Prevention is better than cure. This is no exception with security and the Joomla Operating system. It's not a matter of IF your websites will be attacked, but only a matter of WHEN they will be attacked. The question is, are your websites prepared to withstand the onslaught, or are they a malicious script field day case study where the doors and windows are left wide open? As an introduction, Paul will look at the foundations of server and script security and various tips and tricks to harden your Joomla instance against possible attacks. This talk will provide practical steps you can apply to immediately beef up security of your current Joomla instance. Secondly, he will discuss the practical steps you need to follow if you wake up one day and the unthinkable did happen. This talk is a must for Beginner and Intermediate Joomla users, and the old timers can also join to make sure all leaked information is accurate. Never say never, and welcome to the resistance! Additional Info Presenter: Paul van Jaarsveld Category: Joomla

1. Leaked! Confessions of a Joomla DEV
Paul van Jaarsveld
Kalemanzi Media Solutions
@kalemanzi

2. Overview
●
Hackin 'n crackin (Why, who, what?!)
●
Prevention
●
Cure
●
Discussions / questions

3. Why, who, what?
●
Why do people want to “hack” sites?
●
Who / what does it?
●
What do they do?

4. Defaced – peer recognition

5. Various forms of attacks
●
SQL injection – make mysql run malicious
commands
●
Known vulnerabilities of outdated scripts
●
Poorly designed code
●
Generic passwords
●
Denial of Service / slashdot effect

6. DDOS attacks

7. Spam with a purpose

8. Payload

9. Phishing

10. Prevention: Your neighborhood
●
Hosting provider NB!
●
Rather Apache Linux than Win
●
Avoid shared hosting
●
PHP5, CGI not module, register_globals
●
PHP.ini settings (remote url incl etc.)
●
mod_security
●
Htaccess.txt .htaccess
●
Cpanel, ftp, ssh password etc.

11. Prevention: Your house
●
Bricks – Latest Joomla
●
Domestic workers – extensions bg. check
●
House contents – user data / content
●
The windows – what can be seen
●
The doors / gates – points of entry
●
Keys! NB. PSWD – what Master key?!
●
Radio and tv / internet – external / feeds
●
CCTV / alarm system – Monitor security
●
Insurance – regular incremental backups

12. Cracked, now what?!

13. Recovery Action plan!
●
●
●
●
●
●
Remove site from public_html (rename
script - rn public_html public_html_inf
Change passwords (sql, ftp, cpanel etc.)
Find a backup that was done before
infection and keep it handy
Do a comprehensive site audit
Find the source of the infection – use shell
script, common sense, versions etc.
Choose recovery strategy:

14. Strategy
●
Repair current instance eg. Remove
malicious code
●
Restore clean backup and fix holes
●
Make site live
●
Make sure the site is clean!
●
Have a plan in place for future

15. Questions
●
What extensions do you use?
Let's make a list right now!
●
How do you handle your hacked sites?

16. Welcome to the resistance ;-)
Paul van Jaarsveld
Kalemanzi Media Solutions
@kalemanzi