SlideShare a Scribd company logo

How to fix a hacked site and harden June 2019

Download as PPTX, PDF
Tim Plummer
Tim Plummer

This month we took a look at how you can fix a hacked site, and improve security to prevent it happening again.

Software
1 of 18
How to fix a hacked site and harden security Presented by Tim Plummer Joomla User Group Sydney 11th June 2019
Recognising your site is hacked • Sometimes it’s obvious, other times more subtle
Other common indicators of hacked site • Blacklist warning by Google etc. • Warnings from web host regarding resource usage • Complaints from customers • Unusual file modifications (template, core files etc) • Malicious new users created on your site • Unexpected or abnormal browser behaviour
Immediate response • Do you have a disaster recovery plan? • What can you do quickly to minimize damage/exposure? • Site offline / maintenance mode (if appropriate) • Change passwords (Cpanel, Joomla Admin, etc)
Why did my site get hacked • Deface / vandalize • Spreading malware • Hacker showing off • Profit (e.g. crypto currency mining, spamming) • Targeted attack, for example to obtain personal information
How did my site get hacked? • Look for evidence in Cpanel error logs/raw access logs • 77.221.130.18 - - [09/May/2019:08:54:59 +1000] "GET /index.php?option=com_myfiles&controller=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 404 613 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)“ • 77.222.40.87 - - [09/May/2019:13:28:02 +1000] "GET //index.php?option=com_alphauserpoints&view=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 404 613 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"
Do I have any outdated or insecure extensions? • Check Joomla! Vulnerable Extension List https://vel.joomla.org/
Is your core Joomla version up-to-date?
Is your PHP version up-to-date?
Does your computer have any malware?
Are there any other sites on this hosting account? • Could the vulnerability be due to another site/app on the hosting account • For example, the recent Joomla Extension Directory vulnerability was caused by an outdated Stapler web framework used by Jenkins, which is the tool used for daily automated testing etc.
Damage assessment • What files have been modified? • Have any files been uploaded?
How does the hack affect your customers? • Is there any personal/financial information exposure – do you need to report a mandatory data breech? https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme • Do you need to retain a copy of hacked files and logs for evidence/further investigation?
Recovery considerations • Do you have a good (offsite) backup from before the hack? Will there be any data loss if you restored this? • Have you addressed the source of the hack? • Is manually cleaning the files appropriate (editing source code to remove injected code)? • Should you reinstall Joomla over the top to restore core files? • Can you fix this yourself, or do you need to engage security professionals? • Do you need to change passwords (Cpanel, Joomla admin users, mySQL, FTP accounts etc) • Do you need to clean database (remove users and suspicious content)
Recovery considerations • Do you need to contact web host to remove suspension? • Do you need to request removal from blacklisting (e.g. Google Search Console)
Helpful tools/services • Myjoomla.com audit / fix hacked site service • Watchful.li malware scan
Hardening your site • Firewall software (e.g. Akeeba Admin Tools or RSFirewall) • .htaccess rules to block common exploits • Make sure all software is up-to-date (core Joomla, extensions, PHP etc). • Limit who has admin/super user access • Regular malware scans (both your site and computer) • Regular review of logs, hosting resources etc. looking for suspicious activity
After your site is fixed • Continue to monitor to ensure site doesn’t get hacked again (maybe you missed the true source of the hack in your cleanup) • Remember, security is not a once off exercise, you should regularly review your site security and make incremental improvements as needed.

Recommended

Seven steps to better security
Seven steps to better securitySeven steps to better security
Seven steps to better securityMichael Pignataro
 
Uweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website ExploitsUweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website Exploitstamuwww
 
Threat from within
Threat from withinThreat from within
Threat from withinNuxeo
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015kriptonium
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015Shaiffulnizam Mohamad
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
A Brave New World
A Brave New WorldA Brave New World
A Brave New WorldSensePost
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 

Recommended

Seven steps to better security
Seven steps to better securitySeven steps to better security
Seven steps to better securityMichael Pignataro
 
Uweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website ExploitsUweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website Exploitstamuwww
 
