This document discusses cybersecurity best practices for website administrators. It covers common hacking techniques like exploiting vulnerabilities in Joomla sites, the importance of encryption and secure protocols, how to detect if a site has been hacked by checking logs, and tips for digital hygiene like using strong passwords, updating software, and enabling two-factor authentication. The document emphasizes that all sites face attacks, encourages readers to properly secure their sites, and is available for sharing under a Creative Commons license.

1. L33T H4X0RzL33T H4X0Rz
How did (s)he get into my site?
Or am I safe? “Are you sure…?”
How can I prevent it? How can I fix it?

2. Importance of encryption (HTTPS – SSL)
» As promised: WIFI-sniffing…
› HTTP versus HTTPS
› FTP versus sFTP
› Telnet versus SSH
› IMAP with or without SSL
https://www.youtube.com/watch?v=r0l_54thSYU&t=143s

3. How easy it is...
» How to hack a joomla site prior to Joomla 3.6.4
› https://www.exploit-db.com/exploits/40637/
› joomraa.py
› Replace innocent payload with dangerous stuff…
› Show content of configuration.php
› Send configuration.php to some remote location (e.g. a pastebin)
› Incorporate in a botnet
› Send out spam
› ...
›

4. How can I see if my site is hacked?
» Because they want you to see… (defacement)
» Because your server is being heavily (ab)used…
» Because they’re fighting for your site…
› Some hacker could even update your site…
› … to prevent other hackers from getting in (and stealing their turf)
» Because you bumped into something suspicious (by accident)
» Because your host contacted you (good host!)
» Because you read your server logs…
» A good hack(er) remains invisible

5. Hacking history
» Hacking for fun
» Ideology
» Hacking for money
› Botnet
› Sending out spam
› DDOS-attacks
› Bitcoin mining
› Stealing data
› Keyloggers
› Webcam & microphone
› Penetration testing

6. Where to attack...
» OSI Network layers
» PEBCAK

7. Misconception N° 1 : My site is not attacked
» Professional (criminal) hackers get rich through not getting caught
› They love you when you have a flexible server (e.g. Amazon S3 cloud)
» Check your logs – all sites get attacked all the time
Wordpress links on
a Joomla site?

8. Misconception N° 2 : Logs are heard to read
» 127.0.0.1 = IP address of client (remote host)
» – = (unknown: hyphen) identity of the client (unreliable)
» Frank = userid of person requesting document (inside network)
» [10/Oct/2000:13:55:36 -0700] = Moment of request
» "GET /apache_pb.gif HTTP/1.0" = Request sent to server
» 200 = Status code server sent back
» 2326 = size in bytes of packet returned
» Easy to read, but big data… analysis is difficult
› SEO
› Network analysis
› Penetration
› …

9. Misconception N° 3 : You’re not stupid if they get you
» Social Engineering
› https://youtu.be/F78UdORll-Q?t=1m25s
» Ninja’s in the street
› https://youtu.be/F78UdORll-Q?t=9m23s
» So you have a sticker over your webcam
› … how about your mic?
› … how about your smartphone?
» You are not a target
› your website/server could be more interesting

10. Digital hygiene for you as a web admin
» Train your clients
› Use safe passwords
› Don’t share passwords – add users
» Don’t (over)charge to add users (it’s better than sharing passwords)
» Don’t connect using FTP, HTTP
» Don’t use public WiFi for confidential tasks (it can be spoofed)
» Use third parties where you are not an expert
» Use reliable extension & template developers
» “Remember Password” also sends out your password!

11. Digital hygiene for your website
» Use a reliable hosting company
» It’s not always better if you do it yourself
» Do your updates (core + extensions)
› Use well supported extensions
» Disable or remove unused extensions
» Enable 2 factor authentication if possible
» Make and test backups
› before every update
› after every big content update
› Not stored on the server
» Use HTTPS (and SFTP or SSH to connect)
› Check your SSL: https://www.ssllabs.com

12. FCW – CC BY SA 4.0
» This is a free cultural work (freedomdefined.org)
» … it is available under Creative Commons Share-Alike Attribution
license.
› Feel fre to
› … share the work
› … edit, tweak, improve the work
› Please do respect these conditions:
› Attribution
› Place a link to the original work
› Share your work under this license too

13. Questions?

14. Keep your logs...
» Store your access logs long enough… (screenshot Siteground)
› Download to your computer
› Or keep them on the server