170 likes | 276 Views
Website security. Prepared By, Mahadir Ahmad. Who Are stopbadware & Commtouch.
E N D
Website security Prepared By, Mahadir Ahmad
Who Are stopbadware & Commtouch StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include Google, PayPal, Mozilla, Verizon, and Qualys. StopBadware is based in Cambridge, Mass. For more information, visit https://www.stopbadware.org/ Commtouch(NASDAQ: CTCH) safeguards the world’s leading security companies and service providers with cloudbased Internet security services. Real-time threat intelligence from Commtouch’sGlobalView™ Cloud powers its Web filtering, email security and antivirus solutions, protecting thousands of organizations and hundreds of millions of users worldwide visit http://www.commtouch.com/
Survey done by stopbadware & Commtouch, on owner of 600 Websites whose site had been compromise
Only 9% out of over 600 websites that was compromised using Joomla
Malicious Hackers How are websites compromised? New Flaws Exploits Phishing Social Engineering
Does your Webmaster have knowledge about the CMS being used? 64% said in the survey they don’t even know how their website being compromised, 20% don’t update their website software or plugins.
How was your site used after it was compromised? Only 4% used for defacement (vandalized), Are you sure your current website has not been compromised? It could be used for spamming and other things even hard for a beginner’s Webmaster to notice it.
How to prevent • Keep software and all plug-ins updated. Whether you run popular content management software (e.g., WordPress, Joomla, Blogger) or custom software, make sure that software and all third party plug-ins or extensions are updated. Remove plug-ins or other add-ons that aren’t in use. • Use strong, varied passwords. WordPress login credentials, for example, should be different from FTP credentials. Never store passwords on your local machine. • Regularly scan your PC for malware. • Use appropriate file permissions on your web server. • Research your options and make security a priority when choosing a web hosting provider. If you aren’t confident you can protect your site on your own, consider using an add-on security service from your hosting provider or a third party website security service.
Our security strategies The most popular hack on Joomla until now is defacement
Hiding Joomla from automatic scanner • & novice hacker • Hiding /administrator • Remove all joomla keywords in source code
Joomla Firewall • Protect & block any well known SQL injections • Detect insecure file permissions • Security suggestions
Manually checking for vulnerabilities in Official Joomla Vulnerable Extension Lists • Continually checking for any known vulnerabilities • Update extensions continuously
Two factors Administrator Authentication • /Administrator hiding + Two factors login = No login for unauthorized users + No brute force attacks
Others • Daily backup • Move critical files/folders outside of public access (outside public_html or wwwroot) • Daily monitor for new updates for Joomla core.
Penetration Test Using Open Web Application Security Project