leaked! confessions of a joomla dev
DESCRIPTION
Prevention is better than cure. This is no exception with security and the Joomla Operating system. It's not a matter of IF your websites will be attacked, but only a matter of WHEN they will be attacked. The question is, are your websites prepared to withstand the onslaught, or are they a malicious script field day case study where the doors and windows are left wide open? As an introduction, Paul will look at the foundations of server and script security and various tips and tricks to harden your Joomla instance against possible attacks. This talk will provide practical steps you can apply to immediately beef up security of your current Joomla instance. Secondly, he will discuss the practical steps you need to follow if you wake up one day and the unthinkable did happen. This talk is a must for Beginner and Intermediate Joomla users, and the old timers can also join to make sure all leaked information is accurate. Never say never, and welcome to the resistance! Additional Info Presenter: Paul van Jaarsveld Category: JoomlaTRANSCRIPT
Leaked! Confessions of a Joomla DEV
Paul van JaarsveldKalemanzi Media Solutions
@kalemanzi
Overview
● Hackin 'n crackin (Why, who, what?!)● Prevention ● Cure● Discussions / questions
Why, who, what?
● Why do people want to “hack” sites?● Who / what does it?● What do they do?
Defaced – peer recognition
Various forms of attacks
● SQL injection – make mysql run malicious commands
● Known vulnerabilities of outdated scripts● Poorly designed code● Generic passwords● Denial of Service / slashdot effect
DDOS attacks
Spam with a purpose
Payload
Phishing
Prevention: Your neighborhood● Hosting provider NB! ● Rather Apache Linux than Win● Avoid shared hosting● PHP5, CGI not module, register_globals● PHP.ini settings (remote url incl etc.)● mod_security● Htaccess.txt .htaccess● Cpanel, ftp, ssh password etc.
Prevention: Your house● Bricks – Latest Joomla ● Domestic workers – extensions bg. check● House contents – user data / content● The windows – what can be seen● The doors / gates – points of entry● Keys! NB. PSWD – what Master key?!● Radio and tv / internet – external / feeds● CCTV / alarm system – Monitor security● Insurance – regular incremental backups
Cracked, now what?!
Recovery Action plan!● Remove site from public_html (rename
script - rn public_html public_html_inf● Change passwords (sql, ftp, cpanel etc.)● Find a backup that was done before
infection and keep it handy● Do a comprehensive site audit● Find the source of the infection – use shell
script, common sense, versions etc.● Choose recovery strategy:
● Repair current instance eg. Remove malicious code
● Restore clean backup and fix holes● Make site live● Make sure the site is clean!● Have a plan in place for future
Strategy
Questions
● What extensions do you use?
Let's make a list right now!● How do you handle your hacked sites?
Welcome to the resistance ;-)
Paul van JaarsveldKalemanzi Media Solutions
@kalemanzi