|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-10-22 | |
| Rule Name: | Webshell Tool Antsword Detection - PHP Webshell Communication | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Antsword is an open source cross-platform WebShell management tool developed by Chinese security researchers. Antsword can manage multiple shells on the attacked host, allowing penetration testers to easily execute commands, upload and download files, and more.This rule is used to detect Antsword PHP type Communication Webshell traffic. | |
| Impact: | By using the Webshell management tool, an attacker can obtain the control rights of the server by using the Webshell written into the website, execute system commands, read configuration files, steal user data, and tamper with website pages. | |
| Affected OS: | Windows, Others | |
| Reference: | https://github.com/AntSwordProject/antSword |
|
| Solutions |
|---|
| 1. Scan the server file system to ensure that no Webshell and related malicious files exist. 2. Complete system backup to ensure server data security. 3. Harden the security of the server, restrict access permissions, install firewalls, and use secure access control lists. |