Desain dan Implementasi Deteksi WebShell Malicious Web Shell (Backdoor Trap)

*Raditya Faisal Waliulu orcid scopus  -  Politeknik Saint Paul Sorong, Indonesia
Santrinita Trhessya Jumame  -  Politeknik Saint Paul Sorong, Indonesia
Received: 25 Sep 2020; Revised: 13 Oct 2020; Accepted: 4 Nov 2020; Published: 22 Dec 2020; Available online: 22 Dec 2020.
Open Access
Citation Format:
Abstract

We present a report on hacker attacks against production servers on increased PHP vulnerabilities through SQL Injection attacks, XSS (Cross Site-Scripting), Cookie hijack, miss configuration, social engineering, CSRF (cross site request forgery), OTP bypass (take over account) and others. Hacker attacks leave a backdoor or webshell that will be accessed remotely (remote), this is common in blackhat hackers. Provides a shelltrap framework to use for and perform and clean the backdoor on the server. Because the back door has characteristics, namely: (1) taking over the physical server or localrooting; (2) adaptation to the run time environment; (3) using global variables to access the server. Have evaluated shelltrap on realworld server tame PHP Script and PHP backdoor. The experimental results get high level detection results of 98 %.

Keywords: Web Security; Web Shells; Backdoor; Intrusion Detection; Probability Analysis: Security Linux

Article Metrics:

Article Info
Section: Research Articles
Language: EN
In Vol 10, No 2 (2020): Volume 10 Nomor 2 Tahun 2020
Statistics: 300 133
Others articles
Analisis Keamanan Sistem Informasi Berdasarkan Framework COBIT 5 Menggunakan Capability Maturity Model Integration (CMMI) Sistem Temu Kembali Informasi dengan Metode Vector Space Model Implementasi Metode Dempster Shafer Pada Sistem Pakar Diagnosa Gangguan Kepribadian Penerapan Model Human Computer Interaction (HCI) Dalam Analisis Sistem Informasi Penggunaan Jaringan Syaraf Tiruan Backpropagation Untuk Seleksi Penerimaan Mahasiswa Baru Pada Jurusan Teknik Komputer Di Politeknik Negeri Sriwijaya Implementasi Algoritma K-Nearest Neighbor Sebagai Pendukung Keputusan Klasifikasi Penerima Beasiswa PPA dan BBM
  1. Bantun, S., Ashari, A., & Karim, R., 2020. Analisis Kinerja Raspberry Pi Sebagai SIP Server Untuk Aplikasi Video Phone. Semarang: Technocom
  2. Barth, A., Caballero, J., & Song, D., 2009. Secure content sniffing for web browsers, or how to stop papers from reviewing themselves. IEEE Symposium on Security and Privacy , 360-371
  3. Chao, W., Zhizhong, Wu, Z.W., Xi, L., Xuehai, Z., Aili, W. & Patrick C.K.H., 2014. SmartMal: a service-oriented behavioral malware detection framework for mobile devices. The Scientific World Journal , 2014 (101986,)
  4. Duda, R., Hard, P., & D.G.S., 2012. Pattern Classification 2nd. In J. W. Sons. New York
  5. Eman, A., Amin, S., Mohammed, S., & Ayman, B.-E. 2017. A cloud-based malware detection framework. International Journal of Interactive Mobile Technologies , 11 (2), 113-127
  6. Garfinkel, S., 2007. Anti-Forensics: techniques, detection and countermeasures. 2nd International Conference in i-Warefare and Security , 79
  7. Haboob, T., 2018. File Upload Restrictions Bypass. Haboob
  8. Hung-Jen, L., Chun-Hung, R. L., Ying-Chih, L., & Kuang-Yuan, T., 2013. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications , 16-24
  9. Irfan, T.A. & Akbar, A.A.M., 2019. How To Using Online Meeting On Jitsi Meet Aplication. 1-13
  10. John, L.C., 2016. GVFS metadata: Shellbags for Linux. Digital Investigation , 16, 12 - 18
  11. Josh, A., Richard, B., Benton, C., Zakir, D., Peter, E., Alan, F.-L., 2019. Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. ACM SIGSAC Conference on Computer and Communications Security , 2019 (Session 10 E : Certificate), 2473 - 2487
  12. Khattab, M.A.A., Anna, G. and Klaus, D., 2015. An Intrusion Detection System Against Malicious Attacks on the Communication Network of Driverless Cars. Consumer Communications and Networking Conference (CNCC) , 916-921
  13. Kim, D.W., Yan, P., & Zhang, J., 2015. Detecting fake anti-virus software distribution webpages. Computers & Security , 49, 95 - 106
  14. Li, Y., Huang, J., Ikusan, A., Mitchell, M., Zhang, J., & Dai, R., 2019. ShellBreaker: automatically detecting PHP-based malicious web shells. Journal of Computers and Security , 87
  15. Lin, Y.-D., Chen, S.-H., Lin, P.-C., & Lai, Y.-C., 2008. Designing and evaluating interleaving decompressing and virus scanning in a stream-based mail proxy. The Journal of Systems and Software , 81, 1517 - 1524
  16. Maha A.S., 2020. Providing a secure environment for e-commerce sites using SSL Technology. Journal of Education and Science , 29 (1), 174 - 191
  17. Manesh, T., Brijith, B., Bhraguram, T. M., & Bhadran, V.K., 2013. Network forensic investigation of https protocol. International Journal of Modern Engineering Research (IJMER), 3 (5), 3096 - 3106
  18. McDaniel, P., & Rubin, A.D., 2005. Web security. Comput. Netw. United State: Elsevier
  19. Shweta, P., & Abhishek, S.C., 2013. Secure Content sniffing for web browsers. International Journal of Advanced Research in Computer and Communication Engineering , 2 (9), 3595-3601
  20. Simson, G., 2007. Anti-Forensics: techniques, detection and countermeasures, 2nd International Conference in i-Warefare and Security
  21. Son, S., & Shmatikov, V., 2011. Finding semantic vulnerabilities in PHP applications. Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security (pp. 1-13). NY, United States: Association for Computing Machinery
  22. Stiborek, J., Pevny, T., & Rehak, M., 2018. Probalistic Analysis of Dynamic Malware Traces. Computer & Security , 221-239
  23. Vazquez, A., 2016. Learn CentOS Linux Network Services. Apress, Berkeley, CA
  24. Waliulu, R. F., & Iskandar, A.T.H., 2018. Reverse engineering analysis forensic malware WEBC2-DIV. Jurnal &Penelitian Teknik Informatika) , 113 - 119
  25. Wassermann, G., & Su, Z., (2008. Static detection of cross-site scripting vulnerabilities. In: Proceedings of the 30th International Conference on Software Engineering , 171-180
  26. Xie, Y., & Aiken, A., 2016. Static Detection of Security Vulnerabilities in Scripting Languages. USENIX Security Symposium , 15, 179-192
  27. Xue, L., & Sun, G., 2014. Design and implementation of a malware detection system based on network behavior. Security and Communication Networks , 8, 459 - 470
  28. Yujie, F., Yanfang, Y., & Lifei, C., 2016. Malicious sequential pattern mining for automatic malware detection. Expert Systems With Applications , 16-25
  29. Zahra, S., Ashkan, S., & Mahboobe, G., 2017. MAAR: Robust features to detect malicious activity based on API calls, their arguments and return values. Engineering Applications of Artificial Intelligence , 93-102

