Sucuri Webinar: Oh No! My Website Has Been Hacked

OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR

Val Vesa| @adspedia #AskSucuri

WEBINAR

WELCOME!



WEBINAR

KRISTEN THOMASCommunity ManagerCommunity Engagement Team@kdthomas327



WEBINAR

HOUSEKEEPING ITEMS

● Poll questions on your screen

●Q&A

● Place questions in Q&A box

● Ask Questions right away

●Use #AskSucuri on twitter to engage

●Questions will be answered and delivered post-webinar

● Brief survey at the end of the presentation

● Presentation Video



WEBINAR

#AskSucuri

OH NO! MY WEBSITE HAS BEEN HACKED



WEBINAR

Val Vesa@adspedia

Social Media and Brand Evangelist at Sucuri

Husband, father of two

Passion for travel and Instagram photography



WEBINAR

My Family



WEBINAR



WEBINAR



WEBINAR



WEBINAR

I DON'T EAT PORK

WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA

OR SEA FOOD



WEBINAR

Shoebox Project & WordPress



WEBINAR



WEBINAR



WEBINAR

MY FIRST WORDPRESS INSTALL: 2009



WEBINAR



WEBINAR



WEBINAR



WEBINAR



WEBINAR

HACKEDDEC 22 2014



WEBINAR

• Emails I never sent were returning: SPAM generated from site

• The host warned us they will SUSPEND the website

• EMAIL was now DOWN

• In mid project phase we were without an online presence

• Blacklisted website: visitors going to the website were seeing the “attack site” warning, endangering credibility

IMPACTS



WEBINAR

SELF MITIGATION ATTEMPT• Were there any .htaccess edits done?

• Any unauthorised FTP access?

• Check WordPress users list, any recent additions there?

• Study MySQL/phpMyAdmin for unusual content

• Change passwords: FTP, cPanel

• Scan access computer for keyloggers and malware

• Did a good job: my website was clean and back online



WEBINAR

Until December 24 2014

When..



WEBINAR

HACKEDDEC 24 2014



WEBINAR

TIME TO ASK FOR HELP



WEBINAR



WEBINAR



WEBINAR

• LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM

• INITIAL EVALUATION WAS PERFORMED IN THE CHAT

• SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL

• 40 MINUTES LATER WEBSITE WAS CLEANED

• RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP

• REMOVED FROM BLACKLIST THE NEXT DAY

HOW SUCURI HELPED



WEBINAR

• RANDOM ATTACK

• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS

• VULNERABLE VERSION OF TIMTHUMB

• HACKER’S INTENT: USE SITE FOR SPAM

WHAT I THINK HAPPENED



WEBINAR



WEBINAR

WHY BEING HACKED WAS A “GOOD” THING



WEBINAR



WEBINAR

PERSONAL 5 BEST PRACTICES FOR WEBSITE SECURITY



WEBINAR

1. LEARN• START WITH BLOG.SUCURI.NET

• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)

• ACCESS CONTROL

• PLATFORM VULNERABILITIES

• CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE ANNOUNCED



WEBINAR

2. PASSWORDS• USE A PASSWORD MANAGER!

• COMPLEX STRUCTURES

• UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS

• LONGER THAN 10 CHARACTERS

• DON’T REUSE PASSWORDS



WEBINAR

3. UPDATES• CMS

• PLUGINS

• SERVER



WEBINAR

4. BACKUPS• ON A SCHEDULE

• OFFSITE

• TEST FREQUENTLY



WEBINAR

5. USE PROFESSIONALS• SECURITY IS NOT A DYI PROJECT

• ADMIT WHEN OVERWHELMED

• EXTRA COST AND TIME TO DO IT IN-HOUSE



WEBINAR

WHERE TO FIND ME

Twitter @adspedia

Instagram @adspedia

Email [email protected]



WEBINAR



WEBINAR

Q & A Tweet us @SucuriSecurity using #AskSucuri



WEBINAR

THANK YOU!

Internet

Sucuri Webinar: Oh No! My Website Has Been Hacked