Cyber Security Awareness Session for Executives and Non-IT professionals Slideshow

Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at – What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.

Identify IPs from Apache logs during DDoS attack

DDoS attacks can be frustrating. More challenging is to find out the IPs from the lengthy apache logs who are putting load on your server.

Below is a command that can help you to identify the IPs and their request counts present in your log file.

grep ‘DD\/MMM’ access_log | awk -F’ ‘ ‘{ print $1 }’| sort | uniq -c | sort -r

Replace DD and MMM with the date you want to look up. Replace the “access_log” with your Apache access log path.

Shell Script to Backup your website

Often times, you need an automated script to take backup of your web application and database hosted on your Linux server. Instead of executing many commands, combine those commands into one shell script file. In this blog, we have given a shell script that will be useful to you.

This is a shell script. You have to save this as backup.sh and run this on your server.

#!/bin/bash

# options
backup_path="/var/www/BACKUP_FOLDER_PATH"
date=$(date +"%Y-%m-%d_%H-%M")

#DB Credentials
user="ROOT_OR EQUIVALENT_USER_NAME"
password="PASSWORD_GOES_HERE"
host="MYSQL_HOST_NAME"
db_name="MY_WEBSITE_DATABASE_NAME" 

# Set default file permissions
cd $backup_path
mkdir $date $date/code_dump $date/db_dump

#Take website code backup
tar cvzf $backup_path/$date/code_dump/MY_WEBSITE_CONTENT.tar.gz /var/www/MY_WEBSITE_PATH/

# DB backup
mysqldump --user=$user --password=$password --host=$host $db_name >$backup_path/$date/db_dump/$db_name.sql

#combine .sql and website content into one tar ball
tar cvzf $date.tar.gz $date

# clean up folder
rm -rf $date

What will this script do?

This script will make a temporary folder with the name of date and time in your specified backup path. It will zip the website content using tar command. Then it will take backup of database and save it with .sql file extension. After this, the script will again zip the folder created above, containing code and database. After zipping, it will delete the temporary folder created.

After execution of this script, your website will be backed up and available as a .tar.gz file

What next?

You can either download the zip file from a file transfer software.

Note

  • This script is designed for PHP/Python applications having MySQL running on a Linux server.
  • For other types, refer other online source.

How can a wordpress website get hacked?

Are you having a WordPress website and ever wondered how the site may get hacked? Worst part – your website is already hacked and you some how fixed it from the backups you have and you want to know the prevention techniques. Before understanding the prevention measures, you must understand how the hacking is done in the first place.

Here is a short video of how the vulnerability will get exploited.

As you can see in the video, the wpscan tool first retrieves important information about the WordPress installation such as version, the plugins and themes used, as well as other information like Apache version and others. Once the hacker gets the information and enumerates the users present in the WordPress installation, the next step is to brute force the system against the common and less strong passwords. With the master password in hand it will be very easy for the hacker to login, edit or delete the content, and also deface the website. If the server is also vulnerable then there is a chance to get the commands executed at the operating system level to wipe out the files.

To summarise, these are the main reasons the wordpress website hack might affect you

  • You are running an outdated version of the WordPress
  • The plugins and themes that you are using are outdated
  • Your hosting provider or your server is having a vulnerable server configuration, i.e the server hardening is not done
  • Your users are not using strong passwords
  • You do not take the backup of your website

What can you do to stop it?

There are very simple yet powerful activities that you can take care in less time.

  • Update your WordPress version as soon as the new version gets released are the latest stable version available
  • Update dependent plugins and themes when the updates are available
  • Most importantly, take regular backups of your site and the database
  • Install WP security plugin
  • Change the default administrator username from admin to something else
  • Have a strong password policy for your user accounts

The password of the administrator should be strong enough having one or two special characters, combination of upper and lowercase letters along with some numbers.