Last update: 2021-04-20 13:23:06

No citation recorded.

Last update: 2021-04-20 13:23:06

No citation recorded.

Penulis yang mengirimkan naskah harus memahami dan menyetujui bahwa jika diterima untuk dipublikasikan, hak cipta dari artikel adalah milik JSINBIS dan Universitas Diponegoro sebagai penerbit jurnal.

Hak cipta (copyright) meliputi hak eksklusif untuk mereproduksi dan memberikan artikel dalam semua bentuk dan media, termasuk cetak ulang, foto, mikrofilm dan setiap reproduksi lain yang sejenis, serta terjemahan. Penulis mempunyai hak untuk hal-hal berikut:

  1. menggandakan seluruh atau sebagian materi yang dipublikasikan untuk digunakan oleh penulis sendiri sebagai bahan pengajaran di kelas atau bahan presentasi lisan dalam berbagai forum;
  2. menggunakan kembali sebagian atau keseluruhan materi sebagai bahan kompilasi bagi karya tulis penulis;
  3. membuat salinan dari bahan yang dipublikasikan untuk didistribusikan di lingkungan institusi tempat penulis bekerja. 

JSINBIS dan Universitas Diponegoro serta Editor melakukan segala upaya untuk memastikan bahwa tidak ada data, pendapat atau pernyataan yang salah atau menyesatkan yang dipublikasikan di jurnal ini. Isi artikel yang diterbitkan di JSINBIS adalah tanggung jawab tunggal dan eksklusif dari masing-masing penulis.