Sucuri Webinar Q&A HOW TO CLEAN A HACKED MAGENTO WEBSITE. with Cesar Anjos

Similar documents
Client Care Plan. Critical WordPress website care and support for your peace of mind, ongoing results & growth. So much more than just maintenance.

ANTIVIRUS SITE PROTECTION (by SiteGuarding.com)

Sucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead

Sucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead

ANTIVIRUS SITE PROTECTION (by SiteGuarding.com)

Dammit Jim, I m a Mac Admin, not a Web Developer

WHITE PAPER. Best Practices for Web Application Firewall Management

Top 10 Considerations for Securing Private Clouds

Q WEB APPLICATION ATTACK STATISTICS

A Guide to Finding the Best WordPress Backup Plugin: 10 Must-Have Features

Admin Login Log. User Guide. Compatibility: 1.5, 1.6, 1.7, 1.8, 1.9. Official Extension Page: Admin Login Log. User Guide: Admin Login Log Page 1

Design your network to aid forensics investigation

MageFence User manual

How to Build a Culture of Security

Designing a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Magento Commerce Architecture and Security Model Last updated: Aug 2017

6 Vulnerabilities of the Retail Payment Ecosystem

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

12 Habits of Highly Secured Magento Merchants

Introduction to Information Security Dr. Rick Jerz

ctio Computer Hygiene /R S E R ich

Layer by Layer: Protecting from Attack in Office 365

System Structure. Steven M. Bellovin December 14,

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Reduce Your Network's Attack Surface

Why SaaS isn t Backup

PROTECTING YOUR BUSINESS ASSETS

Sucuri Webinar Transcription

LEARN READ ON TO MORE ABOUT:

30 Must Have Plugins in

iphone User Guide & Manual

5 Must-Have Magento Security Plugins

How Secured2 Uses Beyond Encryption Security to Protect Your Data

The Cyber War on Small Business

Cybersecurity The Evolving Landscape

Oh yes, wpcache comes with a dashboard wpcache is not Plugin!

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Company. Example Company Contact. John Smith Website. Date

A QUICK PRIMER ON PCI DSS VERSION 3.0

What Dropbox Can t Do For Your Business

Tenable.io User Guide. Last Revised: November 03, 2017

9 Steps to Protect Against Ransomware

Installation Instructions Nochex Payment Module for Jigoshop ecommerce

Securing Your Amazon Web Services Virtual Networks

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

6 Critical Reasons for Office 365 Backup. The case for why organizations need to protect Office 365 data

6 Tips to Help You Improve Configuration Management. by Stuart Rance

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

A General Review of Key Security Strategies

How APEXBlogs was built

10 FOCUS AREAS FOR BREACH PREVENTION

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Cyber Crime Seminar. No Victim Too Small Why Small Businesses Are Low Hanging Fruit

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

COSC 2P91. Bringing it all together... Week 4b. Brock University. Brock University (Week 4b) Bringing it all together... 1 / 22

Protecting from Attack in Office 365

Index 1. Description 2. Examples 3. Installation 4. How to begin using

Personal Physical Security

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

Protect Your End-of-Life Windows Server 2003 Operating System

Spam Protection Guide

Exploring Data Governance. and Compliance. for. Office 365. Tony

3.5 SECURITY. How can you reduce the risk of getting a virus?

Securing Your Microsoft Azure Virtual Networks

Membership Mastery. Easily Create Your Own Membership Site Using WishList and Wordpress EXCLUSIVE CONTENT. by: Aidan Booth & Steve Clayton

Protect Your End-of-Life Windows Server 2003 Operating System

PCI DSS Compliance. White Paper Parallels Remote Application Server

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

GOOGLE VAULT AND SPANNING BACKUP

Remove Manually Norton Internet Security 2012 Will Not Start

Security

ANATOMY OF AN ATTACK!

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Version 1/2018. GDPR Processor Security Controls

NET 311 D INFORMATION SECURITY

WEB DESIGN & DEVELOPMENT

Cyber Security Stress Test SUMMARY REPORT

The name of our class will be Yo. Type that in where it says Class Name. Don t hit the OK button yet.

Cyber Attack: Is Your Business at Risk?

WORDPRESS SECURITY HOUSTON WORDPRESS MEETUP.

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

The Realities of Data Security and Compliance: Compliance Security

The Case for Office 365 Backup. Uncovering critical reasons why organizations need to backup Office 365 data

HIGH-IMPACT SEO DIY IN 5 MINUTES SEO OR LESS. Digital Marketer Increase Engagement Series

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

ANNOYING COMPUTER PROBLEMS

Computer Network Vulnerabilities

Evolution Of The Need For IAM. Securing connections between people, applications, and networks

Imperva Incapsula Website Security

Joopal and Drumla. Sam Moffatt, Joomla! September 13, 2009

Chat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev

PCI DSS Compliance for Healthcare

JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]

WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang

Wirecard CEE Integration Documentation

Transcription:

