Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Why My Website Sells Viagra

29,398 views

Published on

WordPress End-User Security - WordCamp Atlanta - Dre Armeda, CISSP

Published in: Technology
  • ★★ How Long Does She Want You to Last? ★★ A recent study proved that the average man lasts just 2-5 minutes in bed (during intercourse). The study also showed that many women need at least 7-10 minutes of intercourse to reach "The Big O" - and, worse still... 30% of women never get there during intercourse. Clearly, most men are NOT fulfilling there women's needs in bed. Now, as I've said many times - how long you can last is no guarantee of being a GREAT LOVER. But, not being able to last 20, 30 minutes or more, is definitely a sign that you're not going to "set your woman's world on fire" between the sheets. Question is: "What can you do to last longer?" Well, one of the best recommendations I can give you today is to read THIS report. In it, you'll discover a detailed guide to an Ancient Taoist Thrusting Technique that can help any man to last much longer in bed. I can vouch 100% for the technique because my husband has been using it for years :) Here's the link to the report ♣♣♣ http://ishbv.com/rockhardx/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • ➤➤ How Long Does She Want You to Last? Here's the link to the FREE report ★★★ http://ishbv.com/rockhardx/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Very good! Congratulations!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • hola
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • This is good. Raising the bar from a programmer pov. I like it.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Why My Website Sells Viagra

