Advice
Obviously, we are not going to deal in a few lines with the innumerable problems related to the website security. Entire books are devoted to this and computer security is a profession in its own right.
We will limit ourselves to a few recommendations that considerably reduce the risk of one day being confronted with a disaster.
Software updates
It's FON-DA-MEN-TAL! If there's only one thing you need to remember, it's this. Read carefully the following lines, they may save your life.
More than 99% customers victims of piracy are victims of piracy because they have not updated the software they use. If you don't update your site, you can be almost certain that sooner or later your site will be hacked, no matter how big it is, how many people visit it or how important it is ! Hackers use automatic bots that scan search engines and automatically exploit security holes in known software.
Your host can't do anything for you if the data you host has known security flaws. Our servers are obviously secure, but it is important to understand that hacking a site has nothing to do with hacking a server. We cannot protect you against attacks that target the programming code of your site. We are a hosting company, not your webmaster.
You use a CMS as Joomla, Prestashop, WordPress, OsCommerce, PhpBB, Spip, Coppermineetc.? You should keep yourself informed on official websites and user forums about security updates and apply them. If you are not willing or able to do this or delegate it, then you should not use a CMS. The updates can be tedious, but they will always be much less tedious than if you had to face the impetuous passage of an indelicate hacker...
The updates also concern the means of production of your site: software of creation of the site, client FTP (FileZillaetc.), and more generally your PC: if it is infected, the virus can perfectly use your hosting to exploit it (phishing, spam, etc.)
Make your own backups!
You can never have too many backups!
Back up your files, back up your databases with PhpMyAdmin, and archive as much as possible on your computer then periodically burn them on a DVD or copy them on another support (USB key, external hard disk...) so as to keep a copy even if something happens to your computer.
Even if our offers include an automatic backup system, this does not exempt you from making your own backups !
Confidentiality of identifiers
The most "effective" way to get hacked is to leave your credentials lying around. Adopt a strict security policy from the start. Don't leave your credentials lying around, prey to hackers, viruses, Trojans, prying eyes... Keep your credentials in a safe place.
If you change your passwords, choose completely random passwords that you learn by heart, or write down on a piece of paper. Avoid at all costs words from the dictionary (of any language!), proper names, actor's names, singer's names, your birth date, etc. Try to alternate numbers, lower case, and upper case. This online tool will help you generate a good password. Be sure to use different passwords for each service to avoid chaining effects.
Protect what should not be visible to everyone
You can easily restrict access to a folder to one or more users. To do this you just need to use the .htaccess file
If you work with several people on a website, you can also restrict the access of each collaborator to a specific folder by creating secondary FTP access.
What can happen to you if you are hacked
You'd be surprised how fertile a hacker's imagination can be. Here's what could happen to your site if a hacker exploits a security hole:
-
Spam the hacker will use your access to send spam to the whole world
-
Phishing the hacker will discreetly use your hosting to lure in account numbers and credit cards
-
Defacement : the hacker replaces your homepage and disfigures your site
-
Adding malicious code the hacker will add a few lines HTML, PHPJavascript without your knowledge in order to divert your visitors to illegal sites or make them download viruses
-
Vandalism the hacker will have fun by simply deleting your files, databases and doing maximum damage
Your responsibility
Remember that until proven otherwise and in good faith, you remain criminally responsible of the data you host and consequently of any illegal actions resulting from it. Take it very seriously, because we have already seen clients go into custody...