Identify harmful Web Shell with PHP Shell Detector

webshell php

A web shell is a script, commonly written in PHP, which can provide access as the root user to a web server compressed. Trojan also renamed PHP can be very harmful if used correctly by an attacker, it is therefore important to periodically analyze the platform's web in search of intruders.
 
Through a Web Shell you can perform various functions including:
 
[adsense:block:adcontenuto]
 
  • Enumerating Server (OS version, PHP, Apache, MySql and free space);
  • Viewing files on the server;
  • Run remote commands;
  • Upload and Download files;
  • Sending eMail;
  • Dump Database;
  • Running SQL Query;
  • DoS attacks.
 
In this article we will analyze the scanner free and open source "PHP Shell Detector" able to search our web threats, once identified will be back in a simple report in Italian.
 
The analysis of the file is based on an internal database in constantly growing and able to analyze the signature of a vulnerability or to identify any suspicious code that will bring us back.
 
In the log file we can see how many files have been analyzed, identified threats or any suspicious files, in which case you can send the suspect file to websecure.co.il Team who will free them to analyze and bring us the results.
 
PHP Shell Detector is available on GitHub once I download the file and proceed to the extraction we analyze the content. Proceed initially to configure the scanner using the file "shelldetect.ini" we will open the text editor you prefer more, we will find within it a number of parameters, in particular, we're going to edit the following:
 
  • Extension: to indicate the extension of the file to be analyzed (eg extension [] = php);
  • Showlinenumbers: To see which line in the file is the threat;
  • Language: to specify the language of the report (eg, language = "Italian");
  • Directory to specify which directory to analyze, if not specified will be analyzed the entire root;
  • Report_Format: to indicate which file to save the report (eg report_format = "report.htm");
  • Authentication: an authentication request to start scanning.
[adsense:block:adcontenuto]
 
For example, our shelldetect.ini file will contain the following parameters:
 
extension[]=php
extension[]=txt
showlinenumbers=true
langauge="italian"
directory=""
report_format="report.htm"
authentication=false
 
When the configuration is to proceed to upload the interior file in our website, in the root folder through FTP or whatever you prefer. Now we access the file shelldetect.php through the Web browser you prefer, by typing:
 
 
It will automatically scan our website, we can immediately appreciate the number of shell known in the database, the number of files that will be analyzed and then we will see step by step the progress of the scan. PHP Shell Detector us back the items suspected or discovered vulnerabilities.
 
php shell detection
 
In the example we learn that the scanner knows shell 431, has identified 8 rows to be analyzed, one of which turns out to be suspicious (secure-wordpress.php) while the second (file.php) has a positive sign and is therefore a Web Shell type r57.
 
php shell min
 
If a suspicious file is detected we can send it to the team websecure.co.il which shall carry out an audit to determine whether it is an unfounded suspicion or a real threat not only to the file, you can specify an address in which we receive the eMail ' outcome of the analysis.
 
 
If you want updates on IDENTIFY WITH HARMFUL PHP WEB SHELL SHELL DETECTOR enter your e-mail in the box below:

 

Development: 

Similar Content

Create applications with Ember.js

ember.js

If at the beginning of his career JavaScript had a role almost decorative, merely add interactivity to Web pages, over the years its role has grown allowing you to create Web pages more sophisticated. Today, the role of this language on the Web, and not only took on such importance that enable achievement of real applications, which require skills so typical of those who develop software in a professional manner.
Development: 

How to spy a mobile phone

how to spy a mobile phone

Have you ever thought to spy your friend’s mobile phone or reading all messages on your girlfriend’s mobile and listen all her calls too.  Maybe you haven’t done it yet because you haven’t found a simply and cheaper way. So reading this guide you can finally try to do it.

There are a lot of free or very cheaper solutions even if you should use them only to make some joke and not to violate the privacy of other people. In this way, in fact, you will commit a serious crime!

Mobile: 

Facebook, 1 hour blackout in Europe

Last night, many users have reported on Twitter that Facebook was not accessible. A few minutes later Anonymous posted a message in which the group of hacktivists claimed the attack on the servers of the social network. A spokesman for Menlo Park has denied everything, saying that it was a simple technical problem.

News Magazine: 

Anonymous, this time hitting the State Police

The hacktivist group most famous against the most sensitive Italian goal. The hole suffered by the server of the State Police at the hands of Anonymous last night marks a quantum leap in the company's shares, which - perhaps because they have abandoned WikiLeaks - seem to be devoting more and more data leaks and dedicate to public shares.
News Magazine: 

On Google+ comes the zoom on photos

zoom google+Short, but interesting. It is the latest news on Google+, shared on the social network by Dave Cohen, Google.
 
It is zooming, used by the user when viewing photos. Everything is connected, quite simply, to the mouse wheel: moving it forward or backward, it becomes possible to zoom in or out details and particulars.
News Magazine: