educational

Hardening Sites by Obfuscating File Structures

Stephen Yagielowicz

When it comes to improving adult website security, sophisticated software, expensive hardware and other means are often employed; but budget-conscious operators can use a bit of strategy to harden their sites by obfuscating common directory and file structures, as well as other simple tricks that amount to a free and easy means of increasing security.

Fundamental to this process is understanding the basic strategy being used: as many hackers look for certain files or folders that either have vulnerabilities to known exploits, or reveal details about the software, systems and services that a targeted web server uses, simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

... simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

For example, WordPress is often pointed to as being “insecure,” but this is akin to the Windows operating system being “insecure,” if for no other reason than the most popular products make the most popular targets. In this case, WordPress installations by default use the “wp_” database prefix — the presence of which clearly identifies the underlying technology platform and opens the doors to automated MySQL injection attacks.

This vulnerability can easily be addressed by using a different database prefix, which is hopefully not readily guessable such as “sitename_” or another obvious point of attack. While not an impenetrable barrier, this simple measure blocks a substantial number of attacks — especially random assaults, where a specific site is not targeted, but rather, any site that a malicious payload stumbles upon and can infect.

Moving the wp_config.php file up one level from its normal directory structure and setting its file permissions to 400 or 440 is another recommended hardening measure that handily illustrates the process that webmasters should go through on their own websites.

Is there a particular filename or path that identifies your site’s workings? Are version numbers visible, or used within the HTML code, such as within the “meta generator” tag? These are clues that hackers seek when attempting to compromise a website.

Related:  

More Articles

profile

Q&A: Vera Sky Dons the Crown for 2017 XBIZ Best Cam Model

Alejandro Freixes ·
educational

Why It Pays When Cam Models Block Cyberbullies

Mia Saldarriaga ·
opinion

Casey Heart Talks Cam Past, Future

Casey Heart ·
educational

Less Is More for Live Cam Member Promotions

Steve Hamilton ·
profile

Melody Kush Dishes on Camming Career

Melody Kush ·
profile

WIA Profile: Laurie Biviano

Women In Adult ·
profile

Jules Jordan's Ezra Kamer Pushes Boundaries of Tech

Rhett Pardon ·
trends

Paysites Innovate to Maintain Competitive Edge

Stephen Yagielowicz ·
trends

Leading Paysites Pursue New Members, Retain Fans

Stephen Yagielowicz ·
Show More