![Page 1: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/1.jpg)
L33T H4X0RzL33T H4X0RzHow did (s)he get into my site?Or am I safe? “Are you sure…?”
How can I prevent it? How can I fix it?
![Page 2: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/2.jpg)
Importance of encryption (HTTPS – SSL)
» As promised: WIFI-sniffing…› HTTP versus HTTPS
› FTP versus sFTP
› Telnet versus SSH
› IMAP with or without SSL
https://www.youtube.com/watch?v=r0l_54thSYU&t=143s
![Page 3: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/3.jpg)
How easy it is...
» How to hack a joomla site prior to Joomla 3.6.4› https://www.exploit-db.com/exploits/40637/
› joomraa.py
› Replace innocent payload with dangerous stuff…› Show content of configuration.php› Send configuration.php to some remote location (e.g. a pastebin)› Incorporate in a botnet› Send out spam› ...
›
![Page 4: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/4.jpg)
How can I see if my site is hacked?
» Because they want you to see… (defacement)
» Because your server is being heavily (ab)used…
» Because they’re fighting for your site…› Some hacker could even update your site…
› … to prevent other hackers from getting in (and stealing their turf)
» Because you bumped into something suspicious (by accident)
» Because your host contacted you (good host!)
» Because you read your server logs…
» A good hack(er) remains invisible
![Page 5: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/5.jpg)
Hacking history
» Hacking for fun
» Ideology
» Hacking for money› Botnet
› Sending out spam› DDOS-attacks› Bitcoin mining
› Stealing data› Keyloggers› Webcam & microphone
› Penetration testing
![Page 6: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/6.jpg)
Where to attack...
» OSI Network layers
» PEBCAK
![Page 7: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/7.jpg)
Misconception N° 1 : My site is not attacked
» Professional (criminal) hackers get rich through not getting caught› They love you when you have a flexible server (e.g. Amazon S3 cloud)
» Check your logs – all sites get attacked all the time
Wordpress links on a Joomla site?
![Page 8: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/8.jpg)
Misconception N° 2 : Logs are heard to read
» 127.0.0.1 = IP address of client (remote host)
» – = (unknown: hyphen) identity of the client (unreliable)
» Frank = userid of person requesting document (inside network)
» [10/Oct/2000:13:55:36 -0700] = Moment of request
» "GET /apache_pb.gif HTTP/1.0" = Request sent to server
» 200 = Status code server sent back
» 2326 = size in bytes of packet returned
» Easy to read, but big data… analysis is difficult› SEO
› Network analysis
› Penetration
› …
![Page 9: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/9.jpg)
Misconception N° 3 : You’re not stupid if they get you
» Social Engineering› https://youtu.be/F78UdORll-Q?t=1m25s
» Ninja’s in the street› https://youtu.be/F78UdORll-Q?t=9m23s
» So you have a sticker over your webcam› … how about your mic?
› … how about your smartphone?
» You are not a target› your website/server could be more interesting
![Page 10: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/10.jpg)
Digital hygiene for you as a web admin
» Train your clients› Use safe passwords
› Don’t share passwords – add users
» Don’t (over)charge to add users (it’s better than sharing passwords)
» Don’t connect using FTP, HTTP
» Don’t use public WiFi for confidential tasks (it can be spoofed)
» Use third parties where you are not an expert
» Use reliable extension & template developers
» “Remember Password” also sends out your password!
![Page 11: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/11.jpg)
Digital hygiene for your website
» Use a reliable hosting company
» It’s not always better if you do it yourself
» Do your updates (core + extensions)› Use well supported extensions
» Disable or remove unused extensions
» Enable 2 factor authentication if possible
» Make and test backups› before every update
› after every big content update
› Not stored on the server
» Use HTTPS (and SFTP or SSH to connect)› Check your SSL: https://www.ssllabs.com
![Page 12: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/12.jpg)
FCW – CC BY SA 4.0
» This is a free cultural work (freedomdefined.org)
» … it is available under Creative Commons Share-Alike Attribution license.› Feel fre to
› … share the work› … edit, tweak, improve the work
› Please do respect these conditions:› Attribution› Place a link to the original work› Share your work under this license too
![Page 13: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/13.jpg)
Questions?
![Page 14: L33T H4X0Rz€¦ · L33T H4X0Rz How did (s)he get into my site? Or am I safe? “Are you sure…?” How can I prevent it? How can I fix it?](https://reader033.vdocument.in/reader033/viewer/2022050508/5f995b514a6c8150795f8ca1/html5/thumbnails/14.jpg)
Keep your logs...
» Store your access logs long enough… (screenshot Siteground)› Download to your computer
› Or keep them on the server