This guide explains how to prevent cyberattacks and how to avoid a website hack for the site you manage.

The role of the host

Infomaniak's job is to provide quality hosting, so it is crucial to respond extremely quickly to the various attacks that any Internet actor may be subject to. Infomaniak therefore does everything possible to take the maximum of precautions against hacking, notably by keeping the different versions of the technologies used up to date.

In the event of a proven hack, if it is possible to trace back to the author and the machine has been compromised due to a security flaw on Infomaniak's part, if the integrity of the servers is at stake, Infomaniak takes matters into its own hands.

The role of the site owner and the webmaster

If the hacking of your site is your responsibility (an outdated script, a security patch that has not been applied, etc.), Infomaniak contacts you to warn you of a problem that will need to be resolved quickly. Some organizations like Saferinternet can also suspend the domain name upstream, which will disable the site but also the messaging.

Infomaniak cannot counter exploits related to a bug in your PHP code or other. If the hacking is not detected, you will generally notice the intrusion quite quickly through suspicious elements in your pages or by receiving numerous error emails.

It is therefore your responsibility to take care of the evolution of your website over time and not to let it "die" in a corner, even if it means calling on a webmaster whose job it is.

Infomaniak recommendations

1. Regularly update all your web applications (WordPress, Joomla, Drupal, ownCloud, etc.).
2. Keep the PHP version of your site on Infomaniak servers up to date.
3. Keep your site up to date by migrating to new offers when they are proposed to you.
4. ‍Add a protection system on your contact forms (captcha, etc.) and on any "recommend to a friend" tools (tell-a-friend...).
5. Regularly run an antivirus analysis of the hosting.
6. Monitor the vulnerability detection tool.
7. Remove anything you have not developed yourself and for which the author has not provided an update/correction for several months.
8. Make a regular backup of your site (refer to this other guide if you use WordPress) when everything is fine and keep it in a safe place (because automatic backups are only kept for a few days and this is sometimes not far enough back to go back after you notice an intrusion).
9. Consult ibarry.ch.

If a problem has occurred...

1. Modify the passwords of your Web applications, your FTP accounts and your databases by first checking that no virus is on your computer.
2. Restore a backup but update immediately whatever can be updated as soon as the restoration is complete.