Presentations‎ > ‎

Post Me, Post Me Not! Dissecting Attacks On Your Website


Elda Tan Seng and Francis Allan Tan Seng


Creating your own website has never been easier. The concept of creating your own space on the Internet has existed for as long as the Internet itself. In fact, PHP initially stood for “Personal Home Page” – a set of tools that Rasmus Lerdorf developed in 1994 to maintain his personal site. Nowadays, even the average Internet user can make and customize a website with platforms, toolkits, and services specially developed to create blogs and manage content. Some of the most popular platforms are Wordpress, Joomla, Drupal, and Mambo.
In 2011, Wordpress powered one in five new websites created in the USA. Joomla, on the other hand, has been downloaded 27 million times and counting. Because of the popularity of these platforms, it is not surprising that they have started to be targeted for malware attacks. Recently, we’ve seen a rise in legitimate Wordpress and Joomla sites that have been compromised and manipulated to play a part in the spreading of malicious software. These sites often redirected to other malicious sites, or hosted the malicious files themselves, such as the Blackhole toolkit.
This presentation investigates how the malware is delivered through legitimate websites that use the PHP-based open source content management systems (CMS) Wordpress and Joomla. We will talk about the different attacks on these platforms. We will also discuss different vulnerabilities in popular plugins used for these services, such as TimThumb and 1 Flash Gallery. We will look into how these vulnerabilities were exploited and the different payloads used. Lastly, this presentation will tackle how to harden security on websites using these services.