{"id":2705,"date":"2016-05-24T12:55:59","date_gmt":"2016-05-24T18:55:59","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2705"},"modified":"2016-05-24T12:55:59","modified_gmt":"2016-05-24T18:55:59","slug":"your-website-probably-wasnt-hacked-through-a-backdoor","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2016\/05\/24\/your-website-probably-wasnt-hacked-through-a-backdoor\/","title":{"rendered":"Your Website Probably Wasn&#8217;t Hacked Through A Backdoor"},"content":{"rendered":"<p>When it comes to\u00a0dealing with hacked websites our experience is that information coming from web hosts often isn&#8217;t great.\u00a0When you consider how terrible many security companies dealing with websites are, it isn&#8217;t very surprising that companies that don&#8217;t claim that expertise would be bad as well.<\/p>\n<p>Last week over on the blog for our Plugin Vulnerabilities service we <a href=\"https:\/\/www.pluginvulnerabilities.com\/2016\/05\/20\/how-to-respond-if-your-web-host-says-your-website-was-hacked-through-a-wordpress-plugin\/\">discussed<\/a> one issue that comes up from time to time, which is web hosts claiming that the source of a hack is whatever software that happens to be located where a hacker placed a malicious file. Often times the hacker just randomly place their malicious files, making the location of the file a weak piece of evidence as to the source of the hack in most cases.<\/p>\n<p>Another recent example of this involved someone who contacted about a website that was hacked, cleaned, and then was getting re-infected everyday. In that situation our first question is always if\u00a0the person that cleaned up the website determine how it was hacked. Seeing as someone doing a cleanup should attempt to determine how a website was hacked, that will tell you if the person doing the cleanup was doing things properly (the response almost always indicates they haven&#8217;t). It also important since the re-hacking could indicate that the security vulnerability that allowed the website has not been fixed and knowing what was believed was the cause would provide a better understanding of the situation.<\/p>\n<p>In this case\u00a0they said that there web host had been hacked through a backdoor (apparently the person that did the cleanup did not determine how the website was hacked). For those not familiar a backdoor would be code that allows a hacker remote access to the website internals. In most cases a backdoor could not be source of a hack since the backdoor would have to have gotten on the website. Usually the hacker will exploit a vulnerability to allow them to place a backdoor on a website and then use the backdoor to perform further actions on the website, so the backdoor isn&#8217;t the source of the hacking, only a result of it.<\/p>\n<p>The main exception to this is that occasionally a malicious individual will be able to plant a backdoor into non-malicious code, say sneaking it in to an otherwise legitimate WordPress plugin in the Plugin Directory. That is by no means a common occurrence though.<\/p>\n<p>If your web host or someone else is telling you your website was hacked through a backdoor, you should ask them how it got there to understand if they are correct about the source of if they failed to understand the actual source.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When it comes to\u00a0dealing with hacked websites our experience is that information coming from web hosts often isn&#8217;t great.\u00a0When you consider how terrible many security companies dealing with websites are, it isn&#8217;t very surprising that companies that don&#8217;t claim that expertise would be bad as well. Last week over on the blog for our Plugin &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2016\/05\/24\/your-website-probably-wasnt-hacked-through-a-backdoor\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Your Website Probably Wasn&#8217;t Hacked Through A Backdoor&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-2705","post","type-post","status-publish","format-standard","hentry","category-website-hacked"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2705"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2705\/revisions"}],"predecessor-version":[{"id":2707,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2705\/revisions\/2707"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}