Just because you’re paranoid doesn’t mean script kiddies aren’t hacking your site to send spam for a Romanian Viagra merchant.
The Linux/Apache/MySQL/PHP stack has become the platform of choice for many web developers. There are many LAMP frameworks and content management systems available – WordPress, Drupal, Expression Engine, Cake PHP, Joomla, Typo3, Ingeniux, Symfony, and CodeIgniter just to name a few – that deploy on a LAMP server in minutes.
While such software is essential, the ease of deployment and use of these tools can come at a cost on the security front. Like it or not, we all have to keep a step ahead of the bad guys.
To this end, we will cover various aspects of securing LAMP websites. While we will be using WordPress as a whipping boy, the topics covered apply to most any software running on Apache/PHP. Topics may include:
- common exploit techniques
- Apache/PHP server configuration (yes – including htaccess files)
- filesystem permissions
- application-level tips
- intrusion detection
- what to do when your site has been compromised
- why your client’s low-traffic site with no interesting data is still a valuable target for hackers
We will also show off some of the (admittedly cool) techniques and tools of the modern hacker.
Please join. Until then, keep your passwords obscure and keep an eye on your log files.
About the speaker
Todd Jacobsen transplanted himself in New Mexico 12 years ago, and does not miss the Midwestern winters. He is an open-source software advocate who believes that technology can make your life better. When Todd is not staring at a computer screen he enjoys rock climbing, falling off slack lines, riding motorcycles, and acrobatic yoga (yes, it’s a thing).
Todd was as a closet geek in middle school, when he spent his free time saving BASIC programs to audio cassette drives and dialing up a 9600 baud modem to connect to the local BBS. He has since studied some CS at the University of Wisconsin and the University of New Mexico.
When the Internet came about Todd did some work for an ill-fated startup, followed by a lot of tech support for some big ISP’s. He then spent a few years as the system administrator for a local ISP where he managed a bunch of Linux & FreeBSD servers, Cisco routers, and feisty techs.
Todd now works as a freelance *nix geek who spends his time coding web applications, tweaking servers, and unhacking web sites.