anatomy of a crash

309 views

Published on

detailing a website crash after hacking. how to secure your site against security vulnerabilities. how to recover after a crash/hacking.

Published in: Technology, Design
  • Be the first to comment

  • Be the first to like this

anatomy of a crash

  1. 1. valerie forrestal code4libNYC 2013.10.08 the anatomy of a crash
  2. 2. aw, hell. that„s not supposed to do that.
  3. 3. step 1: check your main index file turkish escorts, anyone?
  4. 4. why would someone hack a library website? (it„s not personal)
  5. 5. step 2: send out an email i„m serious. this is a step. because you will get about a thousand emails and phone calls telling you the site is down.
  6. 6. step 3: put up a temp homepage
  7. 7. i used a free css template, but you can use a framework if you‟re feeling fancy • html5boilerplate: http://html5boilerplate.com/ • bootstrap: http://getbootstrap.com/ • foundation: http://foundation.zurb.com/
  8. 8. step 4: check server logs • replace any files that were recently changed (not by you) with backups • the internet tells me this will find files edited in the past 2 days: find . -mtime -2 -type f
  9. 9. step 5: do a clean install • if none of the above fixes work, you‟re probably going to need to reinstall your cms software • this is a problem if you‟ve made a mess of your file structure and have undocumented customizations, so, in the future…
  10. 10. be prepared! • set up your site so that you are able to restore it from scratch with the newest version of the software. don‟t get tied to a particular version! • some best practices…
  11. 11. best practices? • always keep your software up-to-date • keep your customizations modular • keep your site root organized and your subdirectories clean • have clear documentation on how to restore the site from scratch • back up your backups • minimize your use of plugins • have a simple backup site ready to go
  12. 12. versioning
  13. 13. more tips • google “secure … site” and “common … hacks” • http://www.marcofolio.net/joomla/7_tips_to _optimize_joomla_security.html • http://arstechnica.com/security/2013/02/se curing-your-website-a-tough-job-but- someones-got-to-do-it/ • Open Web Application Security Project (OWASP): https://www.owasp.org/
  14. 14. contact valerie forrestal web services librarian college of staten island/CUNY • vforrestal@gmail.com • vforrestal.com • @vforrestal • slides available at: slideshare.net/vforrestal

×