'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339642)

Rule General Information
Release Date: 2025-11-18
Rule Name: Webshell Tool Godzilla Detection
Severity:
CVE ID:
Rule Protection Details
Description: Godzilla is a Webshell management tool. Using the uploaded webshell, it can execute any command under the permission of the web server, and bypass most of the WAF and probe devices on the market at present. This rule is used to detect Godzilla's Webshell Communication traffic.
Impact: An attacker could exploit this vulnerability to have unspecified effect.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Users should scan server content to see if Trojan horse files exist.