Desain dan Implementasi Deteksi WebShell Malicious Web Shell (Backdoor Trap)

*Raditya Faisal Waliulu orcid scopus  -  Politeknik Saint Paul Sorong, Indonesia
Santrinita Trhessya Jumame  -  Politeknik Saint Paul Sorong, Indonesia
Received: 25 Sep 2020; Revised: 13 Oct 2020; Accepted: 4 Nov 2020; Published: 22 Dec 2020; Available online: 22 Dec 2020.
Open Access
Citation Format:
Abstract

We present a report on hacker attacks against production servers on increased PHP vulnerabilities through SQL Injection attacks, XSS (Cross Site-Scripting), Cookie hijack, miss configuration, social engineering, CSRF (cross site request forgery), OTP bypass (take over account) and others. Hacker attacks leave a backdoor or webshell that will be accessed remotely (remote), this is common in blackhat hackers. Provides a shelltrap framework to use for and perform and clean the backdoor on the server. Because the back door has characteristics, namely: (1) taking over the physical server or localrooting; (2) adaptation to the run time environment; (3) using global variables to access the server. Have evaluated shelltrap on realworld server tame PHP Script and PHP backdoor. The experimental results get high level detection results of 98 %.

Keywords: Web Security; Web Shells; Backdoor; Intrusion Detection; Probability Analysis: Security Linux

Article Metrics:

Article Info
Section: Research Articles
Language: EN
In Vol 10, No 2 (2020): Volume 10 Nomor 2 Tahun 2020
Statistics: 31 14
Others articles
Sistem Manajemen Pengetahuan Berbasis Standar Operasional Prosedur Untuk Meningkatkan Kinerja Pegawai Sistem Informasi Pengukuran Kinerja Pada Perkebunan Kelapa Sawit Dengan Menggunakan Metode Balanced Scorecard Sistem Pendukung Keputusan Pemberian Kredit Rumah Sejahtera Pada Nasabah Bank Pembangunan Daerah Kalimantan Timur dengan Metode TOPSIS Sistem Pendukung Keputusan Pemilihan Siswa Berprestasi Berbasis Website dengan Metode Simple Additive Weighting Implementasi Metode Dempster Shafer Pada Sistem Pakar Diagnosa Gangguan Kepribadian Kajian Algoritma Sequential Pattern Mining Dan Market Basket Analysis Dalam Pengenalan Pola Belanja Customer Untuk Layout Toko
  1. Bantun, S., Ashari, A., & Karim, R., 2020. Analisis Kinerja Raspberry Pi Sebagai SIP Server Untuk Aplikasi Video Phone. Semarang: Technocom.
  2. Barth, A., Caballero, J., & Song, D., 2009. Secure content sniffing for web browsers, or how to stop papers from reviewing themselves. IEEE Symposium on Security and Privacy , 360-371.
  3. Chao, W., Zhizhong, Wu, Z.W., Xi, L., Xuehai, Z., Aili, W. & Patrick C.K.H., 2014. SmartMal: a service-oriented behavioral malware detection framework for mobile devices. The Scientific World Journal , 2014 (101986,).
  4. Duda, R., Hard, P., & D.G.S., 2012. Pattern Classification 2nd. In J. W. Sons. New York.
  5. Eman, A., Amin, S., Mohammed, S., & Ayman, B.-E. 2017. A cloud-based malware detection framework. International Journal of Interactive Mobile Technologies , 11 (2), 113-127.
  6. Garfinkel, S., 2007. Anti-Forensics: techniques, detection and countermeasures. 2nd International Conference in i-Warefare and Security , 79.
  7. Haboob, T., 2018. File Upload Restrictions Bypass. Haboob.
  8. Hung-Jen, L., Chun-Hung, R. L., Ying-Chih, L., & Kuang-Yuan, T., 2013. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications , 16-24.
  9. Irfan, T.A. & Akbar, A.A.M., 2019. How To Using Online Meeting On Jitsi Meet Aplication. 1-13.
  10. John, L.C., 2016. GVFS metadata: Shellbags for Linux. Digital Investigation , 16, 12 - 18.
  11. Josh, A., Richard, B., Benton, C., Zakir, D., Peter, E., Alan, F.-L., 2019. Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. ACM SIGSAC Conference on Computer and Communications Security , 2019 (Session 10 E : Certificate), 2473 - 2487.
  12. Khattab, M.A.A., Anna, G. and Klaus, D., 2015. An Intrusion Detection System Against Malicious Attacks on the Communication Network of Driverless Cars. Consumer Communications and Networking Conference (CNCC) , 916-921.
  13. Kim, D.W., Yan, P., & Zhang, J., 2015. Detecting fake anti-virus software distribution webpages. Computers & Security , 49, 95 - 106.
  14. Li, Y., Huang, J., Ikusan, A., Mitchell, M., Zhang, J., & Dai, R., 2019. ShellBreaker: automatically detecting PHP-based malicious web shells. Journal of Computers and Security , 87.
  15. Lin, Y.-D., Chen, S.-H., Lin, P.-C., & Lai, Y.-C., 2008. Designing and evaluating interleaving decompressing and virus scanning in a stream-based mail proxy. The Journal of Systems and Software , 81, 1517 - 1524.
  16. Maha A.S., 2020. Providing a secure environment for e-commerce sites using SSL Technology. Journal of Education and Science , 29 (1), 174 - 191.
  17. Manesh, T., Brijith, B., Bhraguram, T. M., & Bhadran, V.K., 2013. Network forensic investigation of https protocol. International Journal of Modern Engineering Research (IJMER), 3 (5), 3096 - 3106.
  18. McDaniel, P., & Rubin, A.D., 2005. Web security. Comput. Netw. United State: Elsevier.
  19. Shweta, P., & Abhishek, S.C., 2013. Secure Content sniffing for web browsers. International Journal of Advanced Research in Computer and Communication Engineering , 2 (9), 3595-3601.
  20. Simson, G., 2007. Anti-Forensics: techniques, detection and countermeasures, 2nd International Conference in i-Warefare and Security.
  21. Son, S., & Shmatikov, V., 2011. Finding semantic vulnerabilities in PHP applications. Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security (pp. 1-13). NY, United States: Association for Computing Machinery.
  22. Stiborek, J., Pevny, T., & Rehak, M., 2018. Probalistic Analysis of Dynamic Malware Traces. Computer & Security , 221-239.
  23. Vazquez, A., 2016. Learn CentOS Linux Network Services. Apress, Berkeley, CA.
  24. Waliulu, R. F., & Iskandar, A.T.H., 2018. Reverse engineering analysis forensic malware WEBC2-DIV. Jurnal &Penelitian Teknik Informatika) , 113 - 119.
  25. Wassermann, G., & Su, Z., (2008. Static detection of cross-site scripting vulnerabilities. In: Proceedings of the 30th International Conference on Software Engineering , 171-180.
  26. Xie, Y., & Aiken, A., 2016. Static Detection of Security Vulnerabilities in Scripting Languages. USENIX Security Symposium , 15, 179-192.
  27. Xue, L., & Sun, G., 2014. Design and implementation of a malware detection system based on network behavior. Security and Communication Networks , 8, 459 - 470.
  28. Yujie, F., Yanfang, Y., & Lifei, C., 2016. Malicious sequential pattern mining for automatic malware detection. Expert Systems With Applications , 16-25.
  29. Zahra, S., Ashkan, S., & Mahboobe, G., 2017. MAAR: Robust features to detect malicious activity based on API calls, their arguments and return values. Engineering Applications of Artificial Intelligence , 93-102.

