Backdoor Protection

Incapsula Backdoor Protection, detects and blocks any attempt by hackers to install or operate a backdoor on your site. It also notifies you of the location of the backdoor so you can instantly remove it.

Backdoor Protection: Detects and Quarntines Malware Shells

See How Incapsula's Backdoor Protection works:

1 - Detects

Detects backdoors by eavesdropping on the website traffic and identifying when a backdoor is being operated.

2 - Quarantines

Quarantines the backdoor by denying access to it, rendering it useless.

3 - Notifies

Notifies the website administrator and pin-points the backdoor for removal.

Backdoor Protection Walkthrough

Backdoor Protection Advantages

Reactive and Instant Remediation

Incapsula Backdoor Protection will detect and neutralize backdoors even if you activate Incapsula after the backdoor was uploaded.

Adaptive Security

Backdoor signatures and heuristics are constantly updated within Incapsula’s security engine.

Non Intrusive

Can be activated without installing any hardware of software or making changes to the website.

About Website Backdoors

One of the first things a hacker does after breaking in to a website is install a backdoor. A backdoor allows the hacker to remotely operating the site or server for future exploitation.

BackDoor key advantage for hackers

Easy command and control of the server even after the original exploit that enabled activating the backdoor was patched.

Common usages of backdoors

Maintain site/server access for the purposes of distribution of malware & spam, credit card or other sensitive data theft, perpetrating DDoS attacks.

Backdoor Shell, Malware Control Panel

The Challenge of Detecting Website Backdoors

Currently, the most common method of backdoor shell detection involves server-wide scans to to find modified files or files that “should not be there”.

Searching for illegal files, however, is like looking for a needle in a haystack. This is because backdoor shells are usually heavily encrypted and can be installed anywhere and under any alias.

The complexity of such scans is compounded by the fact that most websites are built on external frameworks and include 3rd party extensions. Thus, traditional scanning solutions are only effective against the most naive attack attempts.