Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP c99shell Backdoor Script Detection

High

Synopsis

The remote web server may contain a PHP backdoor script.

Description

The remote web server may contain a PHP script that acts as a backdoor and provides a convenient set of tools for attacking the affected host. At least one instance of 'c99shell' (or a derivative, such as c100 or Locus7Shell) is hosted on the remote web server.

Solution

Remove any instances of the script and conduct a forensic examination to determine how it was installed as well as whether other unauthorized changes were made.