On 6/3/2017 1:38 AM, David B. wrote:
Frequently if a hacker gets access to your website they will install a "backdoor" designed to allow them to hack your site again even after you've cleaned up the site, repaired the vulnerability that allowed them to hack the site, changed passwords, updated CMS/themes/ plugins, installed security plugins, etc. Until it is found and removed a "backdoor" is going to provide the hacker with access to your site.

Typically a backdoor script is going to be called from a browser like any other web page, although on occasion I have seen them run from a chron. The script gives the hacker a web page interface where they can download and upload files, view or modify files, create directories, change file/folder permissions, basically it allows them to manage the site using PHP's ability to read and write files and pass operating system commands through to the operating system.

Backdoors can be difficult to find because they are usually hidden in files that are already part of the site or uploaded as new files with innocent looking names, often in a directory with many files in it. Backdoors can range from a single line of code to lengthy files that provide the hacker the equivalent of a Control Panel on your site.


As a military man of some learning, I am okay with all of the above.
Just stay away from my backdoor and we'll keep it civil.