9. @adspedia / #WCSea
RESPONSIBILITIES AS WEBSITE OWNERS
ENSURE THAT OUR AUDIENCE IS SAFE
ENSURE THAT WE ARE GOOD STEWARDS OF THE INTERNET
- Tony Perez
14. @adspedia / #WCSea
IMPACTS
• Emails I never sent were returning: SPAM generated from site
• The host warned us they will SUSPEND the website
15. @adspedia / #WCSea
IMPACTS
• Emails I never sent were returning: SPAM generated from site
• The host warned us they will SUSPEND the website
• EMAIL was now DOWN
16. @adspedia / #WCSea
IMPACTS
• Emails I never sent were returning: SPAM generated from site
• The host warned us they will SUSPEND the website
• EMAIL was now DOWN
• In mid project phase we were without an online presence
17. @adspedia / #WCSea
IMPACTS
• Emails I never sent were returning: SPAM generated from site
• The host warned us they will SUSPEND the website
• EMAIL was now DOWN
• In mid project phase we were without an online presence
• Blacklisted website: visitors going to the website were seeing the “attack site” warning,
endangering credibility
20. @adspedia / #WCSea
SELF MITIGATION ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
21. @adspedia / #WCSea
SELF MITIGATION ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
22. @adspedia / #WCSea
SELF MITIGATION ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
• Study MySQL/phpMyAdmin for unusual content
23. @adspedia / #WCSea
SELF MITIGATION ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
• Study MySQL/phpMyAdmin for unusual content
• Change passwords: FTP, cPanel
24. @adspedia / #WCSea
SELF MITIGATION ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
• Study MySQL/phpMyAdmin for unusual content
• Change passwords: FTP, cPanel
• Scan access computer for keyloggers and malware
25. @adspedia / #WCSea
SELF MITIGATION ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
• Study MySQL/phpMyAdmin for unusual content
• Change passwords: FTP, cPanel
• Scan access computer for keyloggers and malware
• Did a good job: my website was clean and back online
33. @adspedia / #WCSea
WHAT I THINK HAPPENED
• RANDOM ATTACK
• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS
34. @adspedia / #WCSea
WHAT I THINK HAPPENED
• RANDOM ATTACK
• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS
• VULNERABLE VERSION OF TIMTHUMB
35. @adspedia / #WCSea
WHAT I THINK HAPPENED
• RANDOM ATTACK
• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS
• VULNERABLE VERSION OF TIMTHUMB
• HACKER’S INTENT: USE SITE FOR SPAM
43. @adspedia / #WCSea
A RANDOM LIST
•WordFence
•BulletProof Security
•Sucuri Security
•iThemes Security
•Acunetix Secure WordPress
•All In One WP Security
•Hide My WP
47. @adspedia / #WCSea
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
48. @adspedia / #WCSea
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
• ACCESS CONTROL
49. @adspedia / #WCSea
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
• ACCESS CONTROL
• PLATFORM VULNERABILITIES
50. @adspedia / #WCSea
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
• ACCESS CONTROL
• PLATFORM VULNERABILITIES
• CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE ANNOUNCED
This is Maria when she was 7, back in 2007, we’re now at 11th year and she is 18 now.
2006 IN FAMILY, TEACHING OUR SON LUCA TO SHARE WITH OTHER KIDS WHOSE PARENTS COULD NOT AFFORD CHRISTMAS GIFTS
2017: 250.000+ BOXES || 26 COUNTRIES, 371 CITIES AND 816 COLLECTION CENTRES.
… SO IN 2009 WE WANTED A WEBSITE FOR THE PROJECT
MY FIRST WORDPRESS INSTALL
SIMPLE AUTO-INSTALLER FROM CPANEL WITHOUT ANY SECURITY SETUP OR HARDENED PROCEDURES
STARTED SHOEBOX.RO ON DECEMBER 7, 2009.
BASIC WORDPRESS INSTALL, FREE THEME FROM VLADSTUDIO.COM
- Everything was great until…
REACHING THE END OF MY PERSONAL WEBSITE SECURITY KNOWLEDGE I DECIDED IT IS TIME TO ASK FOR HELP
LOOKED UP “HACKED WORDPRESS CLEANING SERVICES” AND FEW CLICKS AND REVIEWS LATER, I FOUND:
- THEY HAD A LIVE CHAT AT 4AM MY TIME!!!
- AGENT WAS CALM, VERY WELL INFORMED ABOUT TECHNOLOGY AND WEBSITE SECURITY
- WEBSITE WAS BACK ONLINE IN ~40 MINUTES
2009-2014: CONTINUOUS IMPROVEMENTS, CHANGED THEME, ADDED USERS, PROJECT GROWS
AS I WAS LEARNING MORE ABOUT WORDPRESS I STARTED HELPING OTHERS TO GET ONLINE
- TRAVEL THE WORLD AND TALK TO TECH COMMUNITIES
Compared to Q3 2016
Compared to Q3 2016
This doesn’t necessarily speak to more complex hacks but does speak to an increase in the depth of files being affected with each hack. It also indicates that cleaning the symptom from one file is often not enough to remove an infection completely.
Most are free
Pretty good scanning, monitoring, protection features
USE THEM!
SO WHAT DO I DO NOW TO KEEP A SUPERIOR WEBSITE SECURITY POSTURE?