In this series, we’ve talked a lot about how hackers use web-shells. Today, we’re going to go over how to prevent web-shells from infecting your system.
In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent them.
If an administrator suspects that a web-shell is present on their system (or during a routine check), the following are some things to examine.
Firstly, the server access and error logs must be filtered for common keywords that are being used by web-shells. This includes filenames and/or parameter names. The example below looks for the string ‘file’ in URLs in Apache HTTP Server’s access log
Read full news article on Dzone