Linux Security Forum
 
  

Go Back   Linux Security Forum > Security Forums > Web Site Security
Reload this Page How do I tell if my website has a back door loaded to it?
Register Blogs FAQ Members List Calendar Search Today's Posts Mark Forums Read

Notices
Welcome to the Linux Security Forum.

This forum is dedicated to the discussion of Linux security, security software, website security, and network security. Feel free to ask questions about Linux related security issues. You will also find articles on Linux security topics, and notifications of new exploits for common Linux packages. Be sure to register for the forum, and you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join the Linux Security Forum community today!

If you have any problems with the registration process or your account login, please contact contact us.

Web Site Security This forum is for specific web site security issues. Issues with 3rd party scripts, web site comprimises, etc.

Reply
 
Thread Tools
  #1  
Old 07-03-2008
rt5000 rt5000 is offline
Newbie
  
Join Date: Jul 2008
Posts: 5
Rep Power: 0
rt5000 is on a distinguished road
Default How do I tell if my website has a back door loaded to it?
How do I tell if my website has a back door loaded to it?
Reply With Quote
  #2  
Old 07-03-2008
drendeah drendeah is offline
Super Moderator
  
Join Date: Jul 2008
Posts: 295
Blog Entries: 1
Rep Power: 101
drendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond repute
Default Re: How do I tell if my website has a back door loaded to it?
The best way is to do a visual scan of all the filenames, usually you will see a name that doesn't fit. A couple common ones are r57.php and c99.php

If you are running a piece of 3rd party software you may want to download a fresh copy and then compare the files names.

If you want to see if any of your files are setup to execute shell commands you can run:
grep -R shell *
Reply With Quote
  #3  
Old 11-27-2008
awpoopy awpoopy is offline
Newbie
  
Join Date: Nov 2008
Posts: 4
Rep Power: 0
awpoopy is on a distinguished road
Default Re: How do I tell if my website has a back door loaded to it?
Look for .txt and .pl files
Also do a search for .js links that don't belong inside your html and php source code. Right now one of the trends is to xss or sql inject a js link.
An example would look something like this:
"<script src=http://somewhereinchina.cn/5.js></script>"
The number toward the end may be random

Make a backup of your website directory every once in awhile and run a diff on the last backup. That will show the differences in all the files. You should (hopefully) only see the change you or you webmaster has made.
__________________
Apache, PHP, Postfix and Ubuntu HowTo and Information
http://www.cruzit.com
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
back, backdoor, door

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Photobucket
All times are GMT -5. The time now is 08:11 AM.

Contact Us - Linux Security Forum - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Advertisement System V2.3 By   Branden