GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Adult Web Hosting Security - Are webmasters Hurting themselves? (long post)

JFPdude · 02-22-2005, 06:02 AM

By: JFPDude

Ever worry about your server being hacked? Ever hear of someones who was? Whats the reasons behind such hacks? What steps can be taken to prevent these hacks?

I have seen more and more posts on the boards with topics like "Hosting need with cpanel" or "Need hosting with control panel". These posts concern me and should concern you if you are an adult webmaster. My purpose for writing this is to inform webmasters that they are hurting themselves.

Being an adult webmaster your selling a product everybody wants. From the minute man found out about women there has been an unmistakable urge to see and fantasise more. Knowing this as an adult webmaster your product that your selling has to be secure. The public wants your product more than they want money. This is a proven fact, more adult web servers get hacked than financial institutions.

What are the causes of some of these hacks? Well more than most is these control panels that every webmaster wants. Why do webmasters want these control panels? Well hosts drove them to this product. Between hosts that didn't respond to customer tickets for days or even weeks at a time, never answered their emails or phone calls, and were basically understaffed for the amount of customers they had.

Adult webmasters work long hours and sometimes off the wall hours due to their products they are pushing. No webmaster wants to make any changes during the day due to the fact that they may lose a sale. Therefore they require more attention to their needs at night. This fact drove the industry towards these off the shelf control panels.

How secure are these control panels? Any software that control the complete server is unsecure. It's another breakin point. Beyond that take for example you own xyz.com and someone else on your shared server owns zyx.com. Both of you have access to the control panel. Both of you have access to manipulate the way your site works in apache and bind (dns). Say webmaster A that owns xyz.com mistakingly adds his domain as zyx.com? What happens then? He takes control of your domain is what happens. He has just shut your domain down and taken control. He now controls the complete dns, mail, site, and all.

This is why most of the larger hosts and expierienced hosts don't offer a control panel. They know the havok it can cause. However webmasters are either unaware of this fact or misinformed as to what can really happen. This is why they offer support in the form of a ticket system. This is more secure for your domains than the control panel system. However it also raises the overhead for the hosting company. Sure company A thats selling you an account with a control panel can sell to you much cheaper because 80% of the labor is being done by you and not some tech. While company B has to have full time techs on staff just to do domain adds and email changes.

Outside of that the control panel is another avenue for a hacker to get into your system. One more point of entry. Every point of entry to a system is another vulnerability for a hack. In a world where we demand 24 hour support 7 days a week many find it easier to just go with the control panel and not bother the host. But is this the best thing for your company and business.

Unfortunately it has come to the point where even expierienced hosts have had to install control panels to meet customer needs. Because the webmasters demand them a lot of hosts swallow pride and give in to the vulnerabilities of the control panel in order to sell bandwidth and re-curring accounts.

Being in the feild of server security this is one of the first things I tell my customers not to look for in a host. I advise them to make sure thier server has no control panel on it at all. Hopefully this article will enlighten you to the dangers of control panels and allow you to run a more secure business. If I keep one person from having there sites taken down due to another webmasters mistake then I have done my job.

If this has been of interest to you or if you would like to make comments to me about it hit me up on ICQ at 44-33-144.

Thanks,
JFPDude

02-22-2005, 06:02 AM
JFPdude Confirmed User Join Date: Jan 2002 Location: Mountains of Western North Carolina. Posts: 4,027	Adult Web Hosting Security - Are webmasters Hurting themselves? (long post) By: JFPDude Ever worry about your server being hacked? Ever hear of someones who was? Whats the reasons behind such hacks? What steps can be taken to prevent these hacks? I have seen more and more posts on the boards with topics like "Hosting need with cpanel" or "Need hosting with control panel". These posts concern me and should concern you if you are an adult webmaster. My purpose for writing this is to inform webmasters that they are hurting themselves. Being an adult webmaster your selling a product everybody wants. From the minute man found out about women there has been an unmistakable urge to see and fantasise more. Knowing this as an adult webmaster your product that your selling has to be secure. The public wants your product more than they want money. This is a proven fact, more adult web servers get hacked than financial institutions. What are the causes of some of these hacks? Well more than most is these control panels that every webmaster wants. Why do webmasters want these control panels? Well hosts drove them to this product. Between hosts that didn't respond to customer tickets for days or even weeks at a time, never answered their emails or phone calls, and were basically understaffed for the amount of customers they had. Adult webmasters work long hours and sometimes off the wall hours due to their products they are pushing. No webmaster wants to make any changes during the day due to the fact that they may lose a sale. Therefore they require more attention to their needs at night. This fact drove the industry towards these off the shelf control panels. How secure are these control panels? Any software that control the complete server is unsecure. It's another breakin point. Beyond that take for example you own xyz.com and someone else on your shared server owns zyx.com. Both of you have access to the control panel. Both of you have access to manipulate the way your site works in apache and bind (dns). Say webmaster A that owns xyz.com mistakingly adds his domain as zyx.com? What happens then? He takes control of your domain is what happens. He has just shut your domain down and taken control. He now controls the complete dns, mail, site, and all. This is why most of the larger hosts and expierienced hosts don't offer a control panel. They know the havok it can cause. However webmasters are either unaware of this fact or misinformed as to what can really happen. This is why they offer support in the form of a ticket system. This is more secure for your domains than the control panel system. However it also raises the overhead for the hosting company. Sure company A thats selling you an account with a control panel can sell to you much cheaper because 80% of the labor is being done by you and not some tech. While company B has to have full time techs on staff just to do domain adds and email changes. Outside of that the control panel is another avenue for a hacker to get into your system. One more point of entry. Every point of entry to a system is another vulnerability for a hack. In a world where we demand 24 hour support 7 days a week many find it easier to just go with the control panel and not bother the host. But is this the best thing for your company and business. Unfortunately it has come to the point where even expierienced hosts have had to install control panels to meet customer needs. Because the webmasters demand them a lot of hosts swallow pride and give in to the vulnerabilities of the control panel in order to sell bandwidth and re-curring accounts. Being in the feild of server security this is one of the first things I tell my customers not to look for in a host. I advise them to make sure thier server has no control panel on it at all. Hopefully this article will enlighten you to the dangers of control panels and allow you to run a more secure business. If I keep one person from having there sites taken down due to another webmasters mistake then I have done my job. If this has been of interest to you or if you would like to make comments to me about it hit me up on ICQ at 44-33-144. Thanks, JFPDude