Your SlideShare is downloading. ×
0
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Joomla! Day Poland 2012 - Active Security for Joomla! sites

869

Published on

Published in: Technology, Design
3 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
869
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
3
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Scratches the surface\nImperative everyone follows this advice\n\nNext: Me\n
  • \n
  • \n
  • Make it harder, not impossible\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Whitepixel + cheap hardware\nCosts $2,800\nBreaks 33.1 billion passwords / second\nNext: sample pw\n
  • All about entropy.\nWords stronger than random garbage\nThere’s a catch. All words = 1 day. Add numbers/padding to increase entropy.\nNext: 777\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Ask your questions!\n\nNext: QR-Code\n
  • \n
  • Ask your questions!\n\nNext: QR-Code\n
  • Thank you for listening\n\nTHE END\n
  • Transcript

    • 1. Active securityfor Joomla! sites version 5.2
    • 2. Mission: ImpossibleTalking in-depth about Joomla! security in 30 minutesor less... but I’ll try!
    • 3. Put your pens awaySit back and enjoy
    • 4. A site is like a building• Strong foundations• Careful construction• Active maintenance
    • 5. Step 1: Strong foundationsYour server setup - Geeky stuff ahead!
    • 6. Updated server softwarePHP, MySQL, Apache, FTP Server...
    • 7. mod_security for ApacheYour server’s security guard
    • 8. You need some rulesAtomic (GotRoot) Rules:http://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_RulesOWASP Rules:https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
    • 9. Permissions & ownershipWho can do what and where
    • 10. Sane ownership &permissionsAll files and folders owned by the FTP userFolders: 0755 permissionsFiles: 0644 permissionsUse Joomla!’s FTP mode on shared hostsBetter yet, use suPHP or FastCGI
    • 11. Too much to remember?Akeeba Backup User’s Guide, SecurityInformationhttps://www.akeebabackup.com/documentation/akeeba-backup-documentation/security-info.html777: The number of the beasthttp://www.dionysopoulos.me/blog/777-the-number-of-the-beast
    • 12. Make it all happenThe magic script
    • 13. https://github.com/betweenbrain/ubuntu-web-server-build-scriptwritten by Matt Thomas (@betweenbrain)
    • 14. Step 2: Careful constructionYour site setup
    • 15. Update, yesterdayJoomla! & extensions
    • 16. Think before installingDon’t be the mouse in the trap!
    • 17. Length matters
    • 18. Your Password’s length matters
    • 19. A terrifying thoughtPassword hacking super-computer: 2,700 USD(2 years ago; much cheaper now)
    • 20. How safe is your password? Password Bits Iterations Time to crack15082005 13.6 12416 0.00038 msecadmin 15.9 61147 0.00185 msecortrtaortftaaidbt 67.7 2.39E+20 228.95 years0rtrTA0rtfTa&idbT 88.2 3.55E+26 340 million yearshorse correct battery stapler 107.2 1.86E+32 178179 billion years
    • 21. Lock it downNothing on my site runs unless I say so
    • 22. .htaccess RulesMy Master .htaccess - FREEhttp://akeeba.assembla.com/code/master-htaccess/git/nodes/htaccess.txtAdmin Tools Professional - 20€https://www.akeebabackup.com/products/46-software/855-admintools.html
    • 23. Armor upProtect your site
    • 24. Step 3: Active maintenanceStaying on top of it all
    • 25. BackupsFrequent, automated, off-site backups
    • 26. Monitor file changesA changed file is usually a bad thing
    • 27. Monitor itKeep an eye on the logs
    • 28. In spite of it all…
    • 29. Dammit!You got hacked, now what?
    • 30. DON’TPANIC
    • 31. We’ve got instructions Unhacking your site https://www.akeebabackup.com/documentation/ walkthroughs/item/1124-unhacking-your-site.html You do have backups, right? Make sure you read the instructions before getting hacked.
    • 32. Questions?
    • 33. LE SS ME ! HA UG S PL20% discount on all subscriptionsUse coupon code JD12PLon https://www.AkeebaBackup.com/subscribe
    • 34. “Quick! Snatch this presentation before I do!”http://akeeba.info/asjd12pl
    • 35. Thank you for listening!Image credits: sxc.hu; istockphoto.com

    ×