Tom Canavan presents seven steps to improve CMS website security: 1) strengthen passwords, 2) remove unused extensions/users/permissions, 3) keep software patched, 4) review logs for attacks, 5) ensure proper file permissions, 6) backup and restore regularly, 7) monitor logs to detect issues. The document provides guidance on implementing each step, such as encouraging complex passwords, removing unneeded accounts, and checking for signs of intrusion in logs.
3. About
‘corePHP’
Today’s
Topic,
Seven
steps
to
better
security
Three
Special
offers
at
end
of
presentation
4. Tom
Canavan
• Author
of
CMS
Security
Handbook
• CMS
Security
Professional
• Heavy
background
-‐
Fortune
500
IT
• Presenter
at
CMS
Expo
• Former
CIO
5. Number
of
sites
hacked
daily?
A)
5,000
B)
18,203
C)
910
D)
30,000
E)
3.14159265359
F)
None
of
the
above
7. Admins
and
business
owners
state
they
care
but
They
fail
to:
~
Do
it
at
all
Allocate
the
budget
to
do
it
right
Have
a
plan
if
something
happens
such
as
a
hack.
9. • Ensures
those
should
have
access
do.
Confidentiality
• We
know
if
information
is
modified
–
it
will
be
detected
Integrity
• Ensures
information
can
be
accessed
when
needed.
Availability
10. • Ensures
those
should
have
access
do.
Confidentiality
• We
know
if
information
is
modified
–
it
will
be
detected
Integrity
• Ensures
information
can
be
accessed
when
needed.
Availability
11. • Ensures
those
should
have
access
do.
Confidentiality
• We
know
if
information
is
modified
–
it
will
be
detected
Integrity
• Ensures
information
can
be
accessed
when
needed.
Availability
14. Complexity
is
key
-‐
commonness
kills
http://labs.sucuri.net/dump/sshd_bruteforce_list.txt
15.
16. Check
your
password
against
the
list
Set
Policy
to
change
admin
pw’s
often
Encourage
your
users
to
change
often
Strong
Password
Example:
%6dj;@l;g(
Consider
Installing
‘corePHP’
JomDefender
Check
this
list
goo.gl/Nw2LIi
17.
18. Check
the
following:
Ext/Modules/Plugins
that
are
NOT
in
use
Ext/Modules/Plugins
that
need
updating
Don’t
Ignore
Templates
and
Themes
If
not
in
use
–
uninstall
it
20. Admin
user
Create
new
one
–
delete
old
default
Change
name
Check
for
ALL
users
assigned
admin
Review
logs
for
multiple
attempts
21.
22. Verify
admin
accounts
Remove
or
demote
non
approved
admins
Create
new
one
–
delete
old
default
Check
for
ALL
users
assigned
admin
Review
user
accounts
Remove
any
UNUSED
FTP
Accounts
Change
FTP
password
–
frequently
(30
days)
Remove
any
Anonymous
FTP
users
Review
logs
for
brute
force
attempts
23. owner
Group
World
(or
all
users)
• Owner
–permissions
for
owner
of
file/Dir
• Group
-‐
Applies
to
groups
been
assigned
to
file/Dir
• World-‐
Applies
to
all
other
users
on
the
system
29. Check
your
File
and
Directory
Permissions
644
and
755
are
‘preferred
and
correct’
RETHINK
any
extension
or
hosts
that
require
you
to
set
your
files/dir’s
to
777
30.
31. A
patch
is
a
piece
of
software
designed
to
fix
problems
with,
or
update
a
computer
program
or
its
supporting
data.
This
includes
fixing
security
vulnerabilities
and
other
bugs,
and
improving
the
usability
or
performance.
32. These
devices
in
your
own
shop
can
be
the
source
of
viral
and
malware
infections.
33. Update
your
CMS
Review
and
update
any
extensions
Check
with
HOST
on
server
updates
Apply
Desktop/Notebook/Mobile
updates
INSTALL
Reputable
(i.e.
not
free)
Virus
Scanner
41. • %h - 38.140.130.106 - This
is
the
SOURCE
IP
• %l and %u “- -“ Means
no
information
• %t - 29/aug/2013:11:07:06 -0500 Date
and
time
of
visit
• “%r% - METHOD
and
Resource
as
follows:
"GET/templates/yoo_sphere/images/background
/whitenoise/noise_bg.jpg HTTP/1.1"
• >%s – 200 - Status
code
of
request.
• %b – 4302 - Amount in bytes transferred to client
browser from your webserver.
42. 38.140.103.106 - - [29/aug/2013:11:07:06 -0500]
"GET /templates/yoo_sphere/images/background/whitenoise/gradient.svg
HTTP/1.1"
200 508
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0)
Gecko/20100101 Firefox/21.0"
Notice
the
additional
Information?
–
BROWSER
TYPE
45. Learn
to
read
the
logs
Establish
a
policy
for
log
retention
Suggest
you
keep
at
least
30
days
Review
logs
Brute
force
Various
types
of
attacks
Other
issues
such
as
errors
46. Possibly
the
BEST
step
you
can
take
to
protect
yourself..
Also
it
is
often
disregarded…
47. Choose
‘backup
wizard’
to
conduct
backups
and
restores
Choose
‘backups’
to
access
individual
backup
archives
Methods:
48.
49. Use
‘export’
to
“DUMP”
(backup)
your
SQL
DB
Use
‘import’
to
restore
your
SQL
DB
50. Setup
backup
wizard
to
run
regularly
(cPanel)
Find
Amazon
backup
tool
for
your
CMS
Make
weekly
backups
of
files
AND
SQL
(ftp)
51. Choose
a
backup
method
and
use
it
Establish
backup
policy
Move
backups
OFF
the
server
Create
a
plan
/
documentation
How
will
you
restore
if
necessary?
▪ Where
will
the
backups
be
stored?
▪ Who
will
do
it
▪ Think
“worst-‐case”
scenario
Develop
a
test
plan
52. Security
Audit
and
Remediation
service
Log
Review
De-‐Hack
(cleanup)
Patching
CMS/etc
Other
services
Custom
Joomla!,WordPress,
Drupal
Development
Website
Design
‘corePHP’
services
-‐
www.corephp.com/services/
53. Tele
:
269-‐979-‐5582
ext.
1
Write
us
:
sales@corephp.com
Browse
us:
http://www.corephp.com
Tweet
us
:
@corephp
Like
us
on
FB
facebook.com/corephp
54. 10%
OFF
‘corePHP’
Security
Offerings.
20%
OFF
all
Joomla!
products
USE
Coupon
code:
Security
Valid
Tuesday,
September
17th
-‐
Sunday,
September
23rd
until
11:59
pm
55. Use
Code:
SAFESITE
(Please
keep
in
mind
that
it
is
case
sensitive)
20%
OFF
on
any
Joomlashack
product:
Templates,
Extensions,
Online
training,
and
Clubs.
Valid
Tuesday,
September
17th
-‐Sunday,
September
22nd
until
11:59
pm
56. 33%
discount
coupon
for
all
jVitals
products
Please
use
coupon
code
" jV-SECU-0001"
Valid
from
September
17th
-‐
September
23nd