leaked! confessions of a joomla dev
DESCRIPTION
Prevention is better than cure. This is no exception with security and the Joomla Operating system. It's not a matter of IF your websites will be attacked, but only a matter of WHEN they will be attacked. The question is, are your websites prepared to withstand the onslaught, or are they a malicious script field day case study where the doors and windows are left wide open? As an introduction, Paul will look at the foundations of server and script security and various tips and tricks to harden your Joomla instance against possible attacks. This talk will provide practical steps you can apply to immediately beef up security of your current Joomla instance. Secondly, he will discuss the practical steps you need to follow if you wake up one day and the unthinkable did happen. This talk is a must for Beginner and Intermediate Joomla users, and the old timers can also join to make sure all leaked information is accurate. Never say never, and welcome to the resistance! Additional Info Presenter: Paul van Jaarsveld Category: JoomlaTRANSCRIPT
![Page 1: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/1.jpg)
Leaked! Confessions of a Joomla DEV
Paul van JaarsveldKalemanzi Media Solutions
@kalemanzi
![Page 2: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/2.jpg)
Overview
● Hackin 'n crackin (Why, who, what?!)● Prevention ● Cure● Discussions / questions
![Page 3: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/3.jpg)
Why, who, what?
● Why do people want to “hack” sites?● Who / what does it?● What do they do?
![Page 4: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/4.jpg)
Defaced – peer recognition
![Page 5: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/5.jpg)
Various forms of attacks
● SQL injection – make mysql run malicious commands
● Known vulnerabilities of outdated scripts● Poorly designed code● Generic passwords● Denial of Service / slashdot effect
![Page 6: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/6.jpg)
DDOS attacks
![Page 7: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/7.jpg)
Spam with a purpose
![Page 8: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/8.jpg)
Payload
![Page 9: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/9.jpg)
Phishing
![Page 10: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/10.jpg)
Prevention: Your neighborhood● Hosting provider NB! ● Rather Apache Linux than Win● Avoid shared hosting● PHP5, CGI not module, register_globals● PHP.ini settings (remote url incl etc.)● mod_security● Htaccess.txt .htaccess● Cpanel, ftp, ssh password etc.
![Page 11: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/11.jpg)
Prevention: Your house● Bricks – Latest Joomla ● Domestic workers – extensions bg. check● House contents – user data / content● The windows – what can be seen● The doors / gates – points of entry● Keys! NB. PSWD – what Master key?!● Radio and tv / internet – external / feeds● CCTV / alarm system – Monitor security● Insurance – regular incremental backups
![Page 12: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/12.jpg)
Cracked, now what?!
![Page 13: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/13.jpg)
Recovery Action plan!● Remove site from public_html (rename
script - rn public_html public_html_inf● Change passwords (sql, ftp, cpanel etc.)● Find a backup that was done before
infection and keep it handy● Do a comprehensive site audit● Find the source of the infection – use shell
script, common sense, versions etc.● Choose recovery strategy:
![Page 14: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/14.jpg)
● Repair current instance eg. Remove malicious code
● Restore clean backup and fix holes● Make site live● Make sure the site is clean!● Have a plan in place for future
Strategy
![Page 15: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/15.jpg)
Questions
● What extensions do you use?
Let's make a list right now!● How do you handle your hacked sites?
![Page 16: Leaked! Confessions of a Joomla DEV](https://reader033.vdocuments.mx/reader033/viewer/2022052823/5559542dd8b42a98708b47e2/html5/thumbnails/16.jpg)
Welcome to the resistance ;-)
Paul van JaarsveldKalemanzi Media Solutions
@kalemanzi