Backdoor Access

What It Means

This request is an attempt to access specific files that are known to contain backdoor access methods.

Why It Matters

Backdoors are hidden entry points that give attackers persistent access to a compromised server. Attackers scan for commonly named backdoor files (web shells, admin scripts) that may have been left behind by a previous compromise or accidentally deployed. Blocking these requests prevents attackers from accessing any backdoors that might exist.

Common Triggers

Requests targeting file paths commonly associated with web shells, PHP backdoors, or other known malicious scripts. These are typically automated scans that test thousands of known backdoor filenames.

What To Do

These blocks are safe to leave in place. If you see a high volume of backdoor access attempts, it is normal — automated scanners test for these files across every site they encounter. The WAF is handling it.