webinar - tips and tricks on website security

Making the internet safer, one website at a time.tm

Tips and Tricks on Website Security


Agenda

1. Introduction

2. Why is website security important

3. Methods Hackers use

4. How to protect your website

5. Q&A


Agenda

1. Introduction

2. Why website security is important



5. Q&A


StopBadware

• Nonprofit organization that makes the Web safer by fighting badware

• Helps webmasters learn how to clean up their sites and get off malware blacklists

• Runs a community forum, BadwareBusters.org, where owners of hacked sites can get free help from security experts

• Our Partners include companies like Google, Mozilla, Verizon, and StopTheHacker!


• Founded in 2009

• Based in San Francisco

• Partner of StopBadware in the fight against evil ;)

• Focused on web malware detection and removal. Additional services include Vulnerability assessment, Reputation protection & Facebook protection

• StopTheHacker’s Artificial Intelligence

Funded by the National Science Foundation USA.

Won multiple awards since 2009

• Partners & Customers worldwide, e.g. US, Australia, Canada, Germany, Portugal, Latvia, UK, Belgium, Singapore, Bulgaria, Russia

StopTheHacker


Agenda

1. Introduction




5. Q&A


Some facts on the Internet

• There are 8.97 billion pages on the Internet (source: WorldWideWebSize.com)

• 55,381,895 WordPress sites (source: wordpress.com/stats)

• Europe and the US together host around 75% of the top 1 million sites

• Almost 2.3 billion Internet users in the world as of December 2011 (source: www.internetworldstats.com/stats.htm)


The Threat

Approx. 30,000 new malicious URLs each day in 2H11; 80% of those are legitimate*

85% of malware comes from the web*

An estimated 1.6 million vulnerable users were exposed to drive-by downloads in one month across 58 popular (Alexa top 25,000) sites.**

931,490 URLs currently blacklisted by StopBadware's data providers***

*Source: Sophos Security Threat Report 2012 (Jan. 2012)** Source: Barracuda Labs (Mar. 2012)*** Source: StopBadware.org


9,500 websites get blacklisted by Google

daily

80% of hosted websites have vulnerabilities

~4% of hosted websites are infected at any given

time

<5% of websites are protected (vs 99% of all PCs)

Why protect my website?

Source: StopTheHacker Analysis


Results of being hacked

1. Your visitors get infected

2. Getting blacklisted by Google• Your website’s search engine results are marked as dangerous

• Your ads may not get published

• All modern browsers block access to your site

3. When blacklisted, customers’ website unavailable for days = Lost revenue

4. Visitors and customers lose trust in your brand


Agenda

1. Introduction




5. Q&A


Top reasons why website get hacked

1. Poor choice of passwords

2. Insecure FTP connections

3. Web application vulnerabilities

4. Third party add-ons

5. Server level vulnerabilities

6. Infected PCs


Poor choice of passwords

• Most common passwords – 123456, admin, mysite..

• Use online password generators• Use strings, sentences• TheQuickBrownFoxJumpedOver…

• Use numbers• The1Quick2Brown3Fox4JumpedOver…

• Use special characters• @The1#Quick2$Brown3&Fox4JumpedOver…

• Do your own “special” thing.• Do not use one password for everything!!


Insecure FTP connections

• FTP transfers username, passwd in clear text• Sniffers can pick it up• Most popular, lots of clients• SFTP, SSH better alternative


Web application vulnerabilities

• Cross Site Scripting• Persistent, temporary

• SQL Injection• Database injections (title tags)

• Forms, blog comment area vulnerable• Your code used against you

• Cross Site Request Forgery• Insufficient input santization

• Wordpress, Drupal, Joomla• Custom code needs to be audited

• Web application filters, Snort, only as good as signatures


Third party add-ons

• Timthumb image resizer• Ubulletin• Various image upload tools,

calendar tools• Only download from reputable

sources• Find out if plugin on Wordpress’s

vulnerable list• Code in plugin can cause your site

to get infected


Server level vulnerabilities

• Remote File Inclusion• OS patches outdated• Vulnerable software (old FTP server running)• Old PHP versions• Use sandboxing of accounts• Apache – separate user

• Database – separate user

• Files owned by different user

• Disallow root access

• Use sudo


Infected PC‘s

• Using an infected local machine can cause a website to become infected.


Agenda

1. Introduction




5. Q&A


Top tips to protect your website

Passwords• Never store credentials, like your FTP password, on your local

PC.

• Use strong passwords and try to set up difficult-to-guess usernames (such as “av21bx” instead of “Alex”)

FTP connections

• If you use FTP, consider switching to a more secure solution, like ssh/SCP/SFTP.



Web Application Vulnerabilities• Make sure to check your website frequently for web

application vulnerabilities and malicious code. Vigilance can protect your visitors.

• Use a website protection service that scans your site regularly for vulnerabilities and malware infections

Third party add-ons• Install only reputable plugins.

• Make a list of all third party plugins you use, and be sure to update them regularly.

• Both the software you use to run your website and all your plugins should be kept current!



Server level vulnerabilities • Set appropriate file permissions on your web server

Infected PC’s• Make sure you regularly scan your local PC with at least one,

and preferably more than one, antivirus engine.

• Antivirus software for your PC won’t detect website infections, but using an infected local machine can cause a website to become infected.

• It’s important to protect your PC, too!


Important Technologies

Malware Detection

Vulnerability Assessment

Reputation Monitoring

What?

- Is my site infected? - Am I hacked? - Am I infecting my visitors? - Is my internal data at risk? - Might I get blacklisted soon?

“Anti Virus for your Website”

- Is my site vulnerable? - Might I get hacked? - What patches should I apply?

Note: Doesn’t tell if infected

- Is my site blacklisted?

Why?

If infected you need to fix the problem before you get

- blacklisted - compromise your data- infect your visitors

If vulnerable, you need to fix the problem before you get

- Hacked- Infected

If blacklisted, you need to fix the problem so your customers can visit your site again.


More information

• Blog: blog.stopbadware.org

• Facebook: facebook.com/StopBadware

• Twitter: @stopbadware & @badwarebusters

• Blog: stopthehacker.com/blog

• Facebook: facebook.com/StopTheHacker

• Twitter: @stopthehacker


Agenda

1. Introduction




5. Q&A


Thank you

webinar - tips and tricks on website security

Technology

internet safer

website securitymaking

website security important3

methods hackers use4

hosted websites

web malware detection

malware blacklists

sites almost2