L33T H4X0Rz L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fjx it?
Importance of encryption (HTTPS – SSL) » As promised: WIFI-sniffjng… HTTP versus HTTPS › FTP versus sFTP › Telnet versus SSH › IMAP with or without SSL › https://www.youtube.com/watch?v=r0l_54thSYU&t=143s
How easy it is... » How to hack a joomla site prior to Joomla 3.6.4 https://www.exploit-db.com/exploits/40637/ › joomraa.py › Replace innocent payload with dangerous stufg… › Show content of confjguration.php › Send confjguration.php to some remote location (e.g. a pastebin) › Incorporate in a botnet › Send out spam › ... › ›
How can I see if my site is hacked? » Because they want you to see… (defacement) » Because your server is being heavily (ab)used… » Because they’re fjghting for your site… Some hacker could even update your site… › … to prevent other hackers from getting in (and stealing their turf) › » Because you bumped into something suspicious (by accident) » Because your host contacted you (good host!) » Because you read your server logs… » A good hack(er) remains invisible
Hacking history » Hacking for fun » Ideology » Hacking for money Botnet › Sending out spam › DDOS-attacks › Bitcoin mining › Stealing data › Keyloggers › Webcam & microphone › Penetration testing ›
Where to attack... » OSI Network layers » PEBCAK
Misconception N° 1 : My site is not attacked » Professional (criminal) hackers get rich through not getting caught They love you when you have a fmexible server (e.g. Amazon S3 cloud) › » Check your logs – all sites get attacked all the time Wordpress links on a Joomla site?
Misconception N° 2 : Logs are heard to read » 127.0.0.1 = IP address of client (remote host) » – = (unknown: hyphen) identity of the client (unreliable) » Frank = userid of person requesting document (inside network) » [10/Oct/2000:13:55:36 -0700] = Moment of request » "GET /apache_pb.gif HTTP/1.0" = Request sent to server » 200 = Status code server sent back » 2326 = size in bytes of packet returned » Easy to read, but big data… analysis is diffjcult SEO › Network analysis › Penetration › … ›
Misconception N° 3 : You’re not stupid if they get you » Social Engineering https://youtu.be/F78UdORll-Q?t=1m25s › » Ninja’s in the street https://youtu.be/F78UdORll-Q?t=9m23s › » So you have a sticker over your webcam … how about your mic? › … how about your smartphone? › » You are not a target your website/server could be more interesting ›
Digital hygiene for you as a web admin » Train your clients Use safe passwords › Don’t share passwords – add users › » Don’t (over)charge to add users (it’s better than sharing passwords) » Don’t connect using FTP, HTTP » Don’t use public WiFi for confjdential tasks (it can be spoofed) » Use third parties where you are not an expert » Use reliable extension & template developers » “Remember Password” also sends out your password!
Digital hygiene for your website » Use a reliable hosting company » It’s not always better if you do it yourself » Do your updates (core + extensions) Use well supported extensions › » Disable or remove unused extensions » Enable 2 factor authentication if possible » Make and test backups before every update › after every big content update › Not stored on the server › » Use HTTPS (and SFTP or SSH to connect) Check your SSL: https://www.ssllabs.com ›
FCW – CC BY SA 4.0 » This is a free cultural work (freedomdefjned.org) » … it is available under Creative Commons Share-Alike Attribution license. Feel fre to › … share the work › … edit, tweak, improve the work › Please do respect these conditions: › Attribution › Place a link to the original work › Share your work under this license too ›
Questions?
Keep your logs... » Store your access logs long enough… (screenshot Siteground) Download to your computer › Or keep them on the server ›
Recommend
More recommend