WebShell Invasion of Network Security

1. What is WebShell?

As the name implies, "web"-obviously requires the server to open web services, and "shell"-gains some degree of operational authority over the server.

Webshell is often referred to as an anonymous user (intruder) who has a certain degree of authority to operate the WEB server through the WEB service port. Because most of it appears in the form of web scripts, it is also called a website backdoor tool.

2. What is the role of WebShell?

On the one hand, webshell is often used by webmasters for website management, server management, etc. According to different FSO permissions, it can be used to edit web scripts online, upload and download files, view databases, and execute arbitrary program commands.

On the other hand, it is used by intruders to achieve the purpose of controlling the website server. These web page scripts are often called WEB.

Script Trojans, currently popular asp or php Trojans, and script Trojans based on .NET.

3. WebShell's concealment

Some malicious webpage scripts can be nested and run in normal webpages, and are not easy to be killed.

WebShell can traverse the server firewall. Since the data exchanged with the controlled server or remote host is transmitted through port 80, it will not be intercepted by the firewall. In addition, using webshell generally does not leave a record in the system log, but only leaves some data submission records in the web log of the website. It is difficult for inexperienced administrators to see the trace of the intrusion.

4. How to prevent malicious backdoors?

To fundamentally solve the security problem of dynamic web scripts, to prevent injection, anti-riot library, anti-COOKIES deception, anti-cross-site attacks, etc., be sure to configure the server FSO permissions.