Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339955）

Rule General Information


Release Date:		2026-04-22

Rule Name:		Webshell Tool Behinder Detection

Severity:

CVE ID:

Rule Protection Details


Description:		Behinder is a website Webshell management tool . Using the uploaded webshell, you can execute arbitrary commands under the authority of the web server, and can bypass most of the WAF and probe devices currently on the market.This rule is used to detect Behinder v4.0 JSP type Webshell communication traffic.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Users should scan server content to see if Trojan horse files exist.