Webshell attack Countermeasures

1. What is webshell?When B/s-based software is deployed on the Internet, security must be concerned. Attackers can conduct attacks in various ways to gain control of the system, among them, webshell is a common attack method. Webshell is an asp, php, and jsp program file implanted on the attacked website. After the attacker intrude into a web system, these asp, php, and jsp Trojan backdoor files are often stored in the web directory of the web server and mixed with normal website files. Then attackers can access the web server through normal web access by embedding asp, php, and jsp program Trojans and webshells, including creating, modifying, deleting, and uploading and downloading files, view the database and execute arbitrary program commands. Webshell attacks are applied to all B/s-based systems, including websites, OA (www.chysoft.net), CRM, and ERP.Ii. Measures for Webshell attacksAfter learning about the basic principles of webshell, the most critical prevention tool is embedded with trojan files such as asp, php, and jsp. Generally, webshell is not recorded in system logs, only some data submission records will be left in the web logs of the website. It is difficult for inexperienced administrators to see the intrusion traces. We can generally deal with security in the following aspects: 1. Web software development security A. The program has the File Upload Vulnerability. Attackers can exploit this vulnerability to upload trojan files. B. Anti-SQL injection, anti-riot library, anti-Cookie spoofing, and anti-XSS attacks. 2. Server Security and web server security A. Server Security Settings and installation of virus and trojan detection software (Note: webshell Trojans cannot be detected by such software ), start the firewall and disable unnecessary ports and services. B. Improve web Server Security Settings C. Perform permission control on the following commands (take windows as an example ): cmd.exe net.exe net1.exe ping.exe netstat.exe ftp.exe tftp.exe telnet.exe 3. Set up the ftp server for ftp file upload security, prevent attackers from using ftp to upload trojan files to the web program directory. 4. Set the permissions for the web program directory and other directories in the file system, write permissions for related directories are only granted to super users, while write permissions for some directories are granted to system users. 5. Do not use a Super User to run web Services for web servers such as apache and tomcat. After installation, run the services as a system user or user with specified permissions, if asp, php, jsp, and other trojan files are embedded in the system and run as a Super User, The webshell obtains the permissions of the Super User to control the entire system and computer.