L33T H4X0Rz L33T H4X0Rz How did (s)he get into my site? Or am I - - PowerPoint PPT Presentation
L33T H4X0Rz L33T H4X0Rz How did (s)he get into my site? Or am I safe? Are you sure? How can I prevent it? How can I fjx it? Importance of encryption (HTTPS SSL) As promised: WIFI-sniffjng HTTP versus HTTPS FTP versus
How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fjx it?
» As promised: WIFI-sniffjng…
›
HTTP versus HTTPS
›
FTP versus sFTP
›
Telnet versus SSH
›
IMAP with or without SSL
https://www.youtube.com/watch?v=r0l_54thSYU&t=143s
» How to hack a joomla site prior to Joomla 3.6.4
›
https://www.exploit-db.com/exploits/40637/
›
joomraa.py
›
Replace innocent payload with dangerous stufg…
›
Show content of confjguration.php
›
Send confjguration.php to some remote location (e.g. a pastebin)
›
Incorporate in a botnet
›
Send out spam
›
...
›
» Because they want you to see… (defacement) » Because your server is being heavily (ab)used… » Because they’re fjghting for your site…
›
Some hacker could even update your site…
›
… to prevent other hackers from getting in (and stealing their turf)
» Because you bumped into something suspicious (by accident) » Because your host contacted you (good host!) » Because you read your server logs… » A good hack(er) remains invisible
» Hacking for fun » Ideology » Hacking for money
›
Botnet
›
Sending out spam
›
DDOS-attacks
›
Bitcoin mining
›
Stealing data
›
Keyloggers
›
Webcam & microphone
›
Penetration testing
» OSI Network layers » PEBCAK
» Professional (criminal) hackers get rich through not getting caught
›
They love you when you have a fmexible server (e.g. Amazon S3 cloud)
» Check your logs – all sites get attacked all the time
Wordpress links on a Joomla site?
» 127.0.0.1 = IP address of client (remote host) » – = (unknown: hyphen) identity of the client (unreliable) » Frank = userid of person requesting document (inside network) » [10/Oct/2000:13:55:36 -0700] = Moment of request » "GET /apache_pb.gif HTTP/1.0" = Request sent to server » 200 = Status code server sent back » 2326 = size in bytes of packet returned » Easy to read, but big data… analysis is diffjcult
›
SEO
›
Network analysis
›
Penetration
›
…
» Social Engineering
›
https://youtu.be/F78UdORll-Q?t=1m25s
» Ninja’s in the street
›
https://youtu.be/F78UdORll-Q?t=9m23s
» So you have a sticker over your webcam
›
… how about your mic?
›
… how about your smartphone?
» You are not a target
›
your website/server could be more interesting
» Train your clients
›
Use safe passwords
›
Don’t share passwords – add users
» Don’t (over)charge to add users (it’s better than sharing passwords) » Don’t connect using FTP, HTTP » Don’t use public WiFi for confjdential tasks (it can be spoofed) » Use third parties where you are not an expert » Use reliable extension & template developers » “Remember Password” also sends out your password!
» Use a reliable hosting company » It’s not always better if you do it yourself » Do your updates (core + extensions)
›
Use well supported extensions
» Disable or remove unused extensions » Enable 2 factor authentication if possible » Make and test backups
›
before every update
›
after every big content update
›
Not stored on the server
» Use HTTPS (and SFTP or SSH to connect)
›
Check your SSL: https://www.ssllabs.com
» This is a free cultural work (freedomdefjned.org) » … it is available under Creative Commons Share-Alike Attribution
license.
›
Feel fre to
›
… share the work
›
… edit, tweak, improve the work
›
Please do respect these conditions:
›
Attribution
›
Place a link to the original work
›
Share your work under this license too
» Store your access logs long enough… (screenshot Siteground)
›
Download to your computer
›
Or keep them on the server