Oh no! My website has been hacked - WordCamp Gdynia, Poland
Transcript of Oh no! My website has been hacked - WordCamp Gdynia, Poland
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
Witajcie na konferencjiWordCamp GDYNIA!
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
#wcgdynia
OH NO! MY WEBSITE HAS BEEN
HACKED
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
Val Vesa@adspedia
Social Media and Brand Evangelist at Sucuri Husband, father of two Passion for travel and Instagram photography
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
My Family
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
I DON'T EAT PORK
WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA
OR SEA FOOD
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Shoebox Project & WordPress
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
MY FIRST WORDPRESS INSTALL: 2009
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
HACKEDDEC 22 2014
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• Emails I never sent were returning: SPAM generated from site• The host warned us they will SUSPEND the website• EMAIL was now DOWN• In mid project phase we were without an online presence• Blacklisted website: visitors going to the website were seeing
the “attack site” warning, endangering credibility
IMPACTS
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINARSELF MITIGATION ATTEMPT• Were there any .htaccess edits done?• Any unauthorised FTP access?• Check WordPress users list, any recent additions there?• Study MySQL/phpMyAdmin for unusual content• Change passwords: FTP, cPanel• Scan access computer for keyloggers and malware• Did a good job: my website was clean and back online
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Until December 24 2014
When..
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
HACKEDDEC 24 2014
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
TIME TO ASK FOR HELP
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM• INITIAL EVALUATION WAS PERFORMED IN THE CHAT• SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL• 40 MINUTES LATER WEBSITE WAS CLEANED• RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP• REMOVED FROM BLACKLIST THE NEXT DAY
HOW SUCURI HELPED
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• RANDOM ATTACK• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS• VULNERABLE VERSION OF TIMTHUMB• HACKER’S INTENT: USE SITE FOR SPAM
WHAT I THINK HAPPENED
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
WHY BEING HACKED WAS A “GOOD” THING
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
PERSONAL 5 BEST PRACTICES FOR WEBSITE SECURITY
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
1. LEARN• START WITH BLOG.SUCURI.NET• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)• ACCESS CONTROL• PLATFORM VULNERABILITIES• CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE
ANNOUNCED
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
2. PASSWORDS• USE A PASSWORD MANAGER!• COMPLEX STRUCTURES• UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS• LONGER THAN 10 CHARACTERS• DON’T REUSE PASSWORDS
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
3. UPDATES• CMS• PLUGINS• SERVER
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
4. BACKUPS• ON A SCHEDULE• OFFSITE• TEST FREQUENTLY
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
5. USE PROFESSIONALS• SECURITY IS NOT A DYI PROJECT• ADMIT WHEN OVERWHELMED• EXTRA COST AND TIME TO DO IT IN-HOUSE
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
WHERE TO FIND ME
Twitter @adspedia
Instagram @adspedia
Email [email protected]
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Q & A Tweet us @SucuriSecurity using #AskSucuri
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
THANK YOU!