Protecting your site by detection
-
Upload
marko-heijnen -
Category
Technology
-
view
385 -
download
1
Transcript of Protecting your site by detection
Marko Heijnen• Founder of CodeKitchen
• Lead developer of GlotPress
• Core contributor for WordPress
• Plugin developer
• Organizer for WordCamp Belgrade
• Using lots of (new) technologies
Stats first 5 months of 2015• 3 core security updates
• Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions
• Cross-site scripting (XSS) vulnerability inside the popular JetPack plugin. and the default Twenty Fifteen theme because of genericons.
Detection of your install• Updates of WordPress, Plugins and themes
• Failed login attempts
• Security issues in plugins and themes
• Security enhancements reported by core
• List of plugins/themes you don’t use
Detection what is going on• Requests to plugins you don’t have (404’s)
• Permissions of your folders/files
• Check if files got changed (Core, plugins, themes)
• Check if files got added (Core, plugins, themes)
• What is in your uploads folder (PHP files)
Software for security I use• modsecurity / UFW on every server (default blocks
all)
• fail2ban
• apticron (only 1 per matching type)
• apt-dater-host (in combination with apt-dater)
• Own code
Apticron• Cronjob checking if there are updates
• Mail you when there are updates
• Can mail the total list or only new updates
Apt-dater and Apt-dater-host• Terminal-based remote package update manager
• A tool to manage a lot of servers
• Grouped same servers
• Install and update packages
My server setup
fail2ban modsecurity
ufw apticron
apt-dater-host
ufw apticron (web1) apt-dater-host ufw
apticron apt-dater-host
Loadbalancer
Webserver 1
Webserver 2
Memcached
Elasticsearch
MariaDB
Features• List all Linux packages
• List all PECL updates
• Shows if WP-CLI needs updating
• Restart services
Features• List all WordPress updates
• Ability to perform updates when allowed
• Checksum scans
• Upload directory scans
• Doing backups
• Send WP CLI command
WP Central API• http://wpcentral.io/api/
• First started with contributors
• After that stats
• Now creating checksums for plugins and themes
• Soon similar functionality as wpvulndb.com
Node.js server• WordPress calls a microserver (nginx)
• nginx calls node.js server
• Returns the data when exists
• Will return error when not and generates the checksums behind the scene
WP Central API• http://wpcentral.io/api/checksums/theme/
twentyfifteen/1.2
• [{"code":"wpcentral_server_error","message":"Generating checksums”}]
• [{"file":"header.php","checksum":"c0919b5f4b6e4f3a58b858b2305e9146"},{},{},{},{},{},{},{},{},{},{},{},{},{}]
OSSEC• An Open Source Host-based Intrusion Detection
System
• Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response
• Works with a manager and agents
• https://hackertarget.com/defending-wordpress-ossec/
Thank you for listening
Questions?@markoheijnen
markoheijnen.com
codekitchen.eu