Apache CDorked backdoor detection

Critical Nessus Network Monitor Plugin ID 6800


The remote host is running a backdoor


The remote host seems to be infected with the Apache CDorked backdoor. This backdoor allows a remote user to create a shell and/or pass the server commands via specially crafted HTTP requests. In addition, the backdoor is used to further infect web clients by redirecting them to sites which infect the client with malware.


Manually clean the infected machine by replacing the trojan http binary. See the referenced link for more detection tools.

See Also


Plugin Details

Severity: Critical

ID: 6800

Family: Backdoors

Published: 2013/05/09

Updated: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: Critical