Originally Posted by garry (Post 13602354)

Since this NATS issue is a little special I don't want to comment on it. However, I can talk about what we have done and do.

About 3 years ago we hired well known hacker to try to hack the MPA3 program. He was of very good help to us and we learned a lot from him. Not only about the script itself, but also how the server should be setup and what should be set and not in the OS to make it all as secured as possible. Ever since then we have demanded that these server settings are met before setting up the MPA3 on their server.

A year or so later we hired a new hacker to try to hack in, and it showed that he couldn't hack in through MPA3. Then one of the bigger companies wanted to move over to MPA3 from another affiliate software company. They requested that MPA3 had to be audited by a third party audit company. We had no problems with that, and a while later we got the papers back from them. They had only good things to say about the code. Actually they gave us props for the way it was written and secured.

I do not say that MPA3 is unbreakable. I guess no software is. However, we do know how important security is for all parties. There is a lot of sensitive information on the server, and we for sure will do everything in our power to make it as hard as possible for any hacker to get in.

If we do get a hack report, even a smallest suspicion that something is wrong, we drop everything and jump right on it with the whole team of programmers. And if need be, we make sure that all MPA3 installs are patched ASAP.

The last 2 1/2 - 3 years we have had one incident I believe. But that turned out to be that PHP was not in safe_mode any longer as what we recommend it to be. The host had turned that off by an accident.

We also have some hacker traps in MPA3 as well but I can not really go in to details about them, I ask for your understanding there.

Security is always a challenge, but let the hackers know, we NEVER sleep! :)

Originally Posted by justsexxx (Post 13605597)

A bump for you :) And a question, do you have ONE user/pass for admin access to all programs as well?

Originally Posted by NetBilling (Post 13605510)

Looking forward to seeing you guys. The Porn Poker Tour Director's suite will be open for all of your poker needs al 3 nights of the show and we are giving away a ton of prizes. Announcement coming next week.

Mitch

Originally Posted by thebestamateur (Post 13604555)

hey hey oy, got to sleep a bit also.
( og jo da, jeg gider godt svare på det, godt at se et velkendt sprog lol )

All of that Garry wrote looks super nice, but i really like the part of you making sure the server that has mpa3 on it will be all clear with the right settings for max security. I would have no chance of knowing what to do there, so the fact that you have some standarts there that must be met shows true class :thumbsup

Originally Posted by garry (Post 13605781)

Thanks for the bump.

The answer to your question is no. Why would we need to have one secret master password in to all mpa3 clients ?
I can also tell you that we have our own VPN server that we use in house to make things even more secure.

Originally Posted by Oystein (Post 13606265)

Takker og bukker! Alltid godt møte gode naboer!

Thank you so much thebestamateur - we try our best :thumbsup

Originally Posted by justsexxx (Post 13610370)

Thanks for the answer. I'm asking this, because as far as I understood, the NATS issue had todo with ONE user/pass for ALL sites they installed...Then it would be easy to abuse the system. No matter how good the security is...

(maybe I'm wrong, but this is what I understood from the whole NATS mess)

Originally Posted by emjay (Post 13614806)

Looking forward to catching up with you Garry:winkwink: