Protecting a website from being kidnapped

Information Security Asked by George on August 10, 2020

I have a MediaWiki website in Hebrew;
As common with MediaWiki websites, it has lots of content and rebuilding it in case of a disaster isn’t feasible.

I chose to give that website a Global TLD (a non Israeli TLD) because:

  • Currently, the Israeli Internet association doesn’t allow Israeli domain registrars to suffice domain holder details protection; everything must be exposed to anyone, even if it is against the domain holder’s freedom and safety
  • As I don’t have an Israeli phone number, some Israeli domain registrars would not support non-Israeli phone numbers and thus, various domain management system software bugs are likely to occur

My problem

Although I have quite a strong email password (>12 lowercase-uppercase-numbers password) which isn’t stored on my computer system but rather solely on my human memory;
I still fear a kidnapping of the website by hijacking of my email password.

If someone hijacked my NameCheap account and/or my SiteGround account and/or my MediaWiki website but not my email account, than I guess I could log in and change everything back to normal (likely by using a backup), but as I currently don’t clear web browser passwords from the main browser I work with (and would prefer to keep handling this way), I do fear an hijacking of my email account (say, by a MITM attack) and then of all the rest, till complete kidnapping of my website.

Possible obstacles in solving the problem

  • I only hold Israeli citizenship but not Israeli residency and anyway don’t have an Israeli residence address (and currently prefer not to give that of a relative)
  • Neither NameCheap (domain registrar) nor SiteGround (hosting provider) allow me to upload any image of my Israeli passport and/or Israeli ID card (or of myself) which will be automatically copied and principally permanent in their servers.
  • Writing my name and putting an image in which my face could be seen in my website is something I want to avoid and would probably be not helpful because an hijacker could delete it (it is hard to delete data from the database of MediaWiki and could cause crashes, but still possible).

My question

How to protect a website from being kidnapped as described above?

One Answer

If you are afraid an attacker might login to one of your accounts, it is best to ensure that all accounts have strong and unique passwords (e.g by using a password manager) and have 2 factor authentication enabled. This way, if the attacker gets a hold of your password, he can not log in as he does not have the 2FA device.

As for your website, make sure you have proper working backups and test these periodically. Also ensure the backups are at safe locations which you control and can not be accessed by an attacker if he has hacked into your site/host/email.

Apart from protecting your accounts, also make sure the systems hosting your website (and the platform itself) are up-to-date.

Answered by roy.stultiens on August 10, 2020

Add your own answers!

Related Questions

What’s a “safe” URL shortening algorithm?

3  Asked on December 31, 2020 by bensower


Securing internet connection with hostile ISP

1  Asked on December 29, 2020 by user242761


Is Chrome Browser/ Computer compromised by KMSPico?

0  Asked on December 27, 2020 by waterbyte


Web Cache Deception – exploitable without a cache server?

1  Asked on December 26, 2020 by citylight


Determine if private key belongs to certificate?

3  Asked on December 25, 2020 by thanatos


Filtering http responses for subdomain takeover

0  Asked on December 21, 2020 by kirill-z


Sql map Manual Vulnerability Assessment

1  Asked on December 20, 2020 by badddy


Unknown folders in OneDrive

1  Asked on December 19, 2020 by user851


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP