WebsiteDefender backdoor script

Home Forums Support Forum WebsiteDefender backdoor script

Tagged: 

This topic contains 2 replies, has 2 voices, and was last updated by  Eli Scheetz 11 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • February 21, 2013 at 7:51 am #643

    STL Coach
    Member

    I’m trying various anti malware programs to see which one fits my needs and one of them is called websitedefender.  They ask you to put a php verification and agent file in the root directory.  Don’t know much about it but they say it is a secure file although your program detects it as a backdoor script.

    this is in the header of the file:

    /*WebsiteDefender Agent and verification file. If this file is deleted, WebsiteDefender will no longer work!*/

    just wondering if your program can ignore this file, although it has a randomly generated file name so it might not be possible to whitelist this file for all installations.

    Just wanted to bring this to your attention as it might break functionality with the websitedefender plugin if users have both plugins,

     

    February 21, 2013 at 9:07 am #644

    Eli Scheetz
    Member

    Thanks for bringing this to my attention. I can white-list this file based on it’s contents even if it has varying file names but I’ll need to see the whole file first. I’m not going to white-list anything until I have thoroughly checked it out.

    Could you email this file to me: eli at gotmls dot net

    February 22, 2013 at 8:15 am #645

    Eli Scheetz
    Member
    Thanks for sending me the file. I’ve been looking at that code you sent me and it is definitely a back-door (that does not mean that it is bad), back-doors can be very useful and it’s pretty obvious that they intend to use it to help you. My worry is that their code could be vulnerable to exploitation. I can tell you that they have made many good attempts to secure and limit the use of this file to them alone. So, if you trust them, then it is probably fine to continue using this service. However “probably” is not good enough for me to white-list this back-door (I feel I have labeled it correctly and people should know what they have on their server).
    The potential for this code to be exploited is not erased in my mind. I will be testing this file even more thoroughly against specific attacks and may yet decide to while-list or at least downgrade it in the future if I find it to be completely safe.

    Thanks again for your help in this matter and please let me know if there is anything else I can do.
  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Comments are closed.