How to understand where the Backdoor was uploaded to the site from?

V

Vladimir2018-09-06 09:45:59

MODX

Vladimir, 2018-09-06 09:45:59

Hello.
A question.
Quite often, the
Backdoor:PHP/WebShell.A virus gets on my site.
I cut it out, clean the files, and so on.
But it appears again after a couple of months
. Tell me, please, how can I find out where it comes from all the time and how to protect the site?
My site is on modx. Modx has been updated to the latest version.
PHP 7 is worth it.
The rights to folders and files are 644 and 755 respectively.
Could there be a reason in the hosting (valuehost) - tp says that the reason is not in them,
but in the engine development files.
I googled. But Google only gives a description of what a Backdoor is
. And how to protect yourself from them - I did not find it.
Please tell me how can I control this
so that this doesn't happen again?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Roman Terekhin, 2018-09-06
@RomaZveR

Since they reupload stably, it means that they work for a specific vulnerability in the modx / third-party plugin, well, or you have a crooked form on the landing page with upload.
The very first step is to look at the web server logs for the date/time the backdoor file was created.