anatomy of a crash
DESCRIPTION
detailing a website crash after hacking. how to secure your site against security vulnerabilities. how to recover after a crash/hacking.TRANSCRIPT
![Page 1: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/1.jpg)
valerie forrestal
code4libNYC
2013.10.08
the anatomy of a crash
![Page 2: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/2.jpg)
aw, hell. that‘s not supposed to do that.
![Page 3: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/3.jpg)
step 1: check your main index file
turkish escorts, anyone?
![Page 4: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/4.jpg)
why would someone hack a library website?
(it‘s not personal)
![Page 5: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/5.jpg)
step 2: send out an email
i‘m serious. this is a step. because you will get about a thousand emails and phone calls telling you the site is down.
![Page 6: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/6.jpg)
step 3: put up a temp homepage
![Page 7: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/7.jpg)
i used a free css template, but you canuse a framework if you’re feeling fancy
• html5boilerplate: http://html5boilerplate.com/
• bootstrap: http://getbootstrap.com/
• foundation: http://foundation.zurb.com/
![Page 8: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/8.jpg)
step 4: check server logs
• replace any files that were recently changed (not by you) with backups
• the internet tells me this will find files edited in the past 2 days:
find . -mtime -2 -type f
![Page 9: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/9.jpg)
step 5: do a clean install
• if none of the above fixes work, you’re probably going to need to reinstall your cms software
• this is a problem if you’ve made a mess of your file structure and have undocumented customizations, so, in the future…
![Page 10: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/10.jpg)
be prepared!
• set up your site so that you are able to restore it from scratch with the newest version of the software. don’t get tied to a particular version!
• some best practices…
![Page 11: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/11.jpg)
best practices?
• always keep your software up-to-date• keep your customizations modular• keep your site root organized and your
subdirectories clean• have clear documentation on how to
restore the site from scratch• back up your backups• minimize your use of plugins• have a simple backup site ready to go
![Page 12: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/12.jpg)
versioning
![Page 13: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/13.jpg)
more tips
• google “secure … site” and “common … hacks”
• http://www.marcofolio.net/joomla/7_tips_to_optimize_joomla_security.html
• http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/
• Open Web Application Security Project (OWASP): https://www.owasp.org/
![Page 14: anatomy of a crash](https://reader036.vdocuments.site/reader036/viewer/2022062418/5560e670d8b42a3d768b4ec7/html5/thumbnails/14.jpg)
contact
valerie forrestalweb services librariancollege of staten island/CUNY• [email protected]• vforrestal.com• @vforrestal• slides available at:
slideshare.net/vforrestal