Hackers use recycled backdoor to keep a hold on hacked e-commerce server
Found on Ars Technica on Wednesday, 22 July 2020
To guard against the possibility of being locked out of the server should the rightful operators ever discover the breach, the attackers left behind a simple but effective script.
The effectiveness of the backdoor is its ease of use. The admin password and everything else the attacker needs is coded into the script. All that’s needed, in the event the hacker is ejected, is to send a Get request to the location of the script file. With that, the attacker has a new admin account that uses the username, password, and email address of their choice.
If you have anything online that has at least a minimal level of importance, you should have a devel/staging system from where you push updates to the prod system. That way, when your prod system gets hacked, you wipe it clean and push the latest stage out and no backdoor will be left behind.