On December 22, 2014 at 4 AM , Valentin Vesa, Founder of the ShoeBox Project Romania, experienced his worst nightmare come to life during the charity's prime season... The website had been hacked and was blacklisted by Google.
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Sucuri Webinar: Oh No! My Website Has Been Hacked.
1.
2. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
WELCOME!
3. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
KRISTEN THOMAS
Community Manager
Community Engagement Team
@kdthomas327
4. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
HOUSEKEEPING ITEMS
● Poll questions on your screen
● Q&A
● Place questions in Q&A box
● Ask Questions right away
● Use #AskSucuri on twitter to engage
● Questions will be answered and delivered post-webinar
● Brief survey at the end of the presentation
● Presentation Video
5. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
#AskSucuri
OH NO!
MY WEBSITE HAS BEEN
HACKED
6. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Val Vesa
@adspedia
Social Media and Brand Evangelist at Sucuri
Husband, father of two
Passion for travel and Instagram photography
7. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
My Family
8. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
9. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
10. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
11. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
I DON'T EAT PORK
WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA
OR SEA FOOD
12. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Shoebox Project &
WordPress
13. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
14. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
15. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
MY FIRST WORDPRESS INSTALL: 2009
16. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
17. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
18. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
19. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
20. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
HACKED
DEC 22 2014
21. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
• Emails I never sent were returning: SPAM generated from site
• The host warned us they will SUSPEND the website
• EMAIL was now DOWN
• In mid project phase we were without an online presence
• Blacklisted website: visitors going to the website were seeing
the “attack site” warning, endangering credibility
IMPACTS
22. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
SELF MITIGATION
ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
• Study MySQL/phpMyAdmin for unusual content
• Change passwords: FTP, cPanel
• Scan access computer for keyloggers and malware
• Did a good job: my website was clean and back online
23. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Until December 24
2014
When..
24. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
HACKED
DEC 24 2014
25. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
TIME TO ASK FOR HELP
26. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
27. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
28. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
• LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM
• INITIAL EVALUATION WAS PERFORMED IN THE CHAT
• SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL
• 40 MINUTES LATER WEBSITE WAS CLEANED
• RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP
• REMOVED FROM BLACKLIST THE NEXT DAY
HOW SUCURI HELPED
29. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
• RANDOM ATTACK
• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS
• VULNERABLE VERSION OF TIMTHUMB
• HACKER’S INTENT: USE SITE FOR SPAM
WHAT I THINK
HAPPENED
30. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
31. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
WHY BEING HACKED WAS A “GOOD” THING
32. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
33. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
PERSONAL 5 BEST PRACTICES
FOR WEBSITE SECURITY
34. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
• ACCESS CONTROL
• PLATFORM VULNERABILITIES
• CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE
ANNOUNCED
35. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
2. PASSWORDS
• USE A PASSWORD MANAGER!
• COMPLEX STRUCTURES
• UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS
• LONGER THAN 10 CHARACTERS
• DON’T REUSE PASSWORDS
36. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
3. UPDATES
• CMS
• PLUGINS
• SERVER
37. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
4. BACKUPS
• ON A SCHEDULE
• OFFSITE
• TEST FREQUENTLY
38. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
5. USE PROFESSIONALS
• SECURITY IS NOT A DYI PROJECT
• ADMIT WHEN OVERWHELMED
• EXTRA COST AND TIME TO DO IT IN-HOUSE
39. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
WHERE TO FIND ME
Twitter @adspedia
Instagram @adspedia
Email valentin@sucuri.net
40. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
41. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Q & A
Tweet us @SucuriSecurity using #AskSucuri
42. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
THANK YOU!