3. • Website Security Company
• Global Operations
• Platform Agnostic (i.e., WordPress, Joomla, etc..)
• Scan 2M Unique Domains a Month
• Block 4M web attacks a Month
• Remediate 400 – 500 websites a day
• Signature / Heuristic Based
• 24/7 operations
@perezbox | @sucuri_security
4. Implications of a Hack
• Emotionally Daunting
• Brand Reputation (i.e., Blacklisting)
• Direct / Indirect Impacts to your Clients
• Technically Exhausting
• Resource Overload
• Economic Impacts To Your Business
@perezbox | @sucuri_security
9. Terminal
• Example 1: Dump the content of a site
$ curl --location -D - site.com
• Example 2: Dump the content of a site, faking
Googlebot user agent
$ curl --location -D - -A "Googlebot" site.com
• Example 3: Dump the content of a site, using
Facebook's referrer
$ curl --location -D - --referer "http://facebook.com" site.com
Command Cheat Sheet: http://files.fosswire.com/2007/08/fwunixref.pdf@perezbox | @sucuri_security
15. Malicious Redirects
• Easy / Medium to Detect
– Be mindful of conditionals
• Looking for Integrity Issues
– Has something been modified?
• Common location[s]:
– .htaccess
– Index.php
– Footer.php
– Header.php
• Biggest Issue
– Redirectors are becoming highly complex
– Employing heavy conditional elements
@perezbox | @sucuri_security
22. Backdoors, cntd…
• Targets Search Engines (i.e., Google, Bing, Yahoo)
• Looking for Integrity Issues
– Have your posts / pages been modified?
• Common location[s]:
– Index.php (root, theme, plugins, etc..)
– Header.php
– Footer.php
– Embedded in Database (Posts / Pages)
• Biggest Issue
– Continuous to evolve
– Highly conditional
– Not within visible range – often offscreen
@perezbox | @sucuri_security
23. Indicators of a Hack
Search Engines have gotten pretty good at detecting issues –
Google blacklists over 10 thousand websites a day.
@perezbox | @sucuri_security
28. Protection
Website Firewalls - Stop attackers and protect your website from getting hacked:
• Denial of Service Attacks
• Brute Force Attacks
• Software Vulnerability Exploitation
• Malware Injections
• Direct Backdoor Access
• Abusing Access Controls (i.e., wp-admin)
@perezbox | @sucuri_security
29. Auditing
• Understand what is
going on at all time
– Who is logging in?
– Who is trying to log in?
– What files are changing?
– Has a post been
created?
– Has a page been
created?
– Are there any integrity
issues?
@perezbox | @sucuri_security
32. Reset Secret Key’s / Salts
People don’t think about this, but it’s a necessity
to clear any open states – it forces everyone off
their session.
Source: https://api.wordpress.org/secret-key/1.1/salt/
@perezbox | @sucuri_security
33. Force Password Resets
Many people will reset their password, few will
actually reset everyone’s post-hack.
@perezbox | @sucuri_security
35. Clean Your House
• Least Privileged
– Reduce Unnecessary Privileges – everyone does
not have to be an admin
• Remove unused software
– CMS Applications
– Extensions (Themes, Plugins, etc..)
@perezbox | @sucuri_security
38. Good Reading Material
Dealing with Malware http://blog.sucuri.net/2012/10/dealing-with-todays-
wordpress-malware.html
Leveraging Google Webmaster Tools http://www.unmaskparasites.com/malware-
warning-guide/
Google Webmaster Tools (Hacked) http://www.google.com/webmasters/hacked/
Understanding Google’s Blacklists http://blog.sucuri.net/2013/11/understanding-
googles-blacklist-cleaning-your-hacked-website-and-
removing-from-blacklist.html
Clearing Your Website with Free
Scanner
http://blog.sucuri.net/2013/10/cleaning-up-your-
wordpress-site-with-the-free-sucuri-plugin.html
WordPress Tips & Tricks http://blog.sucuri.net/2012/07/website-malware-
removal-wordpress-tips-tricks.html
Prepared against a Hack? http://www.smashingmagazine.com/2014/05/30/ar
e-you-prepared-against-a-hack/
@perezbox | @sucuri_security
39. PADS = Sucuri
• Complete Website Security with Sucuri
• WPSessions Attendees Only
– 30% off any plan for life
– Contact Tony: tony@sucuri.net
– Reference: WPSESS2014
– Include: Email used in WPSessions Account
@perezbox | @sucuri_security