This guide explains how to prevent cyberattacks and how to avoid hacking of the website you manage.

The role of the hoster

Infomaniak's job is to provide high-quality hosting, so it is crucial to respond extremely quickly to the various and varied attacks that any Internet actor may be subject to. Infomaniak therefore does everything possible to take the maximum precautions against hacking, notably by keeping the different versions of the technologies used up to date.

In the case of a proven hacking, if it is possible to track down the author and the machine has been compromised due to a security flaw on Infomaniak's part, and the integrity of the servers is at stake, Infomaniak takes care of it itself.

The role of the site owner and the webmaster

If your site has been hacked due to your responsibility (an outdated script, a security patch that has not been applied, etc.), Infomaniak will contact you to warn you of a problem that needs to be resolved quickly. Some organizations like Saferinternet can also suspend the domain name upstream, which will disable the site but also the email.

Infomaniak cannot counter exploits related to a bug in your PHP code or otherwise. If the hacking is not detected, you will generally notice the intrusion quite quickly through suspicious elements on your pages or by receiving numerous error emails.

It is therefore your responsibility to manage the evolution of your website over time and to ensure that it does not become neglected, even if it means hiring a webmaster whose job it is.

Infomaniak's recommendations

1. Update all your web applications (WordPress, Joomla, Drupal, ownCloud, etc.) regularly.
2. Keep the PHP version of your site on Infomaniak servers up to date.
3. Keep your site up to date by migrating to new offers when they are proposed to you.
4. ‍Add a protection system to your contact forms (captcha, etc.) and any "recommend to a friend" tools (tell-a-friend...).
5. Regularly run a antivirus scan of the hosting.
6. Monitor the vulnerability detection tool.
7. Remove anything you did not develop yourself and for which the author has not provided an update or correction in several months.
8. Perform regular backups of your site (refer to this other guide if you use WordPress) when everything is fine and keep it safe (since automatic backups are only kept for a few days and this is sometimes not far enough back to restore after you notice an intrusion).
9. Visit ibarry.ch.

If an issue has occurred...

1. Change the passwords of your Web applications, your FTP accounts and your databases after previously checking that no virus is on your computer.
2. Restore a backup but update immediately whatever can be updated as soon as the restoration is complete.