TransWikia.com

Protecting a website from being kidnapped

Information Security Asked by George on August 10, 2020

I have a MediaWiki website in Hebrew;
As common with MediaWiki websites, it has lots of content and rebuilding it in case of a disaster isn’t feasible.

I chose to give that website a Global TLD (a non Israeli X.il TLD) because:

  • Currently, the Israeli Internet association doesn’t allow Israeli domain registrars to suffice domain holder details protection; everything must be exposed to anyone, even if it is against the domain holder’s freedom and safety
  • As I don’t have an Israeli phone number, some Israeli domain registrars would not support non-Israeli phone numbers and thus, various domain management system software bugs are likely to occur

My problem

Although I have quite a strong email password (>12 lowercase-uppercase-numbers password) which isn’t stored on my computer system but rather solely on my human memory;
I still fear a kidnapping of the website by hijacking of my email password.

If someone hijacked my NameCheap account and/or my SiteGround account and/or my MediaWiki website but not my email account, than I guess I could log in and change everything back to normal (likely by using a backup), but as I currently don’t clear web browser passwords from the main browser I work with (and would prefer to keep handling this way), I do fear an hijacking of my email account (say, by a MITM attack) and then of all the rest, till complete kidnapping of my website.

Possible obstacles in solving the problem

  • I only hold Israeli citizenship but not Israeli residency and anyway don’t have an Israeli residence address (and currently prefer not to give that of a relative)
  • Neither NameCheap (domain registrar) nor SiteGround (hosting provider) allow me to upload any image of my Israeli passport and/or Israeli ID card (or of myself) which will be automatically copied and principally permanent in their servers.
  • Writing my name and putting an image in which my face could be seen in my website is something I want to avoid and would probably be not helpful because an hijacker could delete it (it is hard to delete data from the database of MediaWiki and could cause crashes, but still possible).

My question

How to protect a website from being kidnapped as described above?

credentialsdomainemailidentity theftman in the middle

One Answer

If you are afraid an attacker might login to one of your accounts, it is best to ensure that all accounts have strong and unique passwords (e.g by using a password manager) and have 2 factor authentication enabled. This way, if the attacker gets a hold of your password, he can not log in as he does not have the 2FA device.

As for your website, make sure you have proper working backups and test these periodically. Also ensure the backups are at safe locations which you control and can not be accessed by an attacker if he has hacked into your site/host/email.

Apart from protecting your accounts, also make sure the systems hosting your website (and the platform itself) are up-to-date.

Answered by roy.stultiens on August 10, 2020

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP