RULE(RULE ID:336642)

Rule General Information
Release Date: 2022-06-14
Rule Name: Webshell Tool Godzilla Detection
Severity:
CVE ID:
Rule Protection Details
Description: Godzilla is a Webshell management tool. Using the uploaded webshell, it can execute any command under the permission of the web server, and bypass most of the WAF and probe devices on the market at present. This rule is used to detect Godzilla's Webshell Communication traffic.
Impact: By using the Webshell management tool, an attacker can obtain the control rights of the server by using the Webshell written into the website, execute system commands, read configuration files, steal user data, and tamper with website pages.
Affected OS: Windows, Linux, Others
Reference:
Solutions
1. Scan the server file system to ensure that no Webshell and related malicious files exist. 2. Complete system backup to ensure server data security. 3. Harden the security of the server, restrict access permissions, install firewalls, and use secure access control lists.