A web shell is a type of web server malware. It is a script uploaded to your web server by an attacker and executed there. The term shell is used to describe a user interface that you use to access services offered by the operating system. Learn how a simple PHP web shell works .

How is a web shell used in an attack?

Web shells are not attacks. Web shells are tools that can be used after a successful attack. If an attacker can upload a file to your server and then run it, they will usually use a web shell. Then, they can continue the attack by running more commands on your web server. Read more about file inclusion, which is a type of an attack that allows the attacker to upload a web shell .

How to discover a web shell?

You can discover web shells manually by regularly analyzing web server logs and files. If you suspect that there is a web shell on your web server, you should filter logs for common keywords used by web shells. Also, monitor network for unusual network traffic and connections (outgoing from your server). Learn more about detecting web shells .

How to prevent attackers from using web shells?

The only efficient way to avoid web shells is to eliminate vulnerabilities that let attackers upload web shells. To eliminate vulnerabilities, you must first find them. For that, you need to use a professional vulnerability scanner like Acunetix, which will not only find vulnerabilities but also tell you how to eliminate them. Learn more about the features of Acunetix Premium .

Author Archives Agathoklis Prodromou

THE AUTHOR

Agathoklis Prodromou
Web Systems Administrator/Developer

Akis has worked in the IT sphere for more than 13 years, developing his skills from a defensive perspective as a System Administrator and Web Developer but also from an offensive perspective as a penetration tester. He holds various professional certifications related to ethical hacking, digital forensics and incident response.

An Introduction to Web Shells (Web Shells Part 1)

Web Security Zone | April 16, 2020 by Agathoklis Prodromou

A web shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. A web shell itself cannot attack or exploit a remote vulnerability, so it is always the second step of…

Web Shells 101 Using PHP (Web Shells Part 2)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 1 of this series, we looked at what a web shell is and why an attacker would seek to use one. In part 2 of this series, we’ll be looking at some specific examples of web shells developed using the PHP programming language….

Keeping Web Shells Under Cover (Web Shells Part 3)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 2 of this series, we looked at specific examples of web shells in the PHP programming language. In part 3 of this series, we’ll be looking at some techniques that attackers use to keep web shells hidden. Commands can be sent to the…

Web Shells in Action (Web Shells Part 4)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 3 of this series, we looked at ways in which a hacker can keep web shells under the radar. In part 4 of this series, we’ll be looking at web shells in action by using Weevely as an example. Weevely is a lightweight…

Web Shell Detection and Prevention (Web Shells Part 5)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent their use. Detection If an administrator suspects that a…

Using Logs to Investigate – SQL Injection Attack Example

Web Security Zone | October 3, 2019 by Agathoklis Prodromou

A log file is an extremely valuable piece of information that is provided by a server. Almost all servers, services, and applications provide some sort of logging. A log file records events and actions that take place during the run time of a service or…

TLS Security 1: What Is SSL/TLS

Web Security Zone | April 3, 2019 by Agathoklis Prodromou

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic security protocols. They are used to make sure that network communication is secure. Their main goals are to provide data integrity and communication privacy. The SSL protocol was the first protocol designed for this…

TLS Security 5: Establishing a TLS Connection

Web Security Zone | March 31, 2019 by Agathoklis Prodromou

The process of establishing a secure SSL/TLS connection involves several steps. SSL/TLS security protocols use a combination of asymmetric and symmetric encryption. The client and the server must negotiate the algorithms used and exchange key information. For the purpose of explaining this complex process, we…

TLS Security 4: SSL/TLS Certificates

Web Security Zone | March 31, 2019 by Agathoklis Prodromou

When you communicate securely with a third party using data encryption, you usually want to be sure that they are who they say they are. For example, when you use an online bank or an e-commerce site and you send sensitive information, you want to…

Take action and discover your vulnerabilities