Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
L33T H4X0RzL33T H4X0Rz
How did (s)he get into my site?
Or am I safe? “Are you sure…?”
How can I prevent it? How can I fix ...
Importance of encryption (HTTPS – SSL)
» As promised: WIFI-sniffing…
› HTTP versus HTTPS
› FTP versus sFTP
› Telnet versus...
How easy it is...
» How to hack a joomla site prior to Joomla 3.6.4
› https://www.exploit-db.com/exploits/40637/
› joomraa...
How can I see if my site is hacked?
» Because they want you to see… (defacement)
» Because your server is being heavily (a...
Hacking history
» Hacking for fun
» Ideology
» Hacking for money
› Botnet
› Sending out spam
› DDOS-attacks
› Bitcoin mini...
Where to attack...
» OSI Network layers
» PEBCAK
Misconception N° 1 : My site is not attacked
» Professional (criminal) hackers get rich through not getting caught
› They ...
Misconception N° 2 : Logs are heard to read
» 127.0.0.1 = IP address of client (remote host)
» – = (unknown: hyphen) ident...
Misconception N° 3 : You’re not stupid if they get you
» Social Engineering
› https://youtu.be/F78UdORll-Q?t=1m25s
» Ninja...
Digital hygiene for you as a web admin
» Train your clients
› Use safe passwords
› Don’t share passwords – add users
» Don...
Digital hygiene for your website
» Use a reliable hosting company
» It’s not always better if you do it yourself
» Do your...
FCW – CC BY SA 4.0
» This is a free cultural work (freedomdefined.org)
» … it is available under Creative Commons Share-Al...
Questions?
Keep your logs...
» Store your access logs long enough… (screenshot Siteground)
› Download to your computer
› Or keep them...
Upcoming SlideShare
Loading in …5
×

L33t h4x0rz

192 views

Published on

How did (s)he get into my site? How to prevent getting hacked.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

L33t h4x0rz

  1. 1. L33T H4X0RzL33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?
  2. 2. Importance of encryption (HTTPS – SSL) » As promised: WIFI-sniffing… › HTTP versus HTTPS › FTP versus sFTP › Telnet versus SSH › IMAP with or without SSL https://www.youtube.com/watch?v=r0l_54thSYU&t=143s
  3. 3. How easy it is... » How to hack a joomla site prior to Joomla 3.6.4 › https://www.exploit-db.com/exploits/40637/ › joomraa.py › Replace innocent payload with dangerous stuff… › Show content of configuration.php › Send configuration.php to some remote location (e.g. a pastebin) › Incorporate in a botnet › Send out spam › ... ›
  4. 4. How can I see if my site is hacked? » Because they want you to see… (defacement) » Because your server is being heavily (ab)used… » Because they’re fighting for your site… › Some hacker could even update your site… › … to prevent other hackers from getting in (and stealing their turf) » Because you bumped into something suspicious (by accident) » Because your host contacted you (good host!) » Because you read your server logs… » A good hack(er) remains invisible
  5. 5. Hacking history » Hacking for fun » Ideology » Hacking for money › Botnet › Sending out spam › DDOS-attacks › Bitcoin mining › Stealing data › Keyloggers › Webcam & microphone › Penetration testing
  6. 6. Where to attack... » OSI Network layers » PEBCAK
  7. 7. Misconception N° 1 : My site is not attacked » Professional (criminal) hackers get rich through not getting caught › They love you when you have a flexible server (e.g. Amazon S3 cloud) » Check your logs – all sites get attacked all the time Wordpress links on a Joomla site?
  8. 8. Misconception N° 2 : Logs are heard to read » 127.0.0.1 = IP address of client (remote host) » – = (unknown: hyphen) identity of the client (unreliable) » Frank = userid of person requesting document (inside network) » [10/Oct/2000:13:55:36 -0700] = Moment of request » "GET /apache_pb.gif HTTP/1.0" = Request sent to server » 200 = Status code server sent back » 2326 = size in bytes of packet returned » Easy to read, but big data… analysis is difficult › SEO › Network analysis › Penetration › …
  9. 9. Misconception N° 3 : You’re not stupid if they get you » Social Engineering › https://youtu.be/F78UdORll-Q?t=1m25s » Ninja’s in the street › https://youtu.be/F78UdORll-Q?t=9m23s » So you have a sticker over your webcam › … how about your mic? › … how about your smartphone? » You are not a target › your website/server could be more interesting
  10. 10. Digital hygiene for you as a web admin » Train your clients › Use safe passwords › Don’t share passwords – add users » Don’t (over)charge to add users (it’s better than sharing passwords) » Don’t connect using FTP, HTTP » Don’t use public WiFi for confidential tasks (it can be spoofed) » Use third parties where you are not an expert » Use reliable extension & template developers » “Remember Password” also sends out your password!
  11. 11. Digital hygiene for your website » Use a reliable hosting company » It’s not always better if you do it yourself » Do your updates (core + extensions) › Use well supported extensions » Disable or remove unused extensions » Enable 2 factor authentication if possible » Make and test backups › before every update › after every big content update › Not stored on the server » Use HTTPS (and SFTP or SSH to connect) › Check your SSL: https://www.ssllabs.com
  12. 12. FCW – CC BY SA 4.0 » This is a free cultural work (freedomdefined.org) » … it is available under Creative Commons Share-Alike Attribution license. › Feel fre to › … share the work › … edit, tweak, improve the work › Please do respect these conditions: › Attribution › Place a link to the original work › Share your work under this license too
  13. 13. Questions?
  14. 14. Keep your logs... » Store your access logs long enough… (screenshot Siteground) › Download to your computer › Or keep them on the server

×