Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
Witamy w
WordCamp GDYNIA!
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
#wcgdynia
OH NO!
MY WEBSITE HAS BEEN
HACKED
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
Val Vesa
@adspedia
 Social Media and Brand Evangelist at Sucuri
 H...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
My Family
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
I DON'T EAT PORK
WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA
O...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Shoebox Project & WordPress
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
MY FIRST WORDPRESS INSTALL: 2009
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
HACKED
DEC 22 2014
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• Emails I never sent were returning: SPAM generated from si...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
SELF MITIGATION
ATTEMPT
• Were there any .htaccess edits don...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Until December 24 2014
When..
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
HACKED
DEC 24 2014
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
TIME TO ASK FOR HELP
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM
• INITIAL EVALUATI...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• RANDOM ATTACK
• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
WHY BEING HACKED WAS A “GOOD” THING
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
PERSONAL 5 BEST PRACTICES
FOR WEBSITE SECURITY
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICA...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
2. PASSWORDS
• USE A PASSWORD MANAGER!
• COMPLEX STRUCTURES
...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
3. UPDATES
• CMS
• PLUGINS
• SERVER
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
4. BACKUPS
• ON A SCHEDULE
• OFFSITE
• TEST FREQUENTLY
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
5. USE PROFESSIONALS
• SECURITY IS NOT A DYI PROJECT
• ADMIT...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
WHERE TO FIND ME
Twitter @adspedia
Instagram @adspedia
Email...
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Q & A
Tweet us @SucuriSecurity using #AskSucuri
OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
THANK YOU!
Upcoming SlideShare
Loading in …5
×

Oh no! My website has been hacked and why that was a good thing

190 views

Published on

This presentation talks about my passion for WordPress and how the first time I experienced having my website hacked, helped me create a secured online presence for our family project, turned multinational charity program and landed me my dream job, allowing me to work to protect WordPress sites from hackers.
It opened opportunities, allows me to work remotely for an American company, while still living in Europe (Cluj, Romania) and also providing enough time to manage the volunteers behind the ShoeBox Project.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Oh no! My website has been hacked and why that was a good thing

  1. 1. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia Witamy w WordCamp GDYNIA!
  2. 2. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia #wcgdynia OH NO! MY WEBSITE HAS BEEN HACKED
  3. 3. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia Val Vesa @adspedia  Social Media and Brand Evangelist at Sucuri  Husband, father of two  Passion for travel and Instagram photography
  4. 4. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR My Family
  5. 5. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  6. 6. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  7. 7. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  8. 8. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR I DON'T EAT PORK WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA OR SEA FOOD
  9. 9. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR Shoebox Project & WordPress
  10. 10. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  11. 11. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  12. 12. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR MY FIRST WORDPRESS INSTALL: 2009
  13. 13. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  14. 14. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  15. 15. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  16. 16. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  17. 17. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR HACKED DEC 22 2014
  18. 18. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR • Emails I never sent were returning: SPAM generated from site • The host warned us they will SUSPEND the website • EMAIL was now DOWN • In mid project phase we were without an online presence • Blacklisted website: visitors going to the website were seeing the “attack site” warning, endangering credibility IMPACTS
  19. 19. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access? • Check WordPress users list, any recent additions there? • Study MySQL/phpMyAdmin for unusual content • Change passwords: FTP, cPanel • Scan access computer for keyloggers and malware • Did a good job: my website was clean and back online
  20. 20. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR Until December 24 2014 When..
  21. 21. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR HACKED DEC 24 2014
  22. 22. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR TIME TO ASK FOR HELP
  23. 23. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  24. 24. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  25. 25. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR • LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM • INITIAL EVALUATION WAS PERFORMED IN THE CHAT • SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL • 40 MINUTES LATER WEBSITE WAS CLEANED • RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP • REMOVED FROM BLACKLIST THE NEXT DAY HOW SUCURI HELPED
  26. 26. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR • RANDOM ATTACK • DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS • VULNERABLE VERSION OF TIMTHUMB • HACKER’S INTENT: USE SITE FOR SPAM WHAT I THINK HAPPENED
  27. 27. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  28. 28. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR WHY BEING HACKED WAS A “GOOD” THING
  29. 29. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  30. 30. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR PERSONAL 5 BEST PRACTICES FOR WEBSITE SECURITY
  31. 31. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR 1. LEARN • START WITH BLOG.SUCURI.NET • EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL) • ACCESS CONTROL • PLATFORM VULNERABILITIES • CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE ANNOUNCED
  32. 32. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR 2. PASSWORDS • USE A PASSWORD MANAGER! • COMPLEX STRUCTURES • UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS • LONGER THAN 10 CHARACTERS • DON’T REUSE PASSWORDS
  33. 33. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR 3. UPDATES • CMS • PLUGINS • SERVER
  34. 34. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR 4. BACKUPS • ON A SCHEDULE • OFFSITE • TEST FREQUENTLY
  35. 35. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR 5. USE PROFESSIONALS • SECURITY IS NOT A DYI PROJECT • ADMIT WHEN OVERWHELMED • EXTRA COST AND TIME TO DO IT IN-HOUSE
  36. 36. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR WHERE TO FIND ME Twitter @adspedia Instagram @adspedia Email valentin@sucuri.net
  37. 37. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR
  38. 38. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia WEBINAR Q & A Tweet us @SucuriSecurity using #AskSucuri
  39. 39. OH NO! MY WEBSITE HAS BEEN HACKED Val Vesa| @adspedia THANK YOU!

×