Internet Security for Bloggers and Podcasters<br />Brian Lockrey<br />http://AssistSocial.com<br />@AssistSocial<br />
Overview<br /><ul><li>Blog Security
WordPress
Social Networking
Micro-Blogging
Podcasts
Advertising
Best Practices</li></li></ul><li>Blog Security: WordPress<br /><ul><li>WordPress Security: Google 11,800,000
Very Popular Platform
Prime Target for Hackers
SEO: Search Engine Optimization
Traffic Redirection
Links to Pharmacy / Adult sites
Graphics Replacement
Ad / Affiliate Redirection
Many others…</li></li></ul><li>Blog Security: WordPress<br /><ul><li>You are on their hit list!
Game… Like you play Guitar Hero…
Always run the latest versions
Backdoor entry points
Passwords for users are downloaded
Upcoming SlideShare
Loading in …5
×

PodCamp Ohio 2009

757 views
704 views

Published on

Internet Security for Bloggers and Podcasters

Published in: Technology, Business, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
757
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PodCamp Ohio 2009

  1. 1. Internet Security for Bloggers and Podcasters<br />Brian Lockrey<br />http://AssistSocial.com<br />@AssistSocial<br />
  2. 2. Overview<br /><ul><li>Blog Security
  3. 3. WordPress
  4. 4. Social Networking
  5. 5. Micro-Blogging
  6. 6. Podcasts
  7. 7. Advertising
  8. 8. Best Practices</li></li></ul><li>Blog Security: WordPress<br /><ul><li>WordPress Security: Google 11,800,000
  9. 9. Very Popular Platform
  10. 10. Prime Target for Hackers
  11. 11. SEO: Search Engine Optimization
  12. 12. Traffic Redirection
  13. 13. Links to Pharmacy / Adult sites
  14. 14. Graphics Replacement
  15. 15. Ad / Affiliate Redirection
  16. 16. Many others…</li></li></ul><li>Blog Security: WordPress<br /><ul><li>You are on their hit list!
  17. 17. Game… Like you play Guitar Hero…
  18. 18. Always run the latest versions
  19. 19. Backdoor entry points
  20. 20. Passwords for users are downloaded
  21. 21. Open Source Software
  22. 22. Backups are essential
  23. 23. Frequent updates are essential
  24. 24. Many others…</li></li></ul><li>Blog Security: WordPress<br /><ul><li>Monitor log files
  25. 25. Block probers if you can
  26. 26. “Powered by WordPress”
  27. 27. Private site or hosted?
  28. 28. WordPress.com
  29. 29. What is your Time worth?
  30. 30. What is your Blog worth?
  31. 31. Delete meta tag that displays WP version</li></li></ul><li>Blog Security: WordPress<br /><ul><li>Turn off Open Registration
  32. 32. WP 2.5+ has better password encryption
  33. 33. Use a Strong admin password!
  34. 34. Limit Search on your server
  35. 35. Protect Directories from public browsing
  36. 36. Drop the version string in Meta Tags</li></li></ul><li>Blog Security: WordPress<br /><ul><li>Limit wp-admin access by IP address
  37. 37. Protect using .htaccess
  38. 38. Protect your MySQL database
  39. 39. Use SSH/Shell access, not FTP
  40. 40. Use SFTP uploads if you can
  41. 41. Use VPN if you can
  42. 42. Never use Telnet!</li></li></ul><li>Hosting Platform?<br /><ul><li>Use Linux / Apache if you can
  43. 43. Do NOT use Microsoft Windows
  44. 44. AutomatticPollDaddy migration
  45. 45. PollDaddy .NET / SQL to PHP/MySQL
  46. 46. Automattic has 1,200 servers in use
  47. 47. Per Matt’s Blog - Stable and Scalable</li></li></ul><li>WordPress: Internals<br /><ul><li>PHP
  48. 48. MySQL
  49. 49. Known Database Schema
  50. 50. Known File Names
  51. 51. Known Folder Names
  52. 52. Known Class Names
  53. 53. Known Function Names</li></li></ul><li>WordPress: Internals<br /><ul><li>PHP – Must be kept updated
  54. 54. MySQL – Must be kept updated
  55. 55. OpenSource Software more secure
  56. 56. Security Through Transparency
  57. 57. Millions of people looking at it
  58. 58. Often fixed quickly</li></li></ul><li>WordPress: Look For?<br /><ul><li>The Obvious
  59. 59. PlugIns that you did not install
  60. 60. header.php changes
  61. 61. Search Engine redirection (hard to detect)
  62. 62. Spammers may hide text
  63. 63. View HTML Source Code
  64. 64. Google records your “bad” content</li></li></ul><li>WordPress: Look For More?<br /><ul><li>New Directories
  65. 65. Your RSS feeds
  66. 66. Search Engines
  67. 67. Google = link:twittgroups.com
  68. 68. Digg, StumbleUpon
  69. 69. Many others…</li></li></ul><li>If You Get Hacked?<br /><ul><li>Just a matter of time
  70. 70. All systems suspect
  71. 71. Change ALL passwords
  72. 72. Backup databases
  73. 73. Update software quickly
  74. 74. Shut down site. Maybe.
  75. 75. Email to security@wordpress.com</li></li></ul><li>WordPress: Plugins / Widgets<br /><ul><li>Only use what you can trust
  76. 76. Watch for suspicious activity
  77. 77. WP Security Scan
  78. 78. File Permissions
  79. 79. Database Security
  80. 80. XSS vulnerabilities
  81. 81. Many others…</li></li></ul><li>Comment Boxes / Widgets<br /><ul><li>Comment Spam
  82. 82. Login Required
  83. 83. reCHAPTCHA codes
  84. 84. Google Friend Connect
  85. 85. OpenID
  86. 86. Twitter OAuth
  87. 87. Many others…</li></li></ul><li>Advertising On Your Blog<br /><ul><li>Google AdWords / AdSense
  88. 88. Others ???
  89. 89. Affiliate Programs
  90. 90. Be Careful…
  91. 91. WordPress Plugins
  92. 92. $5000 per Week? Slim Chance
  93. 93. Should you $$$ to Advertise?</li></li></ul><li>Podcasts<br /><ul><li>Reliable Hosting Service
  94. 94. Your XML feeds
  95. 95. Search Engines
  96. 96. Password Protect the Content Folders
  97. 97. Will keep out the Google Spiders</li></li></ul><li>Best Practices<br /><ul><li>Software Up To Date!
  98. 98. Backup Databases
  99. 99. Directory Protection
  100. 100. File Protection Codes
  101. 101. Remove Install Files
  102. 102. Remove Version #
  103. 103. Layered Software
  104. 104. Keep Your Client Clean!
  105. 105. Don’t use Microsoft Windows Server!</li></li></ul><li>Summary<br /><ul><li>Overwhelmed?
  106. 106. Start Simple
  107. 107. Best Practices
  108. 108. Stay Updated
  109. 109. Follow the Experts
  110. 110. Network with others
  111. 111. Collaborate with others</li></li></ul><li>Questions?@AssistSocial<br />

×