Website backdoor refers to a piece of webpage code, and mainly includes asp code and php code. The webpage code may be a separate file or may be a piece of code inserted into a normal file. An attacker may execute a series of dangerous operations on a server through a website backdoor file, including acquiring information in the server or further controlling the server.
In an existing solution for checking and killing the website backdoor on the market, a detection rule is written based on characteristics of a backdoor sample in most cases, to detect a website file, and recognize whether the website file includes malicious code. In a case that it is recognized that the website file includes malicious code, a prompt that the website file is a suspect malicious file is generated. The website file can be cleaned up if the website file is a separate file, and the website file cannot be cleaned up by a machine if the website file is a few sentences of malicious code inserted into a normal website file.
Therefore, the website file cannot be cleaned up readily using a tool for checking and killing backdoor on the market instead of by a user.
A flow of checking and killing backdoor in the existing host guard includes: filtering a file using a black list and a white list; scanning the file in a backdoor scanning engine; uploading a suspect file to the cloud to perform deep scanning; and reporting a scanned suspect backdoor file. The webmaster opens the file and determines whether to clean up the backdoor file.
The webmaster is difficult to determine whether the scanned suspect file is normal due to the lack of professional network security knowledge, therefore, the webmaster is unable to determine whether to delete the backdoor file or not. If the backdoor file is not deleted in time, the backdoor file is always a threat. A scanner on the market is used to match according to a simple rule, therefore, it is easy to generate false positive, that is, a normal file is determined as a suspect backdoor file, which increases processing difficulty of the webmaster.