|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-06-14 | |
| Rule Name: | Webshell Tool Godzilla Detection | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Godzilla is a Webshell management tool. Using the uploaded webshell, it can execute any command under the permission of the web server, and bypass most of the WAF and probe devices on the market at present. This rule is used to detect Godzilla's Webshell Communication traffic. | |
| Impact: | By using the Webshell management tool, an attacker can obtain the control rights of the server by using the Webshell written into the website, execute system commands, read configuration files, steal user data, and tamper with website pages. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| 1. Scan the server file system to ensure that no Webshell and related malicious files exist. 2. Complete system backup to ensure server data security. 3. Harden the security of the server, restrict access permissions, install firewalls, and use secure access control lists. |