Detection and Prevention: An Introduction to Web-Shells, Part 5

12 June 2017

In this series, we’ve talked a lot about how hackers use web-shells. Today, we’re going to go over how to prevent web-shells from infecting your system.

In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent them.

Detection

If an administrator suspects that a web-shell is present on their system (or during a routine check), the following are some things to examine.

Firstly, the server access and error logs must be filtered for common keywords that are being used by web-shells. This includes filenames and/or parameter names. The example below looks for the string ‘file’ in URLs in Apache HTTP Server’s access log

Read full news article on Dzone

Date:

12 June 2017

Categorie(s):

NEWS

Tag(s):

Detection, Introduction, PHP, Prevention, Programming, Programming Languages, Web Development

5 free red teaming resources to get you started16 April 2024
Audio deepfakes: What they are, and the risks they present16 April 2024
31% of women in tech consider switching roles over the next year16 April 2024
IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data16 April 2024
CISA in a flap as Chirp smart door locks can be trivially unlocked remotely15 April 2024