Threat from within
Threat from withinThreat from within
Threat from withinNuxeo
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015kriptonium
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015Shaiffulnizam Mohamad
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
A Brave New World
A Brave New WorldA Brave New World
A Brave New WorldSensePost
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Try {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks
Try {stuff} Catch {hopefully not} - Evading Detection & Covering TracksTry {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks
Try {stuff} Catch {hopefully not} - Evading Detection & Covering TracksYossi Sassi
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail YouMichael Gough
 
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Tim Butler
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaValtiokonttori / Statskontoret / State Treasury of Finland
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachQuest
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOsama Mustafa
 
Info sec is not daunting v1.0
Info sec is not daunting v1.0 Info sec is not daunting v1.0
Info sec is not daunting v1.0 Michael Gough
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVSam Bowne
 
Website essentials things every library website should have
Website essentials things every library website should haveWebsite essentials things every library website should have
Website essentials things every library website should haveBrian Pichman
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 
Aujug 2020 joomla 4 workflow
Aujug 2020 joomla 4 workflowAujug 2020 joomla 4 workflow
Aujug 2020 joomla 4 workflowTim Plummer
 
TinyMCE for Joomla
TinyMCE for JoomlaTinyMCE for Joomla
TinyMCE for JoomlaTim Plummer
 

More Related Content

Similar to How to fix a hacked site and harden June 2019

Try {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks
Try {stuff} Catch {hopefully not} - Evading Detection & Covering TracksTry {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks
Try {stuff} Catch {hopefully not} - Evading Detection & Covering TracksYossi Sassi
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail YouMichael Gough
 
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Tim Butler
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachQuest
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOsama Mustafa
 
Info sec is not daunting v1.0
Info sec is not daunting v1.0 Info sec is not daunting v1.0
Info sec is not daunting v1.0 Michael Gough
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVSam Bowne
 
Website essentials things every library website should have
Website essentials things every library website should haveWebsite essentials things every library website should have
Website essentials things every library website should haveBrian Pichman
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 

Similar to How to fix a hacked site and harden June 2019 (20)

Try {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks
Try {stuff} Catch {hopefully not} - Evading Detection & Covering TracksTry {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks
Try {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
 
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Security
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security Breach
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC Webinar
 
Info sec is not daunting v1.0
Info sec is not daunting v1.0 Info sec is not daunting v1.0
Info sec is not daunting v1.0
 
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AVCNIT 124 Ch10-12: Local Exploits through Bypassing AV
CNIT 124 Ch10-12: Local Exploits through Bypassing AV
 
Website essentials things every library website should have
Website essentials things every library website should haveWebsite essentials things every library website should have
Website essentials things every library website should have
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
 

More from Tim Plummer

Aujug 2020 joomla 4 workflow
Aujug 2020 joomla 4 workflowAujug 2020 joomla 4 workflow
Aujug 2020 joomla 4 workflowTim Plummer
 
TinyMCE for Joomla
TinyMCE for JoomlaTinyMCE for Joomla
TinyMCE for JoomlaTim Plummer
 
Joomla 4 custom fields and workflow
Joomla 4 custom fields and workflowJoomla 4 custom fields and workflow
Joomla 4 custom fields and workflowTim Plummer
 
Creating your own joomla templates April 2019
Creating your own joomla templates April 2019Creating your own joomla templates April 2019
Creating your own joomla templates April 2019Tim Plummer
 
Custom fields in Joomla March 2019
Custom fields in Joomla March 2019Custom fields in Joomla March 2019
Custom fields in Joomla March 2019Tim Plummer
 
Whats new in Joomla 3.9
Whats new in Joomla 3.9Whats new in Joomla 3.9
Whats new in Joomla 3.9Tim Plummer
 
Lessons from the other side
Lessons from the other sideLessons from the other side
Lessons from the other sideTim Plummer
 
Getting the most from your social media posts on facebook and instagram
Getting the most from your social media posts on facebook and instagramGetting the most from your social media posts on facebook and instagram
Getting the most from your social media posts on facebook and instagramTim Plummer
 
Tips for site builders and administrators
Tips for site builders and administratorsTips for site builders and administrators
Tips for site builders and administratorsTim Plummer
 
Joomla 4.0 what's coming in future
Joomla 4.0 what's coming in futureJoomla 4.0 what's coming in future
Joomla 4.0 what's coming in futureTim Plummer
 
