On December 22, 2014 at 4 AM , Valentin Vesa, Founder of the ShoeBox Project Romania, experienced his worst nightmare come to life during the charity's prime season... The website had been hacked and was blacklisted by Google.

2. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
WELCOME!

3. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
KRISTEN THOMAS
Community Manager
Community Engagement Team
@kdthomas327

4. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
HOUSEKEEPING ITEMS
● Poll questions on your screen
● Q&A
● Place questions in Q&A box
● Ask Questions right away
● Use #AskSucuri on twitter to engage
● Questions will be answered and delivered post-webinar
● Brief survey at the end of the presentation
● Presentation Video

5. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
#AskSucuri
OH NO!
MY WEBSITE HAS BEEN
HACKED

6. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Val Vesa
@adspedia
 Social Media and Brand Evangelist at Sucuri
 Husband, father of two
 Passion for travel and Instagram photography

7. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
My Family

8. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

9. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

10. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

11. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
I DON'T EAT PORK
WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA
OR SEA FOOD

12. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Shoebox Project &
WordPress

13. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

14. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

15. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
MY FIRST WORDPRESS INSTALL: 2009

16. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

17. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

18. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

19. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

20. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
HACKED
DEC 22 2014

21. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
• Emails I never sent were returning: SPAM generated from site
• The host warned us they will SUSPEND the website
• EMAIL was now DOWN
• In mid project phase we were without an online presence
• Blacklisted website: visitors going to the website were seeing
the “attack site” warning, endangering credibility
IMPACTS

22. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
SELF MITIGATION
ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
• Study MySQL/phpMyAdmin for unusual content
• Change passwords: FTP, cPanel
• Scan access computer for keyloggers and malware
• Did a good job: my website was clean and back online

23. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Until December 24
2014
When..

24. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
HACKED
DEC 24 2014

25. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
TIME TO ASK FOR HELP

26. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

27. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

28. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
• LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM
• INITIAL EVALUATION WAS PERFORMED IN THE CHAT
• SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL
• 40 MINUTES LATER WEBSITE WAS CLEANED
• RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP
• REMOVED FROM BLACKLIST THE NEXT DAY
HOW SUCURI HELPED

29. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
• RANDOM ATTACK
• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS
• VULNERABLE VERSION OF TIMTHUMB
• HACKER’S INTENT: USE SITE FOR SPAM
WHAT I THINK
HAPPENED

30. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

31. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
WHY BEING HACKED WAS A “GOOD” THING

32. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

33. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
PERSONAL 5 BEST PRACTICES
FOR WEBSITE SECURITY

34. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
• ACCESS CONTROL
• PLATFORM VULNERABILITIES
• CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE
ANNOUNCED

35. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
2. PASSWORDS
• USE A PASSWORD MANAGER!
• COMPLEX STRUCTURES
• UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS
• LONGER THAN 10 CHARACTERS
• DON’T REUSE PASSWORDS

36. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
3. UPDATES
• CMS
• PLUGINS
• SERVER

37. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
4. BACKUPS
• ON A SCHEDULE
• OFFSITE
• TEST FREQUENTLY

38. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
5. USE PROFESSIONALS
• SECURITY IS NOT A DYI PROJECT
• ADMIT WHEN OVERWHELMED
• EXTRA COST AND TIME TO DO IT IN-HOUSE

39. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
WHERE TO FIND ME
Twitter @adspedia
Instagram @adspedia
Email valentin@sucuri.net

40. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR

41. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
Q & A
Tweet us @SucuriSecurity using #AskSucuri

42. OH NO! MY WEBSITE HAS BEEN HACKEDWEBINAR
Val Vesa| @adspedia #AskSucuri
WEBINAR
THANK YOU!