I've Been Hacked, Now What?


Comments are closed.

Lots of good post-mortem information.

Seemed very WordPress-specific, though the talk synopsis doesn't mention that focus.

Some of the slides were really difficult to read because the text was so small and there was so much information on there. Specifically the resources page, which you went through lots of the points individually. Perhaps split those out to different slides when you're talking about them?

Good talk on how to recover from a wordpress site getting hacked. I think the suggestion to control the site through git or mercurial provides a very good way to determine if the site has been hacked and quickly recover (or more quickly anyway). Beth's comment that the repo should be read-only is good as well but if the user is keeping track of the hash that the code should be on, it should be simple enough to get back to that point and remove any compromised code that may have been injected.

Good explanation of how to dig into the logs to determine path attacker took. There were some good insights regarding how an attacker may take their time to attack once they have a back door in place.