What you need to know about backdoor website access
Backdoor website access is a security threat you cannot afford to overlook. It is commonly associated with hacking attacks, but, sadly, can also be an “inside job”. The good news is that it is possible to protect yourself against this threat. What’s more, the tools you need are available at a price even SMBs can afford. Here is what you need to know.
A robust website vulnerability scanner can make your life much easier
Regardless of what website vulnerability scanning service you use, it should include an anti-malware scanner and a web applications firewall. These form the core of your website’s defense against hackers. What’s more, if you do get hacked, they can help to speed up the process of getting you back online.
Unfortunately, what they cannot do is protect you from your internal staff planting backdoor website access for themselves. This threat has to be addressed through user management.
You must assume any hacking attack means backdoor website access
Hackers are well aware that if you catch them accessing your website, you will eject them from it - or at least you will try to do so. That’s why they will do everything they can to make sure that they have backdoor website access. In fact, they will usually try to create as many backdoors as possible to maximize the chances that you will miss at least one. This is the main reason why dealing with the aftermath of a hacking attack is often one of the most tedious and frustrating tasks in IT.
If you are hacked, you should always start your cleanup operation by scanning your website with your anti-malware scanner and then backing it up, even if you think you already have everything fully backed up. This ensures that you have something you can fall back on if necessary. Make sure you back up any custom content as you will not just be able to go out and download a replacement, not even at a cost.
With that done, you now have a choice of two options. Option one is to go through your website looking for custom malicious code (which will not be picked up by an anti-malware scanner). Option two is to recreate your website from scratch.
This decision essential hinges on the question of whether it will be more tedious to have to recreate all your customizations (in which case you should at least try to clean up your existing website) or to have to go, very carefully, through your files and database tables trying to find all the malicious code and delete it without breaking anything (in which case you should just recreate your website from scratch).
If you do decide to try to clean up your website, then think long and hard about whether you have the in-house resources to manage the process yourself. You might find it quicker, easier, and ultimately more cost-effective to hire someone else to do this for you.
Always double-check your user access after any hacking attack
Ideally, you should make regular checks on your admin user accounts to make sure that you can positively identify any username you see on the list. If you can’t then delete first and ask questions afterward. You can always recreate the account if it turns out to be legitimate.
You absolutely must check administrator accounts after a hacking attack since creating an administrator account is possibly the easiest possible way to secure backdoor website access. It should, however, also be the easiest backdoor to spot and remove.
Even if you recognize all the administrator accounts as legitimate, have everyone change their passwords. If administrators are not around to change their passwords, then downgrade their accounts until they are.
Also, see if there are ways you can strengthen your login process. For example, are you still using the default admin panel URL? If so, change it quickly to a custom URL. Are you enforcing strong password policies? Have you enabled two-factor authentication? Are you blocking users after a certain number of failed password attempts? Are you logging them out after a certain period of inactivity?
Remember your servers, local computers, and mobile devices need protection too
If you are running your own servers, then you need to take server-side security very seriously. These days, hackers are increasingly targeting websites as a way to get to the databases behind them. You, therefore, need to work on the assumption that your website’s defenses will be breached and see what extra protection you can give your servers.
You also need to consider the possibility that hackers will try to attack your local computers and mobile devices to get the login details for your website and possibly other vital services.
Please click here now to have your website scanned, for free, by cWatch from Comodo.