Avoid website hacking

This guide explains how to prevent computer attacks and how to avoid hacking the website you manage.

The role of the host

Infomaniak's work is to provide quality accommodation so it is essential to respond extremely quickly to the various and varied attacks that any Internet actor can be the object of. Infomaniak therefore makes every effort to take as many precautions as possible against hacking, in particular by keeping up to date the different versions of the technologies used.

In the case of a proven hack, if it is possible to trace back to the author and the machine has been compromised due to a lack of security of the Infomaniak spring, that the integrity of the servers is in question, Infomaniak takes matters into its own hands.

The role of the site holder and webmaster

If the hacking of your site is your responsibility (a script that is not up-to-date, a security patch that has not been applied, etc.) Infomaniak contacts you to warn you of a problem that will need to be solved quickly. Some organizations such as SaferInternet can also suspend the domain name upstream which will disable the site but also email.

Infomaniak cannot counter exploits related to a bug in your PHP or other code. If the hacking is not detected you will generally find the intrusion quickly enough by suspicious elements in your pages or by receiving many error emails.

It is therefore necessary to: your responsibility to take care of the evolution of your website over time and not to let it die in a corner, even if it involves a webmaster whose job it is.

Infomaniak recommendations

1. Regularly update all your web applications (WordPress, Joomla, Drupal, ownCloud, etc.).
2. Keep the PHP version up to date from your site on Infomaniak servers.
3. Keep your site up-to-date by migrating to new offers when offered.
4. ‍Add a system of protection on your contact forms (captcha, etc.) and on possible "recommendation to friends" tools (tell-a-friend...).
5. Regularly launch a antivirus analysis accommodation.
6. Watch vulnerability detection tool.
7. Remove everything you have not developed yourself and whose author has not brought an update/correction for several months.
8. Make a regular backup of your site (be aware of this other guide if you use WordPress) when everything goes well and keep it safe (because automatic backups are kept only a few days and this is sometimes not far enough to go back after you notice an intrusion).
9. See ibarry.ch.

If there's a problem...

1. Change your passwords Web applications, of your FTP accounts and your databases in pre-verifying that no viruses is on your computer.
2. Restore a backup but update immediately what can be updated as soon as the restoration is complete.