Book Image

WordPress 3 Ultimate Security

Book Image

WordPress 3 Ultimate Security

Overview of this book

Most likely – today – some hacker tried to crack your WordPress site, its data and content – maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book. WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some "10 Tips ..." guide. It's ultimate protection – because that's what you need. Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid! The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable. Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.
Table of Contents (23 chapters)
WordPress 3 Ultimate Security
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
Index

Malwares dissected


So, what is a rootkit anyway? Let's categorize malwares and, to be clear, the jargon surrounding these little critters that compromise machines and data. Hold on to your hats.

Blended threats

The biggest threats that we face, both locally and on our remote servers, are from malware cocktails that embody a malevolent mix to produce devastatingly wide-reaching attacks.

For example, take a worm and cross it with a rootkit and you have the famous W32/Blaster. Blaster took advantage of a Windows deficiency to propagate far and wide and had a mission to execute a Denial of Service attack on the Windows Update service from infected hosts, all at the same time. While the worm itself didn't cause lasting damage to the host machines' data, it slowed them down and bunged up their web connections making it harder to download removal instructions and patches.

Choice blends, otherwise, tend to bundle some miscreant into a Trojan which is a bit like coating arsenic with a sugar substitute and pretending it's candy.

Crimeware

An increasingly threatening trend in cybercrime, crimeware comes in many malicious forms which seek to steal confidential data for the purpose of financial exploitation. Mostly, it's directed at financial, military, and government networks.

Data loggers

As with many malwares, there can be useful equivalents to data loggers and we commonly use them, for instance, to record and repeat tedious exercises such as form filling. Data loggers can also be hardware-based.

In terms of malicious use though, data loggers can be wrapped into all manner of malware and planted onto our machines to record our activities, our data, in fact anything and everything that we or our device does.

You've probably heard of keystroke loggers, or keyloggers, that record your typing and send off the text to some remote place where, then, someone's kind enough to siphon off your hard-earned cash? Well, if that's the big daddy of data loggers, he's got an in-bred family from hell, often scamming together, and they none of them smell any too pretty:

  • Keyloggers. We covered these spy tools, used for social profiling and data-mining. Damn annoying just to think about and hot damn dangerous in the practical. Maybe you think you're safe because you copy/paste everything?

  • Clipboard loggers. Well, I warned you. Talk about bad form ...

  • Form grabbers. Capturing form data entry, including hidden passwords.

  • Password loggers. They tap into applications so that, for instance, when you provide that super-secure password and it shows up as a row of asterisks like this, ****************, the logger reports back the actual key.

  • Screen loggers. They take screenshots periodically or, given a mouse click, catch anything from around the cursor to the entire ruddy screen.

  • Link loggers. If you don't want the world to know that your true passions are knitting and crochet, think twice before navigating those knotty links.

  • Sound loggers. Recording your conversations via, say, VOIP.

  • Wireless keyboard sniffers. Working rather like wireless sniffing, the hacker catches the data packets between your keyboard and the PC.

  • Acoustic keyloggers. Assimilating a sound pattern from the manner in which you type, these note the subtle differences between hitting the various keys, reporting back a transcript. Here, at least, it pays to be a poor typist.

At loggerheads with the loggers

There are more, capturing Instant Messaging, Text Messaging, phone numbers, FTP traffic, controlling your webcam and so on and so forth, and with variants residing not only independently but attaching to programs, to keyboard drivers, embedding into operating system kernels, and even sitting beneath the OS as a kind of virtual system. So there's some fun.

That's probably enough of a hint. Keyloggers can be nigh-on impossible to detect and are a mighty good reason, from day one, to keep a clean and lean, local machine.

Hoax virus

Hoax viruses are just that, hoaxes, and generally take the form of chain-mail. They socially engineer a degree of panic whereby, for example, someone is persuaded to delete important system files or visit a rogue site that may plant malware or extract user data.

Rootkits

These give away the keys by providing, for instance, a back door access on a computer to provide a hacker with full local administrative—or root—control, together with all the associated network privileges. That's as dangerous as it sounds. What's more, they're not as easily detected as other malwares and may be confused for rootkits that are good and wanted.

Spyware

Often bundled in crapware to covertly log our computing habits, spywares are highly intrusive and used for anything from market research to monitoring employees.

Some would argue that an alternative form of spyware is the tracking cookie and, more accurately, that another is the LSO or flash cookie which logs browsing habits and is more difficult to remove than a regular cookie. Many major sites inflict these upon us.

Trojan horses

As already touched on, a Trojan masquerades as something useful but, installed, enables some kind of malware.

Viruses

Often bundled into Trojans that are shared by downloads, e-mail, or media storage, viruses are executed manually to infect a file system. The macro virus, meanwhile, is a virus that hides in macros and is executed in programs such as office software.

Worms

Automatically replicating themselves on a computer, worms spread quickly by penetrating networks with security loopholes.

Zero day

In the underworld of black hat hackerdom, the zero day is the crème de la même.

So what is a zero day? And in that question lies an oxymoron, because by their very nature, nobody knows what a zero day is until one is discovered. (I'm being difficult.)

Zero days are newly found vulnerabilities and the clock ticks loudly until a remedial patch is released. If we're lucky, it is a white hat such as the software vendor who discovers the problem, patching it before hackland is able to attack too many victims.

And really, it's these zero days and the clever manipulation of malware that is at the crux of network security, from our humble devices through to the weaving web itself. With an inkling of the above, we can understand the race against time to keep our systems secure.

Note

So there's a tidy malware 101. Now for the ultimate minefield. Fancy an aspirin?