Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Incapsula Adds Web Server Backdoor Protection To Cloud-Security Service

Incapsula, a cloud-based website security and performance service, on Wednesday announced a new tool designed to detect and disable malicious backdoors on compromised Web servers.

Incapsula, a cloud-based website security and performance service, on Wednesday announced a new tool designed to detect and disable malicious backdoors on compromised Web servers.

Dubbed “Incapsula Backdoor Protect”, the company describes the solution as a nonintrusive service that can detect and mitigate backdoors that have worked their way onto a web server.

“A Web site backdoor is a malicious function that enables hackers to remotely operate the site or server for future exploitation, even after the exploit that enabled access has been patched,” Incapsula explained in a statement. “Backdoors are used to maintain Web site and server access to distribute malware and spam, perpetuate distributed denial of service (DDoS) attacks or to assist in the theft of valuable data such as credit card numbers.”

In January, the web security firm identified a malicious backdoor that they believe was used in distributed denial of service (DDoS) attacks against US-financial institutions last year. 

Incapsula Backdoor Protect works by profiling a website’s traffic and comparing it against a database of known backdoors, enabling the detection overcome file obfuscation and signature mutation, the company said.

“Searching for a website backdoor is like looking for a needle in a haystack,” said Marc Gaffan, co-founder and vice president of marketing and business development, Incapsula. “Backdoors can be installed anywhere on the server under any name or alias and are therefore undetectable by external scanners. Searching every directory in an effort to find a file that should not be there is virtually impossible, but Incapsula can now neutralize the impact of a compromise.”

Incapsula Backdoor Protect:

Detects – Backdoor Protect monitors all website traffic and uses behavior heuristics to identify backdoor operations.

Quarantines – Backdoor Protect automatically disables access to the backdoor, rendering it useless.

Alerts – Backdoor Protect notifies the website administrator and pinpoints the backdoor for removal.

The new backdoor detection capability part of Incapsula’s cloud-based Web Application Firewall (WAF), a service activated through a DNS change and routing traffic through Incapsula’s global network of servers. Using the service does not require installation of any software or deployment of hardware.

More information on Incapsula’s Backdoor Protect is available here.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.