From: Jean-Marc Rasoanaivo jm@baobabbaylodge.mg Subject: Security check for our booking website

Hello,

My name is Jean-Marc, I own and manage Baobab Bay Lodge on Nosy Be, Madagascar. We're a small eco-lodge — 10 bungalows on the beach, a dive center, a restaurant. We've been running for eight years.

Two years ago we had a website built so guests could book directly instead of going through the big travel sites that take 20% commission. It's been working well — we get maybe 60% of our bookings through the site now, especially from France and Germany.

The reason I'm writing is that a friend who runs a hotel in Mauritius had his booking system hacked last month. Someone got into his database and stole guest credit card numbers. He had to shut down his whole website for two weeks during high season. It was a disaster.

I have no idea if our website is secure. A freelance developer in Antananarivo built it for us using PHP and a database. Guests fill in their names, emails, phone numbers, dates, and the system processes the booking. Payments go through a separate payment company, so I don't think we store credit card numbers, but I'm honestly not sure what's stored where.

I want someone to properly check our website and tell me: is it safe? If not, what needs to be fixed and how bad is it? I need this explained in simple terms — I know how to run a lodge and a dive center, not how to run a website.

We're heading into whale season (July-September) which is our busiest time, so I absolutely cannot have the booking page go down. Whatever checking you do, it needs to happen without disrupting bookings.

I've attached a screenshot of our booking page so you can see what we have.

Thank you for your help.

Jean-Marc Rasoanaivo Baobab Bay Lodge Nosy Be, Madagascar