What is a Backdoor and Why is the Reason for Your Website Reinfection

If your website has never been infected or you are not worried about its security, this probably sounds far away. However, on the day that your website gets infected, and if you do not do a proper maintenance of security or take preventive measures, it will, you will like to know that if you completely clean the web but there is something called a backdoor, reinfection is assured.

It is demonstrated that in almost 75% of cases of infected webs the intruder leaves a backdoor. This code serves for the attacker to enter your web and come back whenever you want. And is that if you only clean your website and eliminate the infection, you will be infected in a matter of days. The attacker continues to enter through the back door, however much you have changed the lock.

A backdoor is a way to access your WordPress, Joomla or any type of CMS without going through the normal process. Therefore, the intruder continues to have access to your web despite having cleared the infection. And despite constantly updating plugins, themes and CMS.

It is important to know that backdoors are not only used to steal information from you. In many cases they are used to make your website serves as a spammer, for example. That is, the attacker only looks for a web bridge to increase the execution nodes of his attack.

Types of web backdoors and where to look for them

There are different types of backdoors. Some people confuse them with Trojans with which a PC is infected. Although the end is malicious in both cases, the web backdoors are different from the Trojans. Some actions for which backdoors are used are:

  • Run PHP code through a web browser
  • Execute SQL queries
  • Send mail through the server or DNS

Where is it more common to find backdoors on your website?

Although you can find backdoors in any file or web file, there are some statistically most common locations:

  • Plugins, components and inactive themes. It is very typical not to eliminate the things that we stop using. And just those plugins or themes are a covert vulnerability in themselves. It is very important that you remove plugins and themes that you do not use.
  • wp-config.php if you use WordPress you must take care of this file since it is the one that has the data of connection to the database. This is one of the files where more backdoors are found.
  • wp-includes. As it contains php files from WordPress installation it is easy for the backdoor to go unnoticed. The attacker simply leaves a file with an invented name similar to a configuration file.

Delete a backdoor

The most important thing is to analyze your website in depth. Scan all the code on your website and the database if you have any doubt.

If you scan all your website code with WeSecur’s Essential or Premium plan, or with any other tool you will be able to detect backdoors in your website files you will be able to proceed to eliminate the malicious code that is giving illicit access to your site.

What is a Backdoor and Why is the Reason for Your Website Reinfection was last modified: August 6th, 2017 by WeSecur