How to Detect WebShell?

[YuanJiawj]

Hi everyone! these days on a VPS with Linux i discovered a Webshell. i've used Linux Malware Detect and has not found any threat, i reviewed my files and I found several files encoded using .base64. there any way to detect files encoded using base64?

Thanks!

 

[hjlbx]

@Klipsh might know...

 

[YuanJiawj]

@Klipsh might know...

I hope he can read this...

 

[hjlbx]

I hope he can read this...

At least he can point you in the right direction...

@Nitlott

Did you upload the suspect files to Virus Total ?

 

[LabZero]

Hi everyone! these days on a VPS with Linux i discovered a Webshell. i've used Linux Malware Detect and has not found any threat, i reviewed my files and I found several files encoded using .base64. there any way to detect files encoded using base64?

Thanks!

Have you tried this ?

GitHub - emposha/PHP-Shell-Detector: Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.

 

[YuanJiawj]

@hjlbx Hi again, Yes, but the detection is very low. VirusTotal 4/55 (AegisLab,Bkav,Kaspersky & Sophos)

 

[YuanJiawj]

@Klipsh I've used this tool but the file is not detected. I tried it on localhost and on my VPS and the file is not detected . It is difficult to find file by file manully, I think because this file is encoded