A web shell is a small application that an attacker runs on your web server. They can then use this application to remotely access your server and run commands on it. A web shell by itself is never an attack, it is the aftermath of a successful attack on your website or web application. This means that if you have a web shell, you have a much more serious problem to worry about. See how a web shell works in practice .

How do malicious hackers use web shells?

Malicious hackers use web shells to take control of an already compromised server. First, they exploit a vulnerability in your website or web application such as SQL injection, remote code execution, or others. Then, they upload a web shell to your web server. From now on, they can run any commands that they like on your server. See a step-by-step example of an attack that leads to full server compromise .

How can I detect web shells?

You can detect web shells by log analysis. However, you should not focus on detecting web shells but instead, you should detect vulnerabilities that can let attackers take control of your server. Even if you detect a web shell, that will not stop attackers from taking over control again if the vulnerabilities are still there. To detect web vulnerabilities and learn how to eliminate them, use Acunetix. See what Acunetix Premium can do for you .

How can I protect myself against web shells?

The best way to protect yourself against web shells is to make it impossible to use them on your system. You can do that by hardening your server – removing all excess permissions, blocking potentially dangerous functions, restricting script execution in upload directories, etc. However, it is best to protect the server from becoming compromised in the first place by using Acunetix regularly. Read more about web shell detection and protection .

Articles Archives | Page 5 of 68

Web Shells 101 Using PHP (Web Shells Part 2)

Articles | April 14, 2020 by Agathoklis Prodromou

In part 1 of this series, we looked at what a web shell is and why an attacker would seek to use one. In part 2 of this series, we’ll be looking at some specific examples of web shells developed using the PHP programming language….

Keeping Web Shells Under Cover (Web Shells Part 3)

Articles | April 14, 2020 by Agathoklis Prodromou

In part 2 of this series, we looked at specific examples of web shells in the PHP programming language. In part 3 of this series, we’ll be looking at some techniques that attackers use to keep web shells hidden. Commands can be sent to the…

Web Shells in Action (Web Shells Part 4)

Articles | April 14, 2020 by Agathoklis Prodromou

In part 3 of this series, we looked at ways in which a hacker can keep web shells under the radar. In part 4 of this series, we’ll be looking at web shells in action by using Weevely as an example. Weevely is a lightweight…

Web Shell Detection and Prevention (Web Shells Part 5)

Articles | April 14, 2020 by Agathoklis Prodromou

In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent their use. Detection If an administrator suspects that a…

What is Remote File Inclusion (RFI)?

Articles | April 2, 2020 by Ian Muscat

Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and…

Apache Security – 10 Tips for a Secure Installation

Articles | March 16, 2020 by Acunetix

The Apache web server is one of the most popular web servers available for both Windows and Linux/UNIX. At the moment, it is used to host approximately 40% of websites. It is also often described as one of the most secure web servers. In this article,…

How to Recover from a Hacked Website Event

Articles | March 13, 2020 by Kevin Attard Compagno

Any fellow website owner or webmaster you may ask who is beyond the novice stage will agree that one of their top priorities will always be keeping their websites secure. However, exploits and tools available to hackers are so vast, and software technologies evolve so…

The curse of old Java libraries

Articles | February 27, 2020 by Aleksei Tiurin

Java is known for its backward-compatibility. You can still execute code that was written many years ago, as long as you use an appropriate version of Java. Thanks to this feature, modern projects use a wide range of libraries that have been “tested by time”…

How We Found Another XSS in Google with Acunetix

Articles | February 17, 2020 by Andrey Leonov

You have to be a very lazy hacker not to try to find issues in Google. Link and I are not lazy but we may be a bit luckier than most. And we use good tools, which helps. Some time ago, we found an XSS…

Articles

Take action and discover your vulnerabilities