Detections
Analytics

alya.cgi CGI Backdoor Detection

high Nessus Plugin ID 11118

Synopsis

The remote web server contains a CGI script that indicates the presence of a compromised system.

Description

alya.cgi was found on the remote system. This script is likely a CGI based backdoor distributed with multiple rootkits.

Solution

Remove the alya.cgi script from the web server. In addition, perform a full audit of the server to ensure no additional backdoor scripts are present.

See Also

http://cns.utoronto.ca/~scan/expltool.txt

Plugin Details

Severity: High

ID: 11118

File Name: alya.nasl

Version: 1.18

Type: remote

Family: Backdoors

Published: 9/4/2002

Updated: 6/12/2020

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Settings/ParanoidReport