oh no! my website has been hacked and why that was a good thing

OH NO! MY WEBSITE HAS BEEN HACKED

Val Vesa| @adspedia

Witamy w WordCamp GDYNIA!


Val Vesa| @adspedia

#wcgdynia

OH NO! MY WEBSITE HAS BEEN

HACKED


Val Vesa| @adspedia

Val Vesa@adspedia

Social Media and Brand Evangelist at Sucuri Husband, father of two Passion for travel and Instagram photography


Val Vesa| @adspedia

WEBINAR

My Family


Val Vesa| @adspedia

WEBINAR


Val Vesa| @adspedia

WEBINAR

I DON'T EAT PORK

WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA

OR SEA FOOD


Val Vesa| @adspedia

WEBINAR

Shoebox Project & WordPress


Val Vesa| @adspedia

WEBINAR


Val Vesa| @adspedia

WEBINAR

MY FIRST WORDPRESS INSTALL: 2009


Val Vesa| @adspedia

WEBINAR


Val Vesa| @adspedia

WEBINAR

HACKEDDEC 22 2014


Val Vesa| @adspedia

WEBINAR

• Emails I never sent were returning: SPAM generated from site• The host warned us they will SUSPEND the website• EMAIL was now DOWN• In mid project phase we were without an online presence• Blacklisted website: visitors going to the website were seeing

the “attack site” warning, endangering credibility

IMPACTS


Val Vesa| @adspedia

WEBINARSELF MITIGATION ATTEMPT• Were there any .htaccess edits done?• Any unauthorised FTP access?• Check WordPress users list, any recent additions there?• Study MySQL/phpMyAdmin for unusual content• Change passwords: FTP, cPanel• Scan access computer for keyloggers and malware• Did a good job: my website was clean and back online


Val Vesa| @adspedia

WEBINAR

Until December 24 2014

When..


Val Vesa| @adspedia

WEBINAR

HACKEDDEC 24 2014


Val Vesa| @adspedia

WEBINAR

TIME TO ASK FOR HELP


Val Vesa| @adspedia

WEBINAR


Val Vesa| @adspedia

WEBINAR

• LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM• INITIAL EVALUATION WAS PERFORMED IN THE CHAT• SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL• 40 MINUTES LATER WEBSITE WAS CLEANED• RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP• REMOVED FROM BLACKLIST THE NEXT DAY

HOW SUCURI HELPED


Val Vesa| @adspedia

WEBINAR

• RANDOM ATTACK• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS• VULNERABLE VERSION OF TIMTHUMB• HACKER’S INTENT: USE SITE FOR SPAM

WHAT I THINK HAPPENED


Val Vesa| @adspedia

WEBINAR


Val Vesa| @adspedia

WEBINAR

WHY BEING HACKED WAS A “GOOD” THING


Val Vesa| @adspedia

WEBINAR


Val Vesa| @adspedia

WEBINAR

PERSONAL 5 BEST PRACTICES FOR WEBSITE SECURITY


Val Vesa| @adspedia

WEBINAR

1. LEARN• START WITH BLOG.SUCURI.NET• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)• ACCESS CONTROL• PLATFORM VULNERABILITIES• CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE

ANNOUNCED


Val Vesa| @adspedia

WEBINAR

2. PASSWORDS• USE A PASSWORD MANAGER!• COMPLEX STRUCTURES• UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS• LONGER THAN 10 CHARACTERS• DON’T REUSE PASSWORDS


Val Vesa| @adspedia

WEBINAR

3. UPDATES• CMS• PLUGINS• SERVER


Val Vesa| @adspedia

WEBINAR

4. BACKUPS• ON A SCHEDULE• OFFSITE• TEST FREQUENTLY


Val Vesa| @adspedia

WEBINAR

5. USE PROFESSIONALS• SECURITY IS NOT A DYI PROJECT• ADMIT WHEN OVERWHELMED• EXTRA COST AND TIME TO DO IT IN-HOUSE


Val Vesa| @adspedia

WEBINAR

WHERE TO FIND ME

Twitter @adspedia

Instagram @adspedia

Email [email protected]


Val Vesa| @adspedia

WEBINAR


Val Vesa| @adspedia

WEBINAR

Q & A Tweet us @SucuriSecurity using #AskSucuri


Val Vesa| @adspedia

THANK YOU!

oh no! my website has been hacked and why that was a good thing

Internet