Sucuri Webinar Q&A HOW TO CLEAN A HACKED MAGENTO WEBSITE with Cesar Anjos 1

Question #1: What security plugins do you recommend for Magento? Answer: Most important is a two-factor authentication plugin, most magento attacks have a starting point on the backend so if that area is fully locked down this simple step will go a long way to keep the website secure. On sites with big stagg it may be also useful to get admin actions log plugin. A good external firewall should have all that s necessary. Question #2: If we check our Magento version, it says security patch 8788 does not exist. How can we check if our website is secure? Answer: Best way is to rely on magereport.com as they will analyze your site for any missing patch or vulnerable areas that the attackers exploit. Question #3: Where are the most common places to find malware in Magento? Answer: As most magento sites are used to steal private information from your clients a quick look at the footer, header, and miscellaneous HTML area through the backend areas such as blocks and design configuration should that alone be a big step on finding the malware. It can also be spread through javascript files that belong to magento s Core as well as some of the files that handle the checkout process directly. Question #4: If I cannot patch my Magento website in time, how does the firewall help? Answer: The firewall has virtual-patching that automatically protects your site against all the vulnerabilities that a patch would fix, so even if you don t apply the patches your site will already be protected. Here s an overview as well as more info: https://blog.sucuri.net/2017/02/website-application-firewalls-waf-practical-approach-to-websitesecurity.html https://blog.sucuri.net/2017/02/ask-sucuri-common-waf-questions-and-concerns.html https://sucuri.net/website-firewall/ 2

Question #5: Is changing the checkout name a reasonable prophylactic measure? If attackers are looking for checkout or firecheckout, would naming the page something else like /makeyourpurchase/ make it so the malware might not work? Answer: It may work, but only to a very limited degree. It s just very easy for the attackers to find out what you changed it to so the attackers can just adjust the malware. Question #6: Does PCI offer any guidance for incidents? Answer: There s several good information that can be obtained from pcisecuritystandards.org, such as https://www.pcisecuritystandards.org/documents/pci_ssc_pfi_guidance.pdf Sucuri also has a few great articles worth checking out on PCI subject: https://blog.sucuri.net/2015/03/intro-to-e-commerce-and-pci-compliance-part-i.html https://blog.sucuri.net/2016/07/pci-for-smb-requirement-2-do-not-use-defaults.html https://sucuri.net/guides/how-to-clean-hacked-magento Question #7: How often is Magento targeted by hackers? Is there a report about it? Answer: Magento is not a big target when compared with Wordpress for example but that may be mainly due to the fact that wordpress holds a larger percentage of websites using that CMS. Although Magento is a much more attractive target for attacks due to the fact that large volumes of valuable data make it through Magento websites everyday. Hacked Website Trend Report 2016-Q3: https://sucuri.net/website-security/hacked-reports/sucuri-hacked-website-report-2016q3.pdf 3

Question #8: Some problems come from badly coded themes or extensions. Can you give some suggestions on checking for code that would allow vulnerabilities? Answer: Unfortunately this matter can be very subjective, some kinds of codes can be easily recognized as vulnerable even by a developer, but in most cases you need an actual vulnerability analysis on the code which is very expensive and not worth it. It s usually better to go straight to having a firewall that protects from any vulnerabilities that may be present. Question #9: How can Sucuri WAF help to prevent malware? Answer: See point 4. Question #10: Cesar, Willem de Groot recently wrote about a relatively new type of self-healing malware out in the wild that appears to be infecting the cms functionality of the database (skirting around the core_config_data table stuff that used to be more common) using triggers to re-install itself even if you manage to remove the infected javascript code...are you guys seeing this as well? Answer: We haven t seen any case of this actually, this may be because it can be considered the same as a backdoor but it s much more complex for the attackers to implement it on the website and the results are not reliable for the attacker. Question #11: If I use the Sucuri firewall does that affect an interface I have with another service that whitelists IPs? Answer: It shouldn t, you just have to ensure that you whitelist the firewall s IP so that the firewall doesn t get blocked. Question #12: Isn t it quite easy for a hacker to fake the file timestamp? Answer: Yes it is, that s why the timestamp alone is not enough for a proper investigation, timestamp does help in some cases as the attackers sometimes fix the timestamp on the file to be the same on the other files but the one on the folder above shows the modification. 4

Question #13: Hi, maybe a stupid question, but how come the Sucuri scan recognizes my Magento website as a WordPress website? Answer: Oh really? Maybe you have some WordPress files there, feel free to reach out to us so we can check. Question #14: Is there something similar for WordPress? For site protection/server protection? Answer: Best here is the firewall as well, see point 4 for further info. Question #15: What s the best way to find when the attack happened? Answer: Most effective way is data correlation between behaviour that is happening, the reports received, blacklists and information that comes from the logs. Although checking the logs can require some technical knowledge. Question #16: Most local, state and federal jurisdictions (as well as credit card processing gateway providers) have very strict regulations about how hardware & software systems and supporting network infrastructure are preserved for the criminal and civil investigations that are required by law and your contracts with merchant gateway and clearing providers. Do you have any recommendations on how to specifically use the tools or processes you discussed here so that you don t accidentally wind up committing a felony by destroying evidence by cleaning up a site? Answer: Usually the authorities will only require the files of the site, databases and all the logs from the server, but in some cases usually very severe ones they may require that absolutely nothing is touched, in such cases if you want to cooperate but still want the site online its best if you check with your services provider about making a complete cloning of your server onto another one, so you can bring the other one back online and lock down the first one. Alternatively you can also just point your domain to a different server and restore some backup you may have of your website there to get it working or just put a maintenance page there, this will keep all evidences intact while prevent the attacker from going back into it and tampering with the evidences. For further info on this just check EVIDENCE PRESERVATION on https://www.pcisecuritystandards. org/documents/pci_ssc_pfi_guidance.pdf 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback