Protecting a website from being kidnapped

Information Security Asked by George on August 10, 2020

I have a MediaWiki website in Hebrew;
As common with MediaWiki websites, it has lots of content and rebuilding it in case of a disaster isn’t feasible.

I chose to give that website a Global TLD (a non Israeli TLD) because:

  • Currently, the Israeli Internet association doesn’t allow Israeli domain registrars to suffice domain holder details protection; everything must be exposed to anyone, even if it is against the domain holder’s freedom and safety
  • As I don’t have an Israeli phone number, some Israeli domain registrars would not support non-Israeli phone numbers and thus, various domain management system software bugs are likely to occur

My problem

Although I have quite a strong email password (>12 lowercase-uppercase-numbers password) which isn’t stored on my computer system but rather solely on my human memory;
I still fear a kidnapping of the website by hijacking of my email password.

If someone hijacked my NameCheap account and/or my SiteGround account and/or my MediaWiki website but not my email account, than I guess I could log in and change everything back to normal (likely by using a backup), but as I currently don’t clear web browser passwords from the main browser I work with (and would prefer to keep handling this way), I do fear an hijacking of my email account (say, by a MITM attack) and then of all the rest, till complete kidnapping of my website.

Possible obstacles in solving the problem

  • I only hold Israeli citizenship but not Israeli residency and anyway don’t have an Israeli residence address (and currently prefer not to give that of a relative)
  • Neither NameCheap (domain registrar) nor SiteGround (hosting provider) allow me to upload any image of my Israeli passport and/or Israeli ID card (or of myself) which will be automatically copied and principally permanent in their servers.
  • Writing my name and putting an image in which my face could be seen in my website is something I want to avoid and would probably be not helpful because an hijacker could delete it (it is hard to delete data from the database of MediaWiki and could cause crashes, but still possible).

My question

How to protect a website from being kidnapped as described above?

One Answer

If you are afraid an attacker might login to one of your accounts, it is best to ensure that all accounts have strong and unique passwords (e.g by using a password manager) and have 2 factor authentication enabled. This way, if the attacker gets a hold of your password, he can not log in as he does not have the 2FA device.

As for your website, make sure you have proper working backups and test these periodically. Also ensure the backups are at safe locations which you control and can not be accessed by an attacker if he has hacked into your site/host/email.

Apart from protecting your accounts, also make sure the systems hosting your website (and the platform itself) are up-to-date.

Answered by roy.stultiens on August 10, 2020

Add your own answers!

Related Questions

Cookie-to-Header CSRF protection vs CORS

2  Asked on February 19, 2021 by karlis-filipsons


Hydra http-post-form based on length of the response

1  Asked on February 13, 2021 by riccardo-d


Podman: What if user is member of docker group?

1  Asked on February 13, 2021 by dotcs


Case sensitive logins

2  Asked on February 12, 2021 by bobif


What types of modern phone tapping exist today?

0  Asked on February 10, 2021 by begs-the-hessian


How does a hacker reach a back-end file to exploit it?

1  Asked on February 9, 2021 by cronos


MageCart attack on Newegg

1  Asked on February 8, 2021 by integratethis


SNMP Enumeration

1  Asked on January 21, 2021 by 1afx0


Fixing BLE Passkey Entry with SRP

0  Asked on January 21, 2021 by compsciguy


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP