Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

anatomy of a crash

340 views

Published on

detailing a website crash after hacking. how to secure your site against security vulnerabilities. how to recover after a crash/hacking.

Published in: Technology, Design
  • Be the first to comment

  • Be the first to like this

anatomy of a crash

  1. 1. valerie forrestal code4libNYC 2013.10.08 the anatomy of a crash
  2. 2. aw, hell. that„s not supposed to do that.
  3. 3. step 1: check your main index file turkish escorts, anyone?
  4. 4. why would someone hack a library website? (it„s not personal)
  5. 5. step 2: send out an email i„m serious. this is a step. because you will get about a thousand emails and phone calls telling you the site is down.
  6. 6. step 3: put up a temp homepage
  7. 7. i used a free css template, but you can use a framework if you‟re feeling fancy • html5boilerplate: http://html5boilerplate.com/ • bootstrap: http://getbootstrap.com/ • foundation: http://foundation.zurb.com/
  8. 8. step 4: check server logs • replace any files that were recently changed (not by you) with backups • the internet tells me this will find files edited in the past 2 days: find . -mtime -2 -type f
  9. 9. step 5: do a clean install • if none of the above fixes work, you‟re probably going to need to reinstall your cms software • this is a problem if you‟ve made a mess of your file structure and have undocumented customizations, so, in the future…
  10. 10. be prepared! • set up your site so that you are able to restore it from scratch with the newest version of the software. don‟t get tied to a particular version! • some best practices…
  11. 11. best practices? • always keep your software up-to-date • keep your customizations modular • keep your site root organized and your subdirectories clean • have clear documentation on how to restore the site from scratch • back up your backups • minimize your use of plugins • have a simple backup site ready to go
  12. 12. versioning
  13. 13. more tips • google “secure … site” and “common … hacks” • http://www.marcofolio.net/joomla/7_tips_to _optimize_joomla_security.html • http://arstechnica.com/security/2013/02/se curing-your-website-a-tough-job-but- someones-got-to-do-it/ • Open Web Application Security Project (OWASP): https://www.owasp.org/
  14. 14. contact valerie forrestal web services librarian college of staten island/CUNY • vforrestal@gmail.com • vforrestal.com • @vforrestal • slides available at: slideshare.net/vforrestal

×