Considerations for digital & online security at Jewish institutions
The hackings of 82 synagogue websites during Israel’s Operation Pillar of Defense by the “Moroccan Ghosts” brought appropriate responses from law enforcement agencies. The intrusions should remind us that cybersecurity is in our own hands. The following recommendations from the ADL make sense.
New hack attack on websites
For those of you with websites.
The problem
There is a relatively new attack on websites hitting MySQL. If you don’t understand this, check with your techie or your ISP to confirm if your website is vulnerable.
How do you know that you’ve been compromised? Google is ever alert and will mark your site as “dangerous”. Websites/web hosting companies subscribe to “blacklists” of such sites. Firefox and Chrome check the blacklists before going to a site and will tell a user, “Warning – visiting this website may harm your computer!”.
Once your site is hacked it must be “cleaned”. After doing so, you can notify Google, request that it be removed from the blacklist and 3 to 24 hours later the site will be unblacklisted.
Best practices
- Make regular backups of your website. Even if your ISP takes care of this it couldn’t hurt to have another.
- Your website probably has all kinds of access passwords (FTP, SQL administration, etc.). Make sure that you have strong passwords at every option. This usually includes multiple words, mixing capital and lower case letters and using numbers and symbols. See this Consumer Reports article for more explanations and tips.