Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Jag blev hackad

No description
by

Jonas Lejon

on 18 May 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Jag blev hackad

Jag blev hackad
#wpbar Västerås 2014-01-31

Incidenthantering
Hur kunde intrånget ske
Utrensning och återställning
Säkerhetshöjande åtgärder
Hitta bakdörrar
Kolla igenom alla footers
Hitta gemensamma faktorer såsom eval()
Hitta angripares IP-nummer och identifiera anrop i loggfiler
Om Jonas Lejon
Bakgrund
Offline
Hyr mig

OSSEC Larm
OSSEC HIDS Notification.
2013 Jun 16 23:48:29

Received From: hetzner->/var/www/logs/error.log
Rule: 31421 fired (level 5) -> "PHP internal error (missing file or function)."

Portion of the log(s):

2013/06/16 23:48:27 [error] 2252#0: *9980497 FastCGI sent in stderr: "PHP message: PHP Fatal error:
Call to undefined function includ_once()
in /var/www/docs/wp-content/themes/bluray/footer.php on line 1" while reading upstream, client: 5.9.164.69, server: hetzner, request: "GET /wp-content/themes/bluray/images/favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/tmp/php5-fpm.sock:", host: "hetzner"
Processen
Bakörr
Blogg: utvbloggen.se
Twitter: @jonasl
E-post jonas@triop.se
Kontakt
FilesMan
+ IP-nummer
#win fick mail efter ett tag:
Säkerhetshöjande åtgärder
Se till att www-data ej kan skriva till webbkataloger
wp-content/uploads/ kan ej köra PHP-kod
Ta bort themes samt plugins som ej används
Sök igenom med clamav
Håll WP uppdaterat
Plugins som ej stödjs
Byt användarnamn
https
Icke oönskade installationer
Sökordet viagra är populärt
Mycket resurser
Antivirussökning
Analysera loggfiler (OSSEC)
Scanna med sucuri.net
Extern part kontaktar Er
Upptäcka intrång
Bildcredd: Binero
(nej)
Full transcript