l33t h4x0rz
TRANSCRIPT
L33T H4X0RzL33T H4X0RzHow did (s)he get into my site?Or am I safe? “Are you sure…?”
How can I prevent it? How can I fix it?
Importance of encryption (HTTPS – SSL)
» As promised: WIFI-sniffing…› HTTP versus HTTPS
› FTP versus sFTP
› Telnet versus SSH
› IMAP with or without SSL
https://www.youtube.com/watch?v=r0l_54thSYU&t=143s
How easy it is...
» How to hack a joomla site prior to Joomla 3.6.4› https://www.exploit-db.com/exploits/40637/
› joomraa.py
› Replace innocent payload with dangerous stuff…› Show content of configuration.php› Send configuration.php to some remote location (e.g. a pastebin)› Incorporate in a botnet› Send out spam› ...
›
How can I see if my site is hacked?
» Because they want you to see… (defacement)
» Because your server is being heavily (ab)used…
» Because they’re fighting for your site…› Some hacker could even update your site…
› … to prevent other hackers from getting in (and stealing their turf)
» Because you bumped into something suspicious (by accident)
» Because your host contacted you (good host!)
» Because you read your server logs…
» A good hack(er) remains invisible
Hacking history
» Hacking for fun
» Ideology
» Hacking for money› Botnet
› Sending out spam› DDOS-attacks› Bitcoin mining
› Stealing data› Keyloggers› Webcam & microphone
› Penetration testing
Where to attack...
» OSI Network layers
» PEBCAK
Misconception N° 1 : My site is not attacked
» Professional (criminal) hackers get rich through not getting caught› They love you when you have a flexible server (e.g. Amazon S3 cloud)
» Check your logs – all sites get attacked all the time
Wordpress links on a Joomla site?
Misconception N° 2 : Logs are heard to read
» 127.0.0.1 = IP address of client (remote host)
» – = (unknown: hyphen) identity of the client (unreliable)
» Frank = userid of person requesting document (inside network)
» [10/Oct/2000:13:55:36 -0700] = Moment of request
» "GET /apache_pb.gif HTTP/1.0" = Request sent to server
» 200 = Status code server sent back
» 2326 = size in bytes of packet returned
» Easy to read, but big data… analysis is difficult› SEO
› Network analysis
› Penetration
› …
Misconception N° 3 : You’re not stupid if they get you
» Social Engineering› https://youtu.be/F78UdORll-Q?t=1m25s
» Ninja’s in the street› https://youtu.be/F78UdORll-Q?t=9m23s
» So you have a sticker over your webcam› … how about your mic?
› … how about your smartphone?
» You are not a target› your website/server could be more interesting
Digital hygiene for you as a web admin
» Train your clients› Use safe passwords
› Don’t share passwords – add users
» Don’t (over)charge to add users (it’s better than sharing passwords)
» Don’t connect using FTP, HTTP
» Don’t use public WiFi for confidential tasks (it can be spoofed)
» Use third parties where you are not an expert
» Use reliable extension & template developers
» “Remember Password” also sends out your password!
Digital hygiene for your website
» Use a reliable hosting company
» It’s not always better if you do it yourself
» Do your updates (core + extensions)› Use well supported extensions
» Disable or remove unused extensions
» Enable 2 factor authentication if possible
» Make and test backups› before every update
› after every big content update
› Not stored on the server
» Use HTTPS (and SFTP or SSH to connect)› Check your SSL: https://www.ssllabs.com
FCW – CC BY SA 4.0
» This is a free cultural work (freedomdefined.org)
» … it is available under Creative Commons Share-Alike Attribution license.› Feel fre to
› … share the work› … edit, tweak, improve the work
› Please do respect these conditions:› Attribution› Place a link to the original work› Share your work under this license too
Questions?
Keep your logs...
» Store your access logs long enough… (screenshot Siteground)› Download to your computer
› Or keep them on the server