Here at SiteFarm, we're proud to offer a service with a whole host of valuable features, functions, and options to help you build a quality site that truly represents your department online. Chief amongst these features is security.
In a recent example, a department on campus, not using SiteFarm, discovered a hacker had used an unsecured webform to upload a file containing malicious code that hijacked their site and its home page. Fortunately no harm was done and the security hole was fixed quickly, but at the very least the hacker decided to announce the successful hack by leaving a message on the home page.
Could this happen to a SiteFarm site?
Safeguards exist in SiteFarm to make this kind of hack highly unlikely.
- While a SiteFarm site in development it has the http:// protocol, all published sites are assigned the secure https:// protocol for the live site. The difference between the two is that with https, the data passed between a site and browser is encrypted for greater security making it much harder to hack. Per keycdn:
"HTTPS transmits its data security using an encrypted connection. Basically it uses a public key which is then decrypted on the recipient side. The public key is deployed on the server, and included in what you know as an SSL certificate. The certificates are cryptographically signed by a Certificate Authority (CA), and each browser has a list of CAs it implicitly trusts. Any certificate signed by a CA in the trusted list is given a green padlock lock in the browser’s address bar, because it’s proven to be “trusted” and belongs to that domain."
Read keycdn's in-depth explanation of http v. https.
- By default, webforms in SiteFarm have a module called Honeypot enabled. This seeks to block bots trying to inundate your site with spam. Read a general introduction to Honeypots.
- Webform security is available in SiteFarm allowing you to decide who should have access to fill out the form, as well as to the form submissions. Form access, especially those that have been set to allow file attachments, can be configured to require authentication through login, either from a site-level user account or from the campus' CAS login. If your site has a collection of forms, you can make life even simpler by telling the system to protect any forms within a URL pathway, like so: /form/*. In this case, the asterisk (wildcard) represents any page that has /form/ in its parent path, so you can continue to add new forms without changing your level of protection; all forms or pages in this path will automatically inherit the settings.
- Acquia Cloud Site Factory, the platform SiteFarm uses to host all our client sites, is monitored 24/7 using the follow-the-sun service model allowing Acquia to quickly identify and respond to any problems that may arise at the platform level.
All of this is available in a SiteFarm site instance right out of the box. If the level of security on your current site is giving you concerns, consider joining us. Greater peace of mind is a secure webform submission away!