As a loyal an avid Prosper202 user…I thought in light of the recent news of an exploit found with Prosper202, that I’d post some suggestions on hardening your ever-so-sensitive Prosper202 data. As I am not a programmer, nor a database expert, this won’t be an end-all solution to securing Prosper202. This post is simply a list of “best practices” that I came up with through my own research and testing, and with the help of the Prosper202 forum. Feel free to comment with your own findings or suggestions as I’ll continue to update this post as new protection methods are found.

Without getting into too many of the technical details, last week a security vulnerability in the Zend files (encryption engine) in Prosper202 was exploited. Basically through scouring the search engines for Proser202 footprints, a malicious user was able to find vulnerable installations of Prosper202 and steal sensitive campaign information from a few unlucky targets. Hopefully you weren’t one of them.

Luckily, Wes Mahler and team were fast on the defense and quickly released an update that fixed the vulnerability, as well as ceased using the Zend encryption engine. With release 1.1.2, Prosper202 has officially become open-source, which opens a world of exciting new possibilities (think how Wordpress has exploded).

I am for one excited to see what the affiliate community with come up with. Also, in all likeliness, an open-source version should officially put an end to the paranoia of Wes and his team stealing your keyword data. I know Wes and Steven personally. They’re honest guys. They aren’t stealing your data, and never were. But you can now look through the source code yourself if you’re still an unbeliever.

Moving on to the point of this post, here a just a few of the best practices that I came up with for securing your Prosper202 installation, and hopefully preventing your domain from ever being found by yet another malicious affiliate. (We should be helping each other, not hurting each other) Read the rest of this entry