Last update: 2021-01-16 11:43:24

No citation recorded.

Last update: 2021-01-16 11:43:24

No citation recorded.

Penulis yang mengirimkan naskah harus memahami dan menyetujui bahwa jika diterima untuk dipublikasikan, hak cipta dari artikel adalah milik JSINBIS dan Universitas Diponegoro sebagai penerbit jurnal.

Hak cipta (copyright) meliputi hak eksklusif untuk mereproduksi dan memberikan artikel dalam semua bentuk dan media, termasuk cetak ulang, foto, mikrofilm dan setiap reproduksi lain yang sejenis, serta terjemahan. Penulis mempunyai hak untuk hal-hal berikut:

  1. menggandakan seluruh atau sebagian materi yang dipublikasikan untuk digunakan oleh penulis sendiri sebagai bahan pengajaran di kelas atau bahan presentasi lisan dalam berbagai forum;
  2. menggunakan kembali sebagian atau keseluruhan materi sebagai bahan kompilasi bagi karya tulis penulis;
  3. membuat salinan dari bahan yang dipublikasikan untuk didistribusikan di lingkungan institusi tempat penulis bekerja. 

JSINBIS dan Universitas Diponegoro serta Editor melakukan segala upaya untuk memastikan bahwa tidak ada data, pendapat atau pernyataan yang salah atau menyesatkan yang dipublikasikan di jurnal ini. Isi artikel yang diterbitkan di JSINBIS adalah tanggung jawab tunggal dan eksklusif dari masing-masing penulis.