What’s new in joomla 3.7
What’s new in joomla 3.7What’s new in joomla 3.7
What’s new in joomla 3.7Tim Plummer
 
Simplify your Joomla user registration form
Simplify your Joomla user registration formSimplify your Joomla user registration form
Simplify your Joomla user registration formTim Plummer
 
How to customise Joomla
How to customise JoomlaHow to customise Joomla
How to customise JoomlaTim Plummer
 
Maintaining a joomla website - Canberra
Maintaining a joomla website - CanberraMaintaining a joomla website - Canberra
Maintaining a joomla website - CanberraTim Plummer
 
Custom fields in joomla
Custom fields in joomlaCustom fields in joomla
Custom fields in joomlaTim Plummer
 
Whats new in joomla 3.5 & whats coming in future
Whats new in joomla 3.5 & whats coming in futureWhats new in joomla 3.5 & whats coming in future
Whats new in joomla 3.5 & whats coming in futureTim Plummer
 
Joomla SEO basics 2016
Joomla SEO basics 2016Joomla SEO basics 2016
Joomla SEO basics 2016Tim Plummer
 
What's new in joomla! 3.5 - 8th Nov 2015
What's new in joomla! 3.5 - 8th Nov 2015What's new in joomla! 3.5 - 8th Nov 2015
What's new in joomla! 3.5 - 8th Nov 2015Tim Plummer
 
Cross CMS plugin development using AWF
Cross CMS plugin development using AWFCross CMS plugin development using AWF
Cross CMS plugin development using AWFTim Plummer
 
Growing your business by hiring an offshore staff member
Growing your business by hiring an offshore staff memberGrowing your business by hiring an offshore staff member
Growing your business by hiring an offshore staff memberTim Plummer
 

More from Tim Plummer (20)

Aujug 2020 joomla 4 workflow
Aujug 2020 joomla 4 workflowAujug 2020 joomla 4 workflow
Aujug 2020 joomla 4 workflow
 
TinyMCE for Joomla
TinyMCE for JoomlaTinyMCE for Joomla
TinyMCE for Joomla
 
Joomla 4 custom fields and workflow
Joomla 4 custom fields and workflowJoomla 4 custom fields and workflow
Joomla 4 custom fields and workflow
 
Creating your own joomla templates April 2019
Creating your own joomla templates April 2019Creating your own joomla templates April 2019
Creating your own joomla templates April 2019
 
Custom fields in Joomla March 2019
Custom fields in Joomla March 2019Custom fields in Joomla March 2019
Custom fields in Joomla March 2019
 
Whats new in Joomla 3.9
Whats new in Joomla 3.9Whats new in Joomla 3.9
Whats new in Joomla 3.9
 
Lessons from the other side
Lessons from the other sideLessons from the other side
Lessons from the other side
 
Getting the most from your social media posts on facebook and instagram
Getting the most from your social media posts on facebook and instagramGetting the most from your social media posts on facebook and instagram
Getting the most from your social media posts on facebook and instagram
 
Tips for site builders and administrators
Tips for site builders and administratorsTips for site builders and administrators
Tips for site builders and administrators
 
Joomla 4.0 what's coming in future
Joomla 4.0 what's coming in futureJoomla 4.0 what's coming in future
Joomla 4.0 what's coming in future
 
What’s new in joomla 3.7
What’s new in joomla 3.7What’s new in joomla 3.7
What’s new in joomla 3.7
 
Simplify your Joomla user registration form
Simplify your Joomla user registration formSimplify your Joomla user registration form
Simplify your Joomla user registration form
 
How to customise Joomla
How to customise JoomlaHow to customise Joomla
How to customise Joomla
 
Maintaining a joomla website - Canberra
Maintaining a joomla website - CanberraMaintaining a joomla website - Canberra
Maintaining a joomla website - Canberra
 
Custom fields in joomla
Custom fields in joomlaCustom fields in joomla
Custom fields in joomla
 
Whats new in joomla 3.5 & whats coming in future
Whats new in joomla 3.5 & whats coming in futureWhats new in joomla 3.5 & whats coming in future
Whats new in joomla 3.5 & whats coming in future
 
Joomla SEO basics 2016
Joomla SEO basics 2016Joomla SEO basics 2016
Joomla SEO basics 2016
 
