Google says you shouldn’t visit my church

download Google says you shouldn’t visit my church

of 37

  • date post

    14-Jul-2015
  • Category

    Technology

  • view

    1.311
  • download

    1

Embed Size (px)

Transcript of Google says you shouldn’t visit my church

Google Says You Shouldnt Visit My Church

Google Says You Shouldnt Visit My ChurchA Tale of How My Site Got Hacked, Why It Was My Fault, and What I Did To Fix ItJustin Jones Fort Wayne, IN @jjonesftw

Im Justin JonesTeacherChurch WorkerWordPress hobbyistPodcast cohost atThe Weekly Theme Show

@jjonesftwjustinjones.net

Why would someone want to hack my site?The world doesnt revolve around youCrime of opportunityDont leave your front door unlockedBlack Hat SEOTo make money directlyAffiliate salesRogue virus scannersRansomewareWhy would someone want to hack my site?Serve up images and content for SPAM email

What do they do while theyre poking around my site?Alter robots.txtOverride the WordPress generated robots.txt to add their pages into search enginesCreate backdoors in unsuspecting .php files for future attacksAdd their own .php files and images to serve up their payload contentSome are specific to robots or HTTP ReferrerWhat do they do while theyre poking around my site?Inject code into theme files, like header.php

What do they do while theyre poking around my site?Inject code into theme files, like header.phpalison carroll hot
Jessica Lowndes
zelda williams
bush
Teresa Scanlan
leyla
Heather Mills
keshia knight pulliam polly
moira kelly biography
smurfs
Laurene jobs
bransales importadora
boo boo stewart
irina shayk y cristiano ronaldo
Vanessa Angel
lineas del metro mexico df
brian urlacher
jessie palmer
Jessie Palmer
mark hamill before and after crash
jessica-jane clement
ashanti
linea del metro ciudad de mexico
lady antebellum photos
heidi range
miley cyrus nude
elizabeth hurley
Ty Pennington Girlfriend
lsm05
ls magazine pics
megan mullally naked
ls model
mensagens lindas
justin bieber bulge
lg esteem reviewHow Do They Get In?Outdated versions of WordPressOutdated themes and pluginsHosting providers behind the timesInsecure password / brute forceCompromised computerPasswords cached in FTP clients, passwords stored in an unencrypted text file etcUnsecure internet connectionRogue access pointsPacket sniffers on public WiFiWhat are the consequences?Google will punish you.Google Safe Browsing or manual removal action

What are the consequences?Google will punish you.Google Safe Browsing or manual removal action

What are the consequences?Google will punish you.Google Safe Browsing or manual removal action

What are the consequences?Other blacklisting like Norton Safe Web, Phish Tank, Opera, Sucuri, and many othersSpammy content will get indexed with every search engineDont forget about directory listing sites, like Google Places / Google MapsYour host may dump you for violating TOSBe a good neighbor!What are the consequences?Be a good neighbor! Security is everyones responsibility

What are the consequences?Malware cost the US economy 2.2 billion dollars in lost productivity in 2011Are you an ecommerce site?Payment gateway is probably offsite, but what about peoples email addresses?Membership site?Many people re-use passwordsLinked In, Last.fm, many others recentlyBusiness or organization?How much street cred will you earn serving content from exotic-dildos.co.ccIs WordPress insecure?No.Pharma hack had a patch out before exploitedWordPress has a target on its backWordPress is used by over 14.7% of Alexa Internet's "top 1 million" websites and as of August 2011 manages 22% of all new websites.Some theme and plugin authors are lazy/sloppy, or use depreciated/inefficient methodsYou are your own worst enemy!Think about Windows XP back in like 2002Is WordPress insecure?Be careful who you trustEveryone is a developer nowNEVER download and install a theme for free that you should have paid forShady scraper sites, torrents, etc

Having a website *should* cost you more than $300 a year. If it doesnt, then youre doing it wrong. --Otto

Is WordPress insecure?Be careful who you trustBe very wary of downloading a free theme outside of the WordPress.org theme repoUse Theme Authenticity Checker and Theme CheckSiobhan McKeown at WPMU.org Googled free wordpress themesTop 10 results: 1=wordpress.org; 1=poorly coded; 8=actively using encrypted code to insert spammy linksUse trusted theme marketplaces or commercial shopsPrepare for DisasterIts going to happenMaintain regular backupsServer side or PluginsBe registered with Google Webmaster ToolsKnow how to contact your hosting providerKnow a developerVisit your siteWatch your stats

Update. Update. Update.Source: http://churchm.ag/wordpress-updates/

Update. Update. Update.August 2011, so 3.2.1 was most currentLess than half of the top 100k sites running WordPress were up to date!WordPress interates quickly to patch security holes. Keep updated to benefit from their work

Source: http://churchm.ag/wordpress-updates/Update. Update. Update.WordPress core, .org plugins and .org themes can use the core update functionalitySome commercial theme and plugins have their own way of one click upgrade, some are manual onlySome have notifications, some dont

Sign up for WordPress.org release notifications from download pageHeres Where This Gets TechnicalIll have these slides up on Slide Share

Ive reserved time at the end for questions, and Ill be available after for individual questionsIts the week before Easter and your church site is serving up topless photos of celebrities. Now What?Take a deep breath and crack open a beer. Youve got some work ahead of you.Get back control of your siteGet the site offline if you can!Its the week before Easter and your church site is serving up topless photos of celebrities. Now What?Change *every* single one of your passwordsDomain registrar, hosting account, all WordPress users, SQL database username and password, FTP account passwordI suggest changing your email account passwordsHire a professionalCheck out http://sucuri.net/Many others out there, Google them up!Its the week before Easter and your church site is serving up topless photos of celebrities. Now What?Regenerate WordPress secret keys / saltsManually in wp-config.php or use a plugin

define('AUTH_KEY', 'n%foh;/v6$)0