How Being Hacked Turned Out to be the Best Thing That Ever Happened to Me
•Download as PPTX, PDF•
0 likes•234 views
My slides for WordCamp Seattle 2018
Recommended
Recommended
More Related Content
Similar to How Being Hacked Turned Out to be the Best Thing That Ever Happened to Me
Similar to How Being Hacked Turned Out to be the Best Thing That Ever Happened to Me (20)
More from Valentin Vesa
More from Valentin Vesa (16)
Recently uploaded
Recently uploaded (20)
How Being Hacked Turned Out to be the Best Thing That Ever Happened to Me
- 1. How Being Hacked Turned Out to be the Best Thing That Ever Happened to Me @adspedia / #WCSea
- 2. adspedia Valentin Vesa Social Media @ SucuriSecurity @adspedia / #WCSea
- 3. @adspedia / #WCSea Hello WordCamp Seattle!
- 4. @adspedia / #WCSea Hello WordCamp Seattle! #WCSEA @adspedia / #WCSea
- 5. @adspedia / #WCSea The Story Starts With ShoeBox @adspedia / #WCSea
- 7. @adspedia / #WCSea@adspedia / #WCSEA
- 8. @adspedia / #WCSea The Story Starts With ShoeBox
- 9. @adspedia / #WCSea RESPONSIBILITIES AS WEBSITE OWNERS ENSURE THAT OUR AUDIENCE IS SAFE ENSURE THAT WE ARE GOOD STEWARDS OF THE INTERNET - Tony Perez
- 11. @adspedia / #WCSea HACKED Dec 22 2014
- 13. @adspedia / #WCSea IMPACTS • Emails I never sent were returning: SPAM generated from site
- 14. @adspedia / #WCSea IMPACTS • Emails I never sent were returning: SPAM generated from site • The host warned us they will SUSPEND the website
- 15. @adspedia / #WCSea IMPACTS • Emails I never sent were returning: SPAM generated from site • The host warned us they will SUSPEND the website • EMAIL was now DOWN
- 16. @adspedia / #WCSea IMPACTS • Emails I never sent were returning: SPAM generated from site • The host warned us they will SUSPEND the website • EMAIL was now DOWN • In mid project phase we were without an online presence
- 17. @adspedia / #WCSea IMPACTS • Emails I never sent were returning: SPAM generated from site • The host warned us they will SUSPEND the website • EMAIL was now DOWN • In mid project phase we were without an online presence • Blacklisted website: visitors going to the website were seeing the “attack site” warning, endangering credibility
- 18. @adspedia / #WCSea SELF MITIGATION ATTEMPT
- 19. @adspedia / #WCSea SELF MITIGATION ATTEMPT • Were there any .htaccess edits done?
- 20. @adspedia / #WCSea SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access?
- 21. @adspedia / #WCSea SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access? • Check WordPress users list, any recent additions there?
- 22. @adspedia / #WCSea SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access? • Check WordPress users list, any recent additions there? • Study MySQL/phpMyAdmin for unusual content
- 23. @adspedia / #WCSea SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access? • Check WordPress users list, any recent additions there? • Study MySQL/phpMyAdmin for unusual content • Change passwords: FTP, cPanel
- 24. @adspedia / #WCSea SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access? • Check WordPress users list, any recent additions there? • Study MySQL/phpMyAdmin for unusual content • Change passwords: FTP, cPanel • Scan access computer for keyloggers and malware
- 25. @adspedia / #WCSea SELF MITIGATION ATTEMPT • Were there any .htaccess edits done? • Any unauthorised FTP access? • Check WordPress users list, any recent additions there? • Study MySQL/phpMyAdmin for unusual content • Change passwords: FTP, cPanel • Scan access computer for keyloggers and malware • Did a good job: my website was clean and back online
- 26. @adspedia / #WCSea Until December 24, 2014 When… @adspedia / #WCSea
- 28. @adspedia / #WCSea Time ToAsk For HELP! @adspedia / #WCSea
- 29. @adspedia / #WCSea@adspedia / #Webstockro
- 31. @adspedia / #WCSea WHAT I THINK HAPPENED
- 32. @adspedia / #WCSea WHAT I THINK HAPPENED • RANDOM ATTACK
- 33. @adspedia / #WCSea WHAT I THINK HAPPENED • RANDOM ATTACK • DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS
- 34. @adspedia / #WCSea WHAT I THINK HAPPENED • RANDOM ATTACK • DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS • VULNERABLE VERSION OF TIMTHUMB
- 35. @adspedia / #WCSea WHAT I THINK HAPPENED • RANDOM ATTACK • DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS • VULNERABLE VERSION OF TIMTHUMB • HACKER’S INTENT: USE SITE FOR SPAM
- 37. @adspedia / #WCSea HACKED WEBSITE REPORT 2017
- 38. @adspedia / #WCSea Affected CMS platforms: WordPress (74%>83%) Joomla! (17%>13.1%) Magento (6%>6.5%) Drupal (2%>1.6%)
- 39. @adspedia / #WCSea Outdated CMS at infection time: WordPress (61%>39.3%) Joomla! (84%>69.8%) Magento (94%>80.3%) Drupal (86%>65.3%)
- 42. @adspedia / #WCSea WORDPRESS SECURITY PLUGINS
- 43. @adspedia / #WCSea A RANDOM LIST •WordFence •BulletProof Security •Sucuri Security •iThemes Security •Acunetix Secure WordPress •All In One WP Security •Hide My WP
- 44. @adspedia / #WCSea 5 BEST PRACTICES FOR WEBSITE SECURITY
- 45. @adspedia / #WCSea 1. LEARN
- 46. @adspedia / #WCSea 1. LEARN • START WITH BLOG.SUCURI.NET
- 47. @adspedia / #WCSea 1. LEARN • START WITH BLOG.SUCURI.NET • EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
- 48. @adspedia / #WCSea 1. LEARN • START WITH BLOG.SUCURI.NET • EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL) • ACCESS CONTROL
- 49. @adspedia / #WCSea 1. LEARN • START WITH BLOG.SUCURI.NET • EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL) • ACCESS CONTROL • PLATFORM VULNERABILITIES
- 50. @adspedia / #WCSea 1. LEARN • START WITH BLOG.SUCURI.NET • EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL) • ACCESS CONTROL • PLATFORM VULNERABILITIES • CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE ANNOUNCED
- 51. @adspedia / #WCSea 2. PASSWORDS
- 52. @adspedia / #WCSea 2. PASSWORDS • USE A PASSWORD MANAGER!