What's new in joomla! 3.5 - 8th Nov 2015
What's new in joomla! 3.5 - 8th Nov 2015What's new in joomla! 3.5 - 8th Nov 2015
What's new in joomla! 3.5 - 8th Nov 2015
 
Cross CMS plugin development using AWF
Cross CMS plugin development using AWFCross CMS plugin development using AWF
Cross CMS plugin development using AWF
 
Growing your business by hiring an offshore staff member
Growing your business by hiring an offshore staff memberGrowing your business by hiring an offshore staff member
Growing your business by hiring an offshore staff member
 

Recently uploaded

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxvarshanayak241
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of ProgrammingMatt Welsh
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Krakówbim.edu.pl
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfOrtus Solutions, Corp
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageGlobus
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfMayankTawar1
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus
 

Recently uploaded (20)

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Kraków
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 

How to fix a hacked site and harden June 2019

  • 1. How to fix a hacked site and harden security Presented by Tim Plummer Joomla User Group Sydney 11th June 2019
  • 2. Recognising your site is hacked • Sometimes it’s obvious, other times more subtle
  • 3. Other common indicators of hacked site • Blacklist warning by Google etc. • Warnings from web host regarding resource usage • Complaints from customers • Unusual file modifications (template, core files etc) • Malicious new users created on your site • Unexpected or abnormal browser behaviour
  • 4. Immediate response • Do you have a disaster recovery plan? • What can you do quickly to minimize damage/exposure? • Site offline / maintenance mode (if appropriate) • Change passwords (Cpanel, Joomla Admin, etc)
  • 5. Why did my site get hacked • Deface / vandalize • Spreading malware • Hacker showing off • Profit (e.g. crypto currency mining, spamming) • Targeted attack, for example to obtain personal information
  • 6. How did my site get hacked? • Look for evidence in Cpanel error logs/raw access logs • 77.221.130.18 - - [09/May/2019:08:54:59 +1000] "GET /index.php?option=com_myfiles&controller=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 404 613 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)“ • 77.222.40.87 - - [09/May/2019:13:28:02 +1000] "GET //index.php?option=com_alphauserpoints&view=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 404 613 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"
  • 7. Do I have any outdated or insecure extensions? • Check Joomla! Vulnerable Extension List https://vel.joomla.org/
  • 8. Is your core Joomla version up-to-date?
  • 9. Is your PHP version up-to-date?
  • 10. Does your computer have any malware?
  • 11. Are there any other sites on this hosting account? • Could the vulnerability be due to another site/app on the hosting account • For example, the recent Joomla Extension Directory vulnerability was caused by an outdated Stapler web framework used by Jenkins, which is the tool used for daily automated testing etc.
  • 12. Damage assessment • What files have been modified? • Have any files been uploaded?
  • 13. How does the hack affect your customers? • Is there any personal/financial information exposure – do you need to report a mandatory data breech? https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme • Do you need to retain a copy of hacked files and logs for evidence/further investigation?
  • 14. Recovery considerations • Do you have a good (offsite) backup from before the hack? Will there be any data loss if you restored this? • Have you addressed the source of the hack? • Is manually cleaning the files appropriate (editing source code to remove injected code)? • Should you reinstall Joomla over the top to restore core files? • Can you fix this yourself, or do you need to engage security professionals? • Do you need to change passwords (Cpanel, Joomla admin users, mySQL, FTP accounts etc) • Do you need to clean database (remove users and suspicious content)
  • 15. Recovery considerations • Do you need to contact web host to remove suspension? • Do you need to request removal from blacklisting (e.g. Google Search Console)
  • 16. Helpful tools/services • Myjoomla.com audit / fix hacked site service • Watchful.li malware scan
  • 17. Hardening your site • Firewall software (e.g. Akeeba Admin Tools or RSFirewall) • .htaccess rules to block common exploits • Make sure all software is up-to-date (core Joomla, extensions, PHP etc). • Limit who has admin/super user access • Regular malware scans (both your site and computer) • Regular review of logs, hosting resources etc. looking for suspicious activity
  • 18. After your site is fixed • Continue to monitor to ensure site doesn’t get hacked again (maybe you missed the true source of the hack in your cleanup) • Remember, security is not a once off exercise, you should regularly review your site security and make incremental improvements as needed.