douchun6108 2017-04-26 14:52
浏览 320
已采纳

后门:PHP / webshel​​l恶意软件

I have this website which i want to replace because its outdated, we made a new website. But as always before uploading the new website to the live environment i make a backup of the current live website. While i was downloading the Wordpress installation my windows defender popped up with the following message. Malware found:

Backdoor:PHP/webshell

What exactly is this? Is it dangerous for my computer or is it a backdoor for the website. How did this happen. Anything would be really helpful on this matter. Should i run a scan on my whole computer?

Thanks in advance.

  • 写回答

1条回答 默认 最新

  • dousi3362 2017-04-26 14:55
    关注

    Backdoor:PHP/WebShell.A drops following files:

    <root folder>/tmp/bp.pl - used to listen for shell commands
    <root folder>/tmp/bc.pl - used to send shell commands
    

    Sends email

    Backdoor:PHP/WebShell.A sends an email that contains your IP address and reportsits installation to the Yahoo! account "freedom20900".

    Allows backdoor access and control

    Backdoor:PHP/WebShell.A can give a malicious hackers access to perform the following actions:

    Archive or extract files
    Brute-force logins for FTP, MySQL, pgsql
    Create or delete folders
    Download files
    Encode or decode files
    Open a bash shell command, which allows the remote attacker to execute remote commands
    Open files
    Rename files
    Run SQL commands
    Search folders
    Show active connections
    Show computers the infected computer had access to
    Show running services
    Show user accounts
    Show IP configuration
    

    Connects to certain servers

    Backdoor:PHP/WebShell.A connects to the following servers for the purpose of receiving arbitrary information, sent by a malicious hacker, about your PC:

    crackfor.me
    hashcracking.info
    hashcracking.ru
    md5.rednoize.com
    www.hashcrack.com
    www.md5decrypter.com
    www.milw0rm.com
    

    In normal terms

    Your site has been hacked and perhaps been manipulated in a way that will be a risk if you try to use it. Do not use this source and remove / delete from your machine. I would suggest doing a major browse / scan for any more potential viruses and change your user information such as passwords and emails on the server (Since they may know these by now).

    Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor:PHP/WebShell.A

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 vue使用gojs,需求在link中的虚线上添加方向箭头
  • ¥15 CSS通配符清除内外边距为什么可以覆盖默认样式?
  • ¥15 SPSS分类模型实训题步骤
  • ¥15 求解决扩散模型代码问题
  • ¥15 工创大赛太阳能电动车项目零基础要学什么
  • ¥20 limma多组间分析最终p值只有一个
  • ¥15 nopCommerce开发问题
  • ¥15 torch.multiprocessing.spawn.ProcessExitedException: process 1 terminated with signal SIGKILL
  • ¥15 QuartusⅡ15.0编译项目后,output_files中的.jdi、.sld、.sof不更新怎么解决
  • ¥15 pycharm输出和导师的一样,但是标红