- 53. @adspedia / #WCSea 2. PASSWORDS • USE A PASSWORD MANAGER! • COMPLEX STRUCTURES
- 54. @adspedia / #WCSea 2. PASSWORDS • USE A PASSWORD MANAGER! • COMPLEX STRUCTURES • UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS
- 55. @adspedia / #WCSea 2. PASSWORDS • USE A PASSWORD MANAGER! • COMPLEX STRUCTURES • UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS • LONGER THAN 10 CHARACTERS
- 56. @adspedia / #WCSea 2. PASSWORDS • USE A PASSWORD MANAGER! • COMPLEX STRUCTURES • UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS • LONGER THAN 10 CHARACTERS • DON’T REUSE PASSWORDS
- 57. @adspedia / #WCSea 3. UPDATES
- 58. @adspedia / #WCSea 3. UPDATES • CMS
- 59. @adspedia / #WCSea 3. UPDATES • CMS • PLUGINS
- 60. @adspedia / #WCSea 3. UPDATES • CMS • PLUGINS • SERVER
- 61. @adspedia / #WCSea 4. BACKUPS
- 62. @adspedia / #WCSea 4. BACKUPS • ON A SCHEDULE
- 63. @adspedia / #WCSea 4. BACKUPS • ON A SCHEDULE • OFFSITE
- 64. @adspedia / #WCSea 4. BACKUPS • ON A SCHEDULE • OFFSITE • TEST FREQUENTLY
- 65. @adspedia / #WCSea 5. USE PROFESSIONALS
- 66. @adspedia / #WCSea 5. USE PROFESSIONALS • SECURITY IS NOT A DIY PROJECT
- 67. @adspedia / #WCSea 5. USE PROFESSIONALS • SECURITY IS NOT A DIY PROJECT • ADMIT WHEN OVERWHELMED
- 68. @adspedia / #WCSea 5. USE PROFESSIONALS • SECURITY IS NOT A DIY PROJECT • ADMIT WHEN OVERWHELMED • EXTRA COST AND TIME TO DO IT IN-HOUSE
- 70. @adspedia / #WCSea Val Vesa Email: valentin@sucuri.net
Editor's Notes
- Who tweeted already on #WCSEA?
- Video play automatically for
- This is Maria when she was 7, back in 2007, we’re now at 11th year and she is 18 now. 2006 IN FAMILY, TEACHING OUR SON LUCA TO SHARE WITH OTHER KIDS WHOSE PARENTS COULD NOT AFFORD CHRISTMAS GIFTS 2017: 250.000+ BOXES || 26 COUNTRIES, 371 CITIES AND 816 COLLECTION CENTRES.
- … SO IN 2009 WE WANTED A WEBSITE FOR THE PROJECT MY FIRST WORDPRESS INSTALL SIMPLE AUTO-INSTALLER FROM CPANEL WITHOUT ANY SECURITY SETUP OR HARDENED PROCEDURES
- STARTED SHOEBOX.RO ON DECEMBER 7, 2009. BASIC WORDPRESS INSTALL, FREE THEME FROM VLADSTUDIO.COM - Everything was great until…
- REACHING THE END OF MY PERSONAL WEBSITE SECURITY KNOWLEDGE I DECIDED IT IS TIME TO ASK FOR HELP LOOKED UP “HACKED WORDPRESS CLEANING SERVICES” AND FEW CLICKS AND REVIEWS LATER, I FOUND:
- - THEY HAD A LIVE CHAT AT 4AM MY TIME!!! - AGENT WAS CALM, VERY WELL INFORMED ABOUT TECHNOLOGY AND WEBSITE SECURITY - WEBSITE WAS BACK ONLINE IN ~40 MINUTES
- 2009-2014: CONTINUOUS IMPROVEMENTS, CHANGED THEME, ADDED USERS, PROJECT GROWS AS I WAS LEARNING MORE ABOUT WORDPRESS I STARTED HELPING OTHERS TO GET ONLINE - TRAVEL THE WORLD AND TALK TO TECH COMMUNITIES
- Compared to Q3 2016
- Compared to Q3 2016
- This doesn’t necessarily speak to more complex hacks but does speak to an increase in the depth of files being affected with each hack. It also indicates that cleaning the symptom from one file is often not enough to remove an infection completely.
- Most are free Pretty good scanning, monitoring, protection features USE THEM!
- SO WHAT DO I DO NOW TO KEEP A SUPERIOR WEBSITE SECURITY POSTURE?