Identify harmful Web Shell with PHP Shell Detector

webshell php

A web shell is a script, commonly written in PHP, which can provide access as the root user to a web server compressed. Trojan also renamed PHP can be very harmful if used correctly by an attacker, it is therefore important to periodically analyze the platform's web in search of intruders.
 
Through a Web Shell you can perform various functions including:
 
[adsense:block:adcontenuto]
 
  • Enumerating Server (OS version, PHP, Apache, MySql and free space);
  • Viewing files on the server;
  • Run remote commands;
  • Upload and Download files;
  • Sending eMail;
  • Dump Database;
  • Running SQL Query;
  • DoS attacks.
 
In this article we will analyze the scanner free and open source "PHP Shell Detector" able to search our web threats, once identified will be back in a simple report in Italian.
 
The analysis of the file is based on an internal database in constantly growing and able to analyze the signature of a vulnerability or to identify any suspicious code that will bring us back.
 
In the log file we can see how many files have been analyzed, identified threats or any suspicious files, in which case you can send the suspect file to websecure.co.il Team who will free them to analyze and bring us the results.
 
PHP Shell Detector is available on GitHub once I download the file and proceed to the extraction we analyze the content. Proceed initially to configure the scanner using the file "shelldetect.ini" we will open the text editor you prefer more, we will find within it a number of parameters, in particular, we're going to edit the following:
 
  • Extension: to indicate the extension of the file to be analyzed (eg extension [] = php);
  • Showlinenumbers: To see which line in the file is the threat;
  • Language: to specify the language of the report (eg, language = "Italian");
  • Directory to specify which directory to analyze, if not specified will be analyzed the entire root;
  • Report_Format: to indicate which file to save the report (eg report_format = "report.htm");
  • Authentication: an authentication request to start scanning.
[adsense:block:adcontenuto]
 
For example, our shelldetect.ini file will contain the following parameters:
 
extension[]=php
extension[]=txt
showlinenumbers=true
langauge="italian"
directory=""
report_format="report.htm"
authentication=false
 
When the configuration is to proceed to upload the interior file in our website, in the root folder through FTP or whatever you prefer. Now we access the file shelldetect.php through the Web browser you prefer, by typing:
 
 
It will automatically scan our website, we can immediately appreciate the number of shell known in the database, the number of files that will be analyzed and then we will see step by step the progress of the scan. PHP Shell Detector us back the items suspected or discovered vulnerabilities.
 
php shell detection
 
In the example we learn that the scanner knows shell 431, has identified 8 rows to be analyzed, one of which turns out to be suspicious (secure-wordpress.php) while the second (file.php) has a positive sign and is therefore a Web Shell type r57.
 
php shell min
 
If a suspicious file is detected we can send it to the team websecure.co.il which shall carry out an audit to determine whether it is an unfounded suspicion or a real threat not only to the file, you can specify an address in which we receive the eMail ' outcome of the analysis.
 
 
If you want updates on IDENTIFY WITH HARMFUL PHP WEB SHELL SHELL DETECTOR enter your e-mail in the box below:

 

Development: 

Similar Content

How to defend against Google Penguin: causes, effects and solutions

google penguinAfter more than a year after the launch of Google Panda and after it is completed in the next update, April 24, Google announced a new change to its algorithm immediately renamed Google Penguin. And Google Penguin is another potential meted out to all the sites that make use of over-optimization of pages and looking to build their network in an unnatural links.

SEO: 

How to download .flv videos from Google, YouTube, MySpace and convert to Avi / Dvx without Software

how to download flv videosMany of you are aware that there are many sites that offer the ability to watch videos on-line of all kinds, but downloading is not as simple, or rather you have to have a little 'familiarity with various open source tools like Firefox and its extensions.

Offline Utility: 

Choose the best resolution and size to a website for mobile phone, tablet and desktop

best resolution and size to a website for desktop, tablet and smartphoneLet's see how to choose the right resolution for your website. It is important to work with a series of standards set. This ensures that the work of the designer will actually be reused.

How to set graphic password for access to the Windows 8 system on a tablet and Computer: Customizing Windows 8

customize windows 8In Windows 8, you can enter by setting a graphics password, through the selection of three points in the image.
 
This is the guide step by step to set this type of passwords
Offline Utility: 

10 Steps to Ensure Your Success

If you're looking for a lucrative home-based business, web marketing may be just what you've been looking for - - offering you the possibilities of making your dreams come true. Home-based business is the waive of the future and can offer you a wonderful opportunity to actually be able to compete with the large, well-established companies with large bank accounts. That 's what is so wonderful about the Internet . You don't have to have a large bank account in order to succeed. You just have to have a little "know how."
Web Marketing: