2014 Website Defacements

Defacements are the most visual and obvious hack that a website can suffer from. They also come parcelled with their own exquisite sense of dread. Nothing gives that gut-wrenching feeling of “I’ve been hacked” more than seeing this:

Defaced-Website-Upgrade-Security

Most malware that we see on a daily basis is driven by some desire to profit off of victims – classic pharma spam or theft of credit card details and personal information. By contrast, most defacements have little to no financial incentive. They are almost always done to further some political, religious or ideological goal. Some attackers will try to deface as many sites as possible with their ‘calling card’ just to prove how “l33t” (elite) they are or to give attention to whatever cause they are trumpeting.

These hacks remind me of by-gone days when computer hacking was done primarily for mischief and trouble-making and less associated with the nefarious criminal underworld. A lot of the time all that is tampered with is the site’s index.php file which can easily be restored by downloading a fresh copy of whatever CMS you use.

A more nasty defacement, though, will overwrite your wp-config.php file entirely and if you don’t have a backup, well, make one right now for a rainy day :)

Now, having said all this, while all defacements are primarily about the shock value much of the time they are coupled with malware, too. If this ever happens to your site assume it is fully compromised and act accordingly. Whoever defaces a site will almost certainly place a few backdoors for easy access later on. The more harmful hacks will also attempt to infect end user computers visiting the site.

For this reason, if you ever suffer from this sort of calamity make sure you perform a thorough check for any malicious files! Otherwise you’ll likely end up with the same problem soon after.

There are a whole bunch of ways that this can happen – websites that employ poor password management and/or use out of date software are easy, low-hanging fruit for these vandalists. Naturally, our clients using our CloudProxy firewall are protected against such attacks.

WordPress Security Presentation by Tony Perez

Tomorrow I will be flying to my hometown (Miami) to give a Website Security presentation to a bunch of enthusiastic online professionals at an event called WordCamp. If you’re not familiar with these events, they are global events put together by the local populace to focus on a specific platform – WordPress. The event is called WordCamp Miami 2013, if you plan to be there definitely look me up.

I will be presenting at 1400 (EST), also known as 2:00 pm to most.

I will be volunteering at the Happiness Bar right after my talk at 1445 (EST), 2:45 pm.

If you’re interested, they are going to be live-streaming the event and you’re more than welcome to watch.

Dre Armeda Presenting on WordPress Security at WordCamp Phoenix 2013

Here is the video for the WordPress Security presentation at WordCamp Phoenix 2013:

Here is the slide deck from the presentation:

Leave us your comments below.

WordCamp Las Vegas 2012 – Tony Perez: WordPress Security – Dealing with Today’s Hacks

Here is a great presentation given by Tony Perez our COO in October of 2012 at WordCamp Las Vegas:

WordPress Security Hangout – Grand Rapids WP Meetup

Every now and then, trying to summarize a conversation doesn’t do it any justice. Here is the discussion in its entirety between Dre Armeda, Mark Jaquith and I, Tony Perez, for the recent Grand Rapids WP Meetup. As you might imagine, it’s about WordPress Security:

It’s lengthy, true, but it covers a number of subjects. Everything from passwords, their management, to hardening and appropriate security controls.

If you’re not familiar with Mark Jaquith, you should be. He has been actively engaged in the WordPress community for 8 years +, is a lead developer for the project and has contributed countless patches to the core, many addressing security issues. If you’re looking for development advise or for a third party audit of your code then he’s about as good as it gets, be sure to check him out at http://coveredwebservices.com/

Dealing with WordPress Malware

A few months back I contributed to a post with Smashing Magazine on the top 4 WordPress Infections, it was released yesterday, and it couldn’t have been at a better time. If any one attended WordCamp Las Vegas you might even find some similarities. Fortunately in the process of preparing for the event and working with the team, we were able to compile a bit more information expanding on the things we originally discussed in the last post. It’s perfect timing for a number of reasons, and will complement this post very nicely.

WordPress Malware
The idea of this post, like many in the past, is to outline and discuss this past weekend’s presentation. In the process, hopefully you take something away. Unfortunately, the presentation was capped off with a live attack and hack, and I won’t be able to include that in this post, but I promise it’s coming.

**Note: If you plan to be at WordCamp Philadelphia 2012 you might be in for some treats, just saying. And if you don’t have it on the calendar, you should.

Read More

WordPress Security Presentation (in Portuguese)

Bruno Borges (from our security team), did a great presentation at WordCamp Sao Paulo (Brazil) about WordPress security and how to keep a site secure.

WordPress Security

The video is in Portuguese (pt-br), and can be viewed here:

Watch live streaming video from primaestudio at livestream.com

Lockdown WordPress – A Security Webinar with Dre Armeda

We had the opportunity to do a webinar about WordPress security with the guys from iThemes yesterday. Here’s the video for those of you who missed out on the fun:

Dre Armeda from Sucuri Security presented on various WordPress related areas that help reduce risk for website owners and administrators. The webinar includes a high level discussion about the growth of the internet, he goes over some of the more popular malware attacks affecting WordPress users, then offers various tips, tools, and resources to help you reduce risk.

Hope you enjoy!


If you have any questions, feel free to email us at info@sucuri.net