  1. 2. DRE ARMEDA,CISSP @ DREMEDA <ul><li>CO-FOUNDER AT SUCURI SECURITY </li></ul><ul><li>ORGANIZER, WORDCAMP SAN DIEGO </li></ul><ul><li>12 YEAR NAVY VETERAN </li></ul><ul><li>1 ST WORDPRESS THEME IN 2005 </li></ul><ul><li>LOVES TACOS </li></ul><ul><li>DIEHARD CHARGERS FAN </li></ul><ul><li>RIDES A HARLEY </li></ul>SUCURI .NET DRE .IM
  2. 3.
  3. 4. THE WEB IS GROWING <ul><li>Over 2 Billion internet users today. 480% growth in the last 11 years. (Internet World Stats) </li></ul><ul><li>300 million websites were added to the internet in 2011 (Pingdom) </li></ul><ul><li>100,000+ domains gained weekly (Global Domain Registry) </li></ul>
  4. 5. INNOVATION & CREATIVITY
  5. 6.
  6. 7.
  7. 8.
  8. 9.
  9. 10. ITS NOT ALL PEACHY
  10. 11.
  11. 12. WHAT IS MALWARE? <ul><li>SEO spam, JavaScript & iFrame attacks, and malicious redirects are a couple web-based malware examples. </li></ul>Malware, short for malicious software, is a software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems.
  12. 14. ATTACKERS LOVE YOU <ul><li>Monitor your web browsing and internet usage </li></ul><ul><li>Forced advertising </li></ul><ul><li>Redirect affiliate marketing revenue </li></ul>
  13. 15. HOW BAD IS IT? <ul><li>Over 2 million new malware strings monthly (McAfee) </li></ul><ul><li>Cost to US consumers alone = over $2.3 billion in 2010. (Consumer Reports) </li></ul><ul><li>Google Safe Browsing issues over 3 million malware warnings a day. (Google) </li></ul>
  14. 16.
  15. 17. ENCODED JAVASCRIPT Impact: Website pages may be used to serve malicious downloads to visitors. Downloads may be used to infect desktop computers, and/or exploit FTP info. Typical Entry Point: Outdated, known vulnerable software; exploited desktop computers; exploited FTP credentials. JavaScript that is obfuscated(hidden) so that you can’t tell what it is. It is injected into files/pages on the site and used to serve malware.
  16. 18. ENCODED JAVASCRIPT /wp-admin/js/cat.js – CLEAN
  17. 19. ENCODED JAVASCRIPT /wp-admin/js/cat.js – INFECTED
  18. 20. ENCODED JAVASCRIPT /wp-admin/js/cat.js – INFECTION DECODED – Somewhat 
  19. 21. ENCODED JAVASCRIPT <ul><li>Attacker scans for known vulnerable software (Old WordPress installations, plugins, themes). Attack stems from exploited desktop which steals FTP information. </li></ul><ul><li>Backdoor file inserted into the environment. This gives the attacker remote access into your world </li></ul><ul><li>Payload inserted into various Javascript files and/or encoded and hidden in theme, plugin files. </li></ul><ul><li>You’ve just enabled your visitors to load fake anti-virus and other cool downloads from your site  </li></ul>How it works:
  20. 22. ENCODED JAVASCRIPT <ul><li>Encoded JavaScript Resources: </li></ul><ul><li>http://www.schillmania.com/content/entries/2009/javascript-malware-obfuscation- analysis </li></ul><ul><li>http://www.slideshare.net/yusufmotiwala/reverse-engineering-malicious- javascript </li></ul><ul><li>http://www.infosecisland.com/videos-view/19101-Malware-Analysis-How-to-Decode-JavaScript- Obfuscation.html </li></ul>QUICK TIP: Check Google to see if you’re infected - site:{yourdomain.com} viagra
  21. 23. CONDITIONAL REDIRECTS Impact: When traffic is coming from a specific referrer (i.e. Google, Bing), the site is redirected to a malicious website. Typical Entry Point: Outdated, known vulnerable software. An attack the causes a website to redirect to a malicious website based on referrer, web browser, operating system.
  22. 24. CONDITIONAL REDIRECTS Infected .htaccess file:
  23. 25. CONDITIONAL REDIRECTS Result of conditional redirect:
  24. 26. CONDITIONAL REDIRECTS <ul><li>Attacker scans for known vulnerable software (Old WordPress installations, plugins, themes). </li></ul><ul><li>Backdoor file inserted into the environment. This gives the attacker remote access into your world </li></ul><ul><li>.htaccess file entries are created to load redirected. Encoded redirect code can also be added to index files. </li></ul><ul><li>You’re now redirecting to some cool malware awesomeness. </li></ul>How it works:
  25. 27. CONDITIONAL REDIRECTS <ul><li>Conditional Redirects Resources: </li></ul><ul><li>http://blog.sucuri.net/2011/11/the-new-and-old-htaccess-attacks-now-using-in- domains.html </li></ul><ul><li>http ://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess- malware.html </li></ul><ul><li>http://sucuri.net/malware-update-timthumb-php-and-htaccess-redirection.html </li></ul>
