After a website is intruded into, there will certainly be some backdoors which are very harmful to website security. The following describes how to check webshells.
1. view the last modification date of the website
Check which file's modification date is "inharmonious"
For example, if the modification date is 26, it is not harmonious.
Open this incompatible folder
This 4ngel. php file is an incompatible file. Delete it.
There are also some images for inclusion. It is best to enable these images for inspection.
2. Check program integrity
Now some programs, such as Discuz and Dedecms, have the option of checking file integrity. Check it.
3. view the added Administrator
In the background of the program, you can check which users are added as administrators. If you are not harmonious, delete them.
4. Change the password ..
5. logs are the key. Some people upload backdoors and need to access them. This allows logs to be recorded. Analysis logs: IIS log analysis apache Log Analysis
5. the ultimate method is to manually open each file for manual analysis. When you see eval ($ _ execute (request $ _ POST [xxx] ($ _ POST [xxx]) this line is deleted, but not necessarily post, or request get, similar to the solution after xx TV station is intruded. (This method is too large)
6. If you are not at ease, back up the database and attachment directory of the website, and reinstall the website program.
This article is from the network security technology blog
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
