BijouWorld.com Victim of 'Malicious Hacking'

CHICAGO - The owners of BijouWorld.com are asking Google to remove a malware alert that was posted in the wake of hacking attacks on the gay e-commerce website in December and January.

Bijou World publicist David Boyer assures users that the site is safe to use and contains no malware whatsoever. Boyer referred AVN Online to Bijou catalog editor and tech specialist Jack Cole for an explanation of the attacks.

"We had an SQL injection, which means someone writes code and injects that information in the database that serves up information for the site," Cole said. "More or less, it's a kind of malicious hacking. It inserts website URLs and such, so we had to go back into the data and clean it all up."

While he's only been with Bijou World a year, Cole has seen this type of attack before. 

"One of the things the current site didn't have was the proper forms for validation of coding," he explained. "It looks at what people put in the form of script or code and will compare it to what we know as 'clean text.' So in doing maintenance, we updated all of our forms to do that validation."

Cole offered precautionary suggestions to other websites concerned about suffering similar attacks.

"There are two things: One, make sure the site is following coding standards.  You can look at various bodies, such as the World Wide Web Consortium, which has great information on how to make sure your forms are going according to standards," he said. "The second thing is to make sure you're separating all of your code, keeping all the presentation code, which makes sure how a site looks, apart from the back-end code for Web servers and such."

BijouWorld re-launched its e-commerce site three years ago. The recent security review brings the company up to speed.

"We've gone through top to bottom to make sure we've got everything covered as well as we can," Cole said.

Bijou World id celebrating its 40th anniversary this year. The company plans to launch a new site in March.