Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sucuri Webinar: Oh No! My Website Has Been Hacked.

540 views

Published on

On December 22, 2014 at 4 AM , Valentin Vesa, Founder of the ShoeBox Project Romania, experienced his worst nightmare come to life during the charity's prime season... The website had been hacked and was blacklisted by Google.

Published in: Internet

Sucuri Webinar: Oh No! My Website Has Been Hacked.

  1. 1. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR WELCOME!
  2. 2. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR KRISTEN THOMAS Community Manager Community Engagement Team @kdthomas327
  3. 3. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR HOUSEKEEPING ITEMS ● Poll questions on your screen ● Q&A ● Place questions in Q&A box ● Ask Questions right away ● Use #AskSucuri on twitter to engage ● Questions will be answered and delivered post-webinar ● Brief survey at the end of the presentation ● Presentation Video
  4. 4. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR #AskSucuri OH NO! MY WEBSITE HAS BEEN HACKED
  5. 5. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR Val Vesa @adspedia  Social Media and Brand Evangelist at Sucuri  Husband, father of two  Passion for travel and Instagram photography
  6. 6. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR My Family
  7. 7. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  8. 8. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  9. 9. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  10. 10. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR I DON'T EAT PORK WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA OR SEA FOOD
  11. 11. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR Shoebox Project & WordPress
  12. 12. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  13. 13. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  14. 14. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR MY FIRST WORDPRESS INSTALL: 2009
  15. 15. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  16. 16. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  17. 17. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  18. 18. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  19. 19. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR HACKED DEC 22 2014
  20. 20. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR • Emails I never sent were returning: SPAM generated from site • The host warned us they will SUSPEND the website • EMAIL was now DOWN • In mid project phase we were without an online presence • Blacklisted website: visitors going to the website were seeing the “attack site” warning, endangering credibility IMPACTS
  21. 21. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access? • Check WordPress users list, any recent additions there? • Study MySQL/phpMyAdmin for unusual content • Change passwords: FTP, cPanel • Scan access computer for keyloggers and malware • Did a good job: my website was clean and back online
  22. 22. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR Until December 24 2014 When..
  23. 23. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR HACKED DEC 24 2014
  24. 24. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR TIME TO ASK FOR HELP
  25. 25. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  26. 26. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  27. 27. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR • LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM • INITIAL EVALUATION WAS PERFORMED IN THE CHAT • SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL • 40 MINUTES LATER WEBSITE WAS CLEANED • RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP • REMOVED FROM BLACKLIST THE NEXT DAY HOW SUCURI HELPED
  28. 28. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR • RANDOM ATTACK • DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS • VULNERABLE VERSION OF TIMTHUMB • HACKER’S INTENT: USE SITE FOR SPAM WHAT I THINK HAPPENED
  29. 29. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  30. 30. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR WHY BEING HACKED WAS A “GOOD” THING
  31. 31. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  32. 32. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR PERSONAL 5 BEST PRACTICES FOR WEBSITE SECURITY
  33. 33. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR 1. LEARN • START WITH BLOG.SUCURI.NET • EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL) • ACCESS CONTROL • PLATFORM VULNERABILITIES • CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE ANNOUNCED
  34. 34. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR 2. PASSWORDS • USE A PASSWORD MANAGER! • COMPLEX STRUCTURES • UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS • LONGER THAN 10 CHARACTERS • DON’T REUSE PASSWORDS
  35. 35. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR 3. UPDATES • CMS • PLUGINS • SERVER
  36. 36. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR 4. BACKUPS • ON A SCHEDULE • OFFSITE • TEST FREQUENTLY
  37. 37. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR 5. USE PROFESSIONALS • SECURITY IS NOT A DYI PROJECT • ADMIT WHEN OVERWHELMED • EXTRA COST AND TIME TO DO IT IN-HOUSE
  38. 38. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR WHERE TO FIND ME Twitter @adspedia Instagram @adspedia Email valentin@sucuri.net
  39. 39. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR
  40. 40. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR Q & A Tweet us @SucuriSecurity using #AskSucuri
  41. 41. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR Val Vesa| @adspedia #AskSucuri WEBINAR THANK YOU!

×