A Web site backdoor is a malicious function that enables hackers to remotely operate the site or server for future exploitation, even after the exploit that enabled access has been patched. Backdoors are used to maintain Web site and server access to distribute malware and spam, perpetuate distributed denial of service (DDoS) attacks or to assist in the theft of valuable data such as credit card numbers. Recently, Incapsula reported on the use of a malicious backdoor in ongoing DDoS attacks against United States banks.
"Searching for a website backdoor is like looking for a needle in a haystack," said Marc Gaffan, co-founder and vice president of marketing and business development, Incapsula. "Backdoors can be installed anywhere on the server under any name or alias and are therefore undetectable by external scanners. Searching every directory in an effort to find a file that should not be there is virtually impossible, but Incapsula can now neutralize the impact of a compromise."
Incapsula Backdoor Protect is the first non intrusive service that, by mentoring website traffic, is able to detect and disable backdoors that are already installed on a website. The backdoor identification is performed by profiling the website's traffic and comparing it against an extensive database of backdoors, enabling the detection overcome file obfuscation and signature mutation. This capability is a new addition to Incapsula's cloud-based Web Application Firewall (WAF) that is activated through a simple DNS change and does not require installation of hardware, software or making any changes to the website.
Incapsula Backdoor Protect:
•Detects – Backdoor Protect monitors all website traffic and uses behavior heuristics to identify backdoor operations.
•Quarantines – Backdoor Protect automatically disables access to the backdoor, rendering it useless.
•Alerts – Backdoor Protect notifies the website administrator and pin-points the backdoor for removal.
For more information about Backdoor Protect, visit: www.incapsula.com/backdoor-protect
Through a simple DNS settings change, your website traffic is seamlessly routed through Incapsula's global network of high-powered servers. Incoming traffic is intelligently profiled in real-time, blocking even the latest web threats. Meanwhile outgoing traffic is accelerated and optimized for faster load times, keeping welcome visitors speeding through.