  26. 28. PHARMA HACK Impact: Website page and post titles, descriptions and links are changed to display pharmaceutical ads and links back to malicious websites on search engine result pages. Typical Entry Point: Outdated, known vulnerable software. Pharma Hack is a type of SEO poisoning. Attackers manipulate their search engine results to make their links appear higher than legitimate results.
  27. 29. PHARMA HACK Results of scanning rendered source.:
  28. 30. PHARMA HACK Google Search Engine Results:
  29. 31. PHARMA HACK <ul><li>Attacker scans for known vulnerable software (Old WordPress installations, plugins, themes) </li></ul><ul><li>Backdoor file inserted into the environment. This gives the attacker remote access into your world </li></ul><ul><li>Control file is inserted into core application or plugin files. This file acts as a connection from the backdoor to the database. </li></ul><ul><li>Payload is dropped into the database and Viva Viagra! </li></ul>How it works: QUICK TIP: Check Google to see if you’re infected - site:{yourdomain.com} viagra
  30. 32. PHARMA HACK <ul><li>Pharma Hack Resources: </li></ul><ul><li>http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on- wordpress.html </li></ul><ul><li>http://blog.sucuri.net/2011/02/cleaning-up-an-infected-web-site-part-i-wordpress-and-the-pharma- hack.html </li></ul><ul><li>http://www.pearsonified.com/2010/04/wordpress-pharma- hack.php </li></ul><ul><li>http://wpdude.com/refreshing-google-index-after-pharma- hack </li></ul>QUICK TIP: Check Google to see if you’re infected - site:{yourdomain.com} viagra
  31. 33.
  32. 34. WHAT IS SECURITY? PROTECTING THINGS OF VALUE FROM HARM’S WAY.
  33. 35. HOW & WHY
  34. 36. AM I SECURE The percentage of risk can never be 0! The name of the game is minimizing risk.
  35. 38. LOCAL MACHINE <ul><li>Ensure your local machine stays updated </li></ul><ul><li>Use an Anti-Virus solution & enable auto-updates </li></ul><ul><ul><li>Mac – Sophos Anti-Virus for Mac Home Edition </li></ul></ul><ul><ul><li>Windows - AVG Anti-Virus Free </li></ul></ul><ul><li>Don’t store server credentials on your local machine </li></ul>
  36. 39. CONNECT TO YOUR SITE <ul><li>Consider using sFTP or SSH instead of FTP. </li></ul><ul><li>If you’re stuck with FTP: </li></ul><ul><ul><ul><li>Deny anonymous login </li></ul></ul></ul><ul><ul><ul><li>Limit connections </li></ul></ul></ul><ul><li>Practice least privilege </li></ul><ul><li>Don’t store server credentials on your local machine </li></ul>
  37. 40. PASSWORDS <ul><li>Change them often </li></ul><ul><li>Don’t write them down, or share them </li></ul><ul><li>Passwords are like toothbrushes, you should keep them to yourself. And discard them, and get a new one, if they have been used by others. </li></ul><ul><li>Don’t use the same password across all your accounts </li></ul><ul><li>Use a password manager </li></ul><ul><ul><ul><li>KeePass Password Safe </li></ul></ul></ul><ul><ul><ul><li>LastPass </li></ul></ul></ul><ul><ul><ul><li>1Password </li></ul></ul></ul>
  38. 41. WHO HOSTS YOU? <ul><li>CHEAP DOES NOT ALWAYS MEAN BEST, OR SAFEST! </li></ul><ul><li>DO YOUR RESEACH! </li></ul><ul><li>What software are they running? How often do they update? </li></ul><ul><li>How are server and support credentials stored & who has access? Are they 1 in the same? </li></ul><ul><li>What is their malware remediation process? </li></ul><ul><li>How many sites have been infected? </li></ul><ul><li>http://www.google.com/safebrowsing/diagnostic?site=google.com </li></ul>
  39. 42. GARAGE CLEANING <ul><li>IF YOU’RE NOT USING IT, REMOVE IT! </li></ul><ul><li>UPDATE UPDATE UPDATE UPDATE UPDATE </li></ul><ul><li>Only load what’s needed to get your job done. </li></ul><ul><li>Check your file and directory permissions. </li></ul><ul><li>Remove user accounts! – Practice least privilege. </li></ul><ul><li>Have you changed your password lately? </li></ul><ul><li>UPDATE UPDATE UPDATE UPDATE UPDATE </li></ul>
  40. 43.
  41. 44. BACKUP YOUR WEBSITE <ul><li>NO BACKUPS = BOOOOO! </li></ul><ul><li>BackupBuddy - http:// pluginbuddy.com/ backupbuddy / </li></ul><ul><li>VaultPress – http://vaultpress.com </li></ul>
  42. 45. MALWARE SCAN <ul><li>IS YOUR SITE INFECTED? </li></ul><ul><li>Unmask Parasites – http://unmaskparasites.com </li></ul><ul><li>Sucuri SiteCheck – http://sitecheck.sucuri.net </li></ul>
  43. 46. MALWARE CLEAN UP <ul><li>IS YOUR SITE INFECTED? </li></ul><ul><li>VaultPress – http://vaultpress.com </li></ul><ul><li>Sucuri Security – http://sucuri.net </li></ul>
  44. 47. WORDPRESS PLUGINS <ul><li>WordPress Exploit Scanner </li></ul><ul><li>BulletProof Security </li></ul><ul><li>Login Lockdown </li></ul><ul><li>Sucuri SiteCheck Malware Scanner </li></ul>

×