The power of the internet has made it one of the world’s most popular channels of communication and business. Unfortunately, that very power and popularity mean that the internet also became a new focus for criminal activity.
Indonesia is no exception in the world of cybercrime and indeed known as a major focus of this activity. There are many types of cybercrime, but the one of the most common that affects website owners is hacking. If your business maintains a website, you must have a strategy to counter illegal intrusions and hacking attacks.
Hacking is the criminal act of infiltrating a computer network or system with the aim of either stealing information or inserting code allowing the criminal to use that system for spamming, hacking other systems, denial of service or phishing attacks. People who engage in this illegal activity are called hackers. Accomplished hackers will have programming skills and be able to defeat basic security systems.
Combating a determined hacker is a job for the experts, but here are some basic steps you can take to deter most hacking attacks:
- Instantly taking the compromised website offline is an emergency action that can easily be done. Many hacked websites will attack visitors, so you should do this to protect your visitors while you clean the site. Replace the website with an “under maintenance” notice or similar so your visitors know you are intentionally offline and working on your site.
- Login immediately to cpanel and make sure that the IP address showing on the last login form is yours or that of another authorised person. If you find an unknown IP address logged, further investigation and action will be required as it may indicate unauthorised access to your website administration area.
- Always keep log archiving on. The function of this feature is to save detailed records of the connections that have been made to your website. The log has a very important role in diagnosing connection records and should never be removed. Check archiving is on by going to the “raw log manager” in your site cpanel or administration interface. (Cpanel or similar is your domain admin, not the admin of your website Content Management System that you use to add content to your website.) Check the “log archive” box and uncheck the “remove the previous month’s archived log”, then click “save”.
- Don’t forget to change all passwords that give access to any part of your website. Do this after cleaning viruses, trojans, malware and any suspicious files from your computers and website. Always use strong passwords that combine letters, numbers and other characters.
- Always ensure website file permissions are correctly set and never provide admin access, passwords or other technical information about your domain or website to anybody you don’t know.
- Your website host and domain registrar will never ask you for passwords by email. Always check the credentials of anyone contacting you and claiming to represent your host or domain registrar before providing any requested information
- Keep your website CMS and its components up to date! The older a CMS or component is, the more chance its security vulnerabilities will be well known to hackers.