How We Stopped a Persistent Website Hack: A 4-Year Vulnerability Finally Fixed

Imagine a hidden website vulnerability haunting a product for over four years. Despite multiple fixes, the site kept getting hacked – again and again. When our team took over support, we decided not to just patch the symptoms but to dig deeper. What we found was shocking – and it completely changed how we approached the problem.

The Hidden Problem

The site had been under constant attack, with malicious files like PHP shells, SQL injections, botnets, and proxies repeatedly appearing.
After a full audit of the codebase and infrastructure, we discovered the root cause: a hidden backdoor file buried deep within the site’s core. Even worse, it was part of the main GitHub repository. Every time the server was cleaned, the backdoor reappeared after each new code deployment.

How We Solved It

We moved quickly to stop the attacks:

• Closed unauthorized access and removed the backdoor entirely
• Implemented robust security checks in the CI/CD pipeline, scanning all code for vulnerabilities before it reached production
• Conducted a full security review to ensure no other hidden threats remained

With these changes in place, the endless cycle of hacks finally stopped, and the website’s security was fully restored.

Key Takeaways for Product Security

• Security vulnerabilities can hide in the most unexpected places, even in trusted repositories
• Proactive measures – like CI/CD vulnerability checks – are crucial for preventing future breaches
• Regular, in-depth security audits are not optional if you want long-term protection

If you’re running a product that handles sensitive data, a fresh set of expert eyes can make all the difference.

Want to protect your product from hidden vulnerabilities? Let’s talk.