Leaked! Confessions of a Joomla DEV

Paul van JaarsveldKalemanzi Media Solutions

@kalemanzi

Overview

● Hackin 'n crackin (Why, who, what?!)● Prevention ● Cure● Discussions / questions

Why, who, what?

● Why do people want to “hack” sites?● Who / what does it?● What do they do?

Defaced – peer recognition

Various forms of attacks

● SQL injection – make mysql run malicious commands

● Known vulnerabilities of outdated scripts● Poorly designed code● Generic passwords● Denial of Service / slashdot effect

DDOS attacks

Spam with a purpose

Payload

Phishing

Prevention: Your neighborhood● Hosting provider NB! ● Rather Apache Linux than Win● Avoid shared hosting● PHP5, CGI not module, register_globals● PHP.ini settings (remote url incl etc.)● mod_security● Htaccess.txt .htaccess● Cpanel, ftp, ssh password etc.

Prevention: Your house● Bricks – Latest Joomla ● Domestic workers – extensions bg. check● House contents – user data / content● The windows – what can be seen● The doors / gates – points of entry● Keys! NB. PSWD – what Master key?!● Radio and tv / internet – external / feeds● CCTV / alarm system – Monitor security● Insurance – regular incremental backups

Cracked, now what?!

Recovery Action plan!● Remove site from public_html (rename

script - rn public_html public_html_inf● Change passwords (sql, ftp, cpanel etc.)● Find a backup that was done before

infection and keep it handy● Do a comprehensive site audit● Find the source of the infection – use shell

script, common sense, versions etc.● Choose recovery strategy:

● Repair current instance eg. Remove malicious code

● Restore clean backup and fix holes● Make site live● Make sure the site is clean!● Have a plan in place for future

Strategy

Questions

● What extensions do you use?

Let's make a list right now!● How do you handle your hacked sites?

Welcome to the resistance ;-)

Paul van JaarsveldKalemanzi Media Solutions

@kalemanzi