anatomy of a crash
DESCRIPTION
detailing a website crash after hacking. how to secure your site against security vulnerabilities. how to recover after a crash/hacking.TRANSCRIPT
valerie forrestal
code4libNYC
2013.10.08
the anatomy of a crash
aw, hell. that‘s not supposed to do that.
step 1: check your main index file
turkish escorts, anyone?
why would someone hack a library website?
(it‘s not personal)
step 2: send out an email
i‘m serious. this is a step. because you will get about a thousand emails and phone calls telling you the site is down.
step 3: put up a temp homepage
i used a free css template, but you canuse a framework if you’re feeling fancy
• html5boilerplate: http://html5boilerplate.com/
• bootstrap: http://getbootstrap.com/
• foundation: http://foundation.zurb.com/
step 4: check server logs
• replace any files that were recently changed (not by you) with backups
• the internet tells me this will find files edited in the past 2 days:
find . -mtime -2 -type f
step 5: do a clean install
• if none of the above fixes work, you’re probably going to need to reinstall your cms software
• this is a problem if you’ve made a mess of your file structure and have undocumented customizations, so, in the future…
be prepared!
• set up your site so that you are able to restore it from scratch with the newest version of the software. don’t get tied to a particular version!
• some best practices…
best practices?
• always keep your software up-to-date• keep your customizations modular• keep your site root organized and your
subdirectories clean• have clear documentation on how to
restore the site from scratch• back up your backups• minimize your use of plugins• have a simple backup site ready to go
versioning
more tips
• google “secure … site” and “common … hacks”
• http://www.marcofolio.net/joomla/7_tips_to_optimize_joomla_security.html
• http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/
• Open Web Application Security Project (OWASP): https://www.owasp.org/
contact
valerie forrestalweb services librariancollege of staten island/CUNY• [email protected]• vforrestal.com• @vforrestal• slides available at:
slideshare.net/vforrestal