Babe in the woods needs security

I own / administer a PHP based dating site, and am moving to a new server soon, which is bringing up all kinds of questions in my mind as to what is potentially possible in the way of someone (a future server operator, or hired-out code developers) compromising my site in some way. Questions like "Could someone do something to the Paypal code or pay buttons that I should worry about", or "is it possible to insert momentary commands in the code or on the server to divert traffic (or payments) somewhere else", "can a backdoor be installed", and a veritable plethora of paranoid postulations poised to pervade my peaceful night's repose.

I know the first thing I might hear in an answer is "find people you trust to host and work on your site" ... problem is, I don't trust anyone ... what now?

At least there is no credit card information on the site to worry about being hacked. All is handled with single and recurring subscription Paypal IPN payments - the code of which works, but I know nothing about. My major paranoia is about the money (go figure - lol), potential diverting of traffic to competitors, or even to a hidden mirrored site set up on the same server? I guess what I'm asking here is:

A. What could a creative future server operator do to further his or her own ends with my code, and the server the site is on, without me knowing.

B. Are there ways to find it if it happens, stop it, prevent it, monitor it? I noticed in another thread someone mentioned Tripwire - is this a potential solution?

C. I don't do programming, so I feel very much like the title of this query.

Thanks in advance for any insights or advice!!


Donna

 

 

 

 

Top