• Home

  • Internet

  • Tips for Fixing A Hacked WordPress Site - Vlad Lasky
12
1 Tips For Fixing a Hacked WordPress Site Vladimir Lasky http://wpexpert.com.au/ WordCamp Sydney 2016

Tips for Fixing A Hacked WordPress Site - Vlad Lasky

Embed Size (px)

Citation preview

Page 1: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

1

Tips For Fixing a Hacked WordPress Site

Vladimir Lasky

http://wpexpert.com.au/

WordCamp Sydney 2016

http://wpexpert.com.au/
Page 2: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

2

What Your Client Wishes They Had

A Time Machine

Hindsight

Website & Database Backups

Page 3: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

3

General Recovery Strategy

Assess The Damage

Disinfect Site

Replace Data

Recover Data

Secure Website

Check For Reinfection

Page 4: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

4

What You Need

WordPress Admin Account Details

cPanel Login

Secure Shell (SSH) Access

Page 5: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

5

Files That Are Often Infected:

.htaccess

index.php

index.html

wp-config.php

Theme templates

Plugin Files

Page 6: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

6

Files That Are Often Infected:

Anywhere within the installation:

– .htaccess

– index.php

– index.html

– wp-config.php

Within wp-content

– Theme templates

– Plugin Files

Page 7: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

7

Common Infectious Payloads:

Shell code (a back door for the hacker)

– Often appears as strangely-named PHP files

Spam to be shown to site visitors

Javascript code to pull in content from external

sites or to attempt to trigger vulnerabilities in the

visitor’s web browser

Boasts about the attacker’s hacking prowess

Page 8: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

8

Finding Files Modifed Between Two Dates

find . -type f -newermt 2010-10-07 ! -newermt

2014-10-08

find . -type f -newermt "2014-10-08 10:17:00" ! -

newermt "2014-10-08 10:53:00"

find srcdir -type f -newermt 2014-08-31 ! -

newermt 2014-09-30 -exec mv -i {} destdir/ \;

Page 9: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

9

Searching For Obfuscated Code

Searching for obfuscated code

– base64_decode

– gzinflate

– eval

Page 10: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

10

Identifying The Infection

Sucuri Site Check

Google Webmaster Tools

If website still accessible, vulnerability scanning

plugins like Wordfence (or similar plugins)

Page 11: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

11

Recovering Site Content

Old Site Backups

WordPress Export

Google's Cache of the site

Archive.org (also called Internet Archive or

Wayback Machine)

Page 12: Tips for Fixing A Hacked WordPress Site - Vlad Lasky

12

Conclusion

Slides from My Previous Security Talks:

– Wordcamp GC 2011:

• http://slidesha.re/tr2XA5

• Covers the “Three Pillars of Security”, the aims of attackers and other WordPress security

plugins

– WordCamp Sydney 2012:

• http://www.slideshare.net/wordcampsyd/securing-your-wordpress-website-vlad-lasky-

wordcamp-sydney-2012

Questions and Comments:

– http://wpexpert.com.au/contact-us/

http://codex.wordpress.org/Hardening_WordPress
http://www.slideshare.net/wordcampsyd/securing-your-wordpress-website-vlad-lasky-wordcamp-sydney-2012
http://wpexpert.com.au/contact-us/

Hacked Vehicles - InfoSec

Hacked Vehicles - InfoSec

Technology
Susan & Lasky Pre-Wedding

Susan & Lasky Pre-Wedding

Documents
PRP - Hacked Off

PRP - Hacked Off

Documents
KIRCO Intro Packet_submitted to Tom Lasky

KIRCO Intro Packet_submitted to Tom Lasky

Documents
3 Hacked Chords

3 Hacked Chords

Documents
Prima vsechny moje lasky

Prima vsechny moje lasky

Marketing
INTERRUPTED JOURNEY Saving Endangered Sea Turtles By Kathryn Lasky

INTERRUPTED JOURNEY Saving Endangered Sea Turtles By Kathryn Lasky

Documents
Hacked A.P. Twitter

Hacked A.P. Twitter

Documents
Bsm Hacked Paper

Bsm Hacked Paper

Documents
Legend - Hacked By Foaad Pal | Hacked By Foaad Pal

Legend - Hacked By Foaad Pal | Hacked By Foaad Pal

Documents
Hacked - EVERYONE INTRUSTED

Hacked - EVERYONE INTRUSTED

Internet
MWEB Business: Hacked

MWEB Business: Hacked

Documents
New Frontiers in Physics Richard Lasky – Summer 2010

New Frontiers in Physics Richard Lasky – Summer 2010

Documents
Fileshare.ro Hacked

Fileshare.ro Hacked

Documents
promueve2012.mx HACKED!

promueve2012.mx HACKED!

Documents
Evaluation Hacked Media

Evaluation Hacked Media

Documents
Getting hacked

Getting hacked

Documents
Marven of the Great North Woods By: Kathryn Lasky Kathryn LaskyKathryn Lasky Click to meet the author Genre: Biography Author’s Purpose: Information and

Marven of the Great North Woods By: Kathryn Lasky Kathryn LaskyKathryn Lasky Click to meet the author Genre: Biography Author’s Purpose: Information and

Documents
Everyone’s Been Hacked

Everyone’s Been Hacked

Documents
Hacked tax forms

Hacked tax forms

Technology
proiect vlad

proiect vlad

Documents
To be Hacked or not to be Hacked!

To be Hacked or not to be Hacked!

Technology
Vlad tepes

Vlad tepes

Documents
Http:// HACKED!!! Securing your Business Ankit Fadia Ethical Hacker fadia.ankit@gmail.com Hacked!!!

Http:// HACKED!!! Securing your Business Ankit Fadia Ethical Hacker [email protected] Hacked!!!

Documents
LHC Large Hadron Collider Richard Lasky – Summer 2010

LHC Large Hadron Collider Richard Lasky – Summer 2010

Documents
VLAD MUSATESCU

VLAD MUSATESCU

Documents
lucrare vlad

lucrare vlad

Documents
HACKED BY Mutarrif

HACKED BY Mutarrif

Documents
WOLVES OF THE BEYOND 1- LONE WOLF by Kathryn Lasky€¦ · 1 Wolves of the Beyond 1: Lone Wolf Kathryn Lasky PART ONE THE BEYOND

WOLVES OF THE BEYOND 1- LONE WOLF by Kathryn Lasky€¦ · 1 Wolves of the Beyond 1: Lone Wolf Kathryn Lasky PART ONE THE BEYOND

Documents
The Ethical Leader PARM John Lasky jwlasky@aol.com

The Ethical Leader PARM John Lasky [email protected]

Documents