Identify harmful Web Shell with PHP Shell Detector

webshell php

A web shell is a script, commonly written in PHP, which can provide access as the root user to a web server compressed. Trojan also renamed PHP can be very harmful if used correctly by an attacker, it is therefore important to periodically analyze the platform's web in search of intruders.
 
Through a Web Shell you can perform various functions including:
 
[adsense:block:adcontenuto]
 
  • Enumerating Server (OS version, PHP, Apache, MySql and free space);
  • Viewing files on the server;
  • Run remote commands;
  • Upload and Download files;
  • Sending eMail;
  • Dump Database;
  • Running SQL Query;
  • DoS attacks.
 
In this article we will analyze the scanner free and open source "PHP Shell Detector" able to search our web threats, once identified will be back in a simple report in Italian.
 
The analysis of the file is based on an internal database in constantly growing and able to analyze the signature of a vulnerability or to identify any suspicious code that will bring us back.
 
In the log file we can see how many files have been analyzed, identified threats or any suspicious files, in which case you can send the suspect file to websecure.co.il Team who will free them to analyze and bring us the results.
 
PHP Shell Detector is available on GitHub once I download the file and proceed to the extraction we analyze the content. Proceed initially to configure the scanner using the file "shelldetect.ini" we will open the text editor you prefer more, we will find within it a number of parameters, in particular, we're going to edit the following:
 
  • Extension: to indicate the extension of the file to be analyzed (eg extension [] = php);
  • Showlinenumbers: To see which line in the file is the threat;
  • Language: to specify the language of the report (eg, language = "Italian");
  • Directory to specify which directory to analyze, if not specified will be analyzed the entire root;
  • Report_Format: to indicate which file to save the report (eg report_format = "report.htm");
  • Authentication: an authentication request to start scanning.
[adsense:block:adcontenuto]
 
For example, our shelldetect.ini file will contain the following parameters:
 
extension[]=php
extension[]=txt
showlinenumbers=true
langauge="italian"
directory=""
report_format="report.htm"
authentication=false
 
When the configuration is to proceed to upload the interior file in our website, in the root folder through FTP or whatever you prefer. Now we access the file shelldetect.php through the Web browser you prefer, by typing:
 
 
It will automatically scan our website, we can immediately appreciate the number of shell known in the database, the number of files that will be analyzed and then we will see step by step the progress of the scan. PHP Shell Detector us back the items suspected or discovered vulnerabilities.
 
php shell detection
 
In the example we learn that the scanner knows shell 431, has identified 8 rows to be analyzed, one of which turns out to be suspicious (secure-wordpress.php) while the second (file.php) has a positive sign and is therefore a Web Shell type r57.
 
php shell min
 
If a suspicious file is detected we can send it to the team websecure.co.il which shall carry out an audit to determine whether it is an unfounded suspicion or a real threat not only to the file, you can specify an address in which we receive the eMail ' outcome of the analysis.
 
 
If you want updates on IDENTIFY WITH HARMFUL PHP WEB SHELL SHELL DETECTOR enter your e-mail in the box below:

 

Development: 

Similar Content

Choose the best resolution and size to a website for mobile phone, tablet and desktop

best resolution and size to a website for desktop, tablet and smartphoneLet's see how to choose the right resolution for your website. It is important to work with a series of standards set. This ensures that the work of the designer will actually be reused.

How to discover if someone is spying on us with a mobile phone

spy phone

You have seen how to create a spy mobile phone in a few steps.

it is a very simplified version of spy mobile phones much more advanced that cost thousands of dollars and, according to their creators, can help you find non-existent lovers and so forth. 

There are also ways to discover if someone is spying on us with a mobile phone.

Mobile: 

Texas Instruments fires and abandons the investment in mobile

Texas Instruments is only the latest victims of a global economic crisis and of a sector such as high-tech that would be undergoing mutations as fast as radical, to certify the state of difficulty of the group there would be a new business plan would provide numerous layoffs.
 
 
News Magazine: