest you read this article. An adult Webmaster who believes that PC security issues haven’t changed recently is truly mistaken. Let me show you why hackers will always be one step ahead, and let me explain to you why it is important to choose your protection wisely.If you are serious about your adult business then we suggest you read this article. An adult Webmaster who believes that PC security issues haven’t changed recently is truly mistaken. Let me show you why hackers will always be one step ahead, and let me explain to you why it is important to choose your protection wisely. Without taking the proper precautions you might be asking for big trouble without even knowing it.

Password Authentication

The need to authenticate a user is as old as the Internet pioneers’ idea to sell access to more exclusive parts of the Internet (read: adult sites!); password authentication was the chosen means for identifying authorized users. The Internet, however, is changing. Abusers and hackers are developing an amazing collection of tools to perform all kinds of illegal actions. No matter what their goal might be, there is a tool out there that can do the job.

Hackers and Adult Sites

(more…)