Webshell Intelligent Avira

First, the emergency response in the Web backdoor troubleshooting and efficient analysis of Web log skills

first check the web back door in advance , you can start from several aspects.
1.web Backdoor Avira Software
Recommended D-Shield on Windows, recommended P7 Mage's Seayfindshell on Linux

2. Last modified time of file
You can check for script files that have been modified after a certain point in time by command, and then check if the Web backdoor is not.

3. Slowly analyze the log based on approximate time
The most stupid way, not to be forced to use this method, compare time, and not directly. Because the general Websever does not record post, cookies, the light from the URL requires an experienced person to be able to see it.

The second thing is to look for an intrusion vulnerability .
Suppose we find the back door seay.php and action.php and so on, and then look at the back door of the last modification time, if this time is not the intruder later modified, then this time is the invasion time, go directly to the log to find the log in the vicinity of this time line. Even if the change is not OK, directly the Web backdoor file name to the Web log search, you can efficiently locate the intrusion time and IP.

So now we have found the intruder's invasion time and IP, the next trick, how to quickly extract the intruder's behavior log, that is, through the intruder IP to retrieve all the IP log, and then can be very smooth to find the vulnerability.

Webshell Intelligent Avira