Desain dan Implementasi Deteksi WebShell Malicious Web Shell (Backdoor Trap)

*Raditya Faisal Waliulu orcid scopus  -  Politeknik Saint Paul Sorong, Indonesia
Santrinita Trhessya Jumame  -  Politeknik Saint Paul Sorong, Indonesia
Received: 25 Sep 2020; Revised: 13 Oct 2020; Accepted: 4 Nov 2020; Published: 22 Dec 2020; Available online: 22 Dec 2020.
Open Access
Citation Format:
Abstract

We present a report on hacker attacks against production servers on increased PHP vulnerabilities through SQL Injection attacks, XSS (Cross Site-Scripting), Cookie hijack, miss configuration, social engineering, CSRF (cross site request forgery), OTP bypass (take over account) and others. Hacker attacks leave a backdoor or webshell that will be accessed remotely (remote), this is common in blackhat hackers. Provides a shelltrap framework to use for and perform and clean the backdoor on the server. Because the back door has characteristics, namely: (1) taking over the physical server or localrooting; (2) adaptation to the run time environment; (3) using global variables to access the server. Have evaluated shelltrap on realworld server tame PHP Script and PHP backdoor. The experimental results get high level detection results of 98 %.

Keywords: Web Security; Web Shells; Backdoor; Intrusion Detection; Probability Analysis: Security Linux

Article Metrics:

  1. Bantun, S., Ashari, A., & Karim, R., 2020. Analisis Kinerja Raspberry Pi Sebagai SIP Server Untuk Aplikasi Video Phone. Semarang: Technocom
  2. Barth, A., Caballero, J., & Song, D., 2009. Secure content sniffing for web browsers, or how to stop papers from reviewing themselves. IEEE Symposium on Security and Privacy , 360-371
  3. Chao, W., Zhizhong, Wu, Z.W., Xi, L., Xuehai, Z., Aili, W. & Patrick C.K.H., 2014. SmartMal: a service-oriented behavioral malware detection framework for mobile devices. The Scientific World Journal , 2014 (101986,)
  4. Duda, R., Hard, P., & D.G.S., 2012. Pattern Classification 2nd. In J. W. Sons. New York
  5. Eman, A., Amin, S., Mohammed, S., & Ayman, B.-E. 2017. A cloud-based malware detection framework. International Journal of Interactive Mobile Technologies , 11 (2), 113-127
  6. Garfinkel, S., 2007. Anti-Forensics: techniques, detection and countermeasures. 2nd International Conference in i-Warefare and Security , 79
  7. Haboob, T., 2018. File Upload Restrictions Bypass. Haboob
  8. Hung-Jen, L., Chun-Hung, R. L., Ying-Chih, L., & Kuang-Yuan, T., 2013. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications , 16-24
  9. Irfan, T.A. & Akbar, A.A.M., 2019. How To Using Online Meeting On Jitsi Meet Aplication. 1-13
  10. John, L.C., 2016. GVFS metadata: Shellbags for Linux. Digital Investigation , 16, 12 - 18
  11. Josh, A., Richard, B., Benton, C., Zakir, D., Peter, E., Alan, F.-L., 2019. Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. ACM SIGSAC Conference on Computer and Communications Security , 2019 (Session 10 E : Certificate), 2473 - 2487
  12. Khattab, M.A.A., Anna, G. and Klaus, D., 2015. An Intrusion Detection System Against Malicious Attacks on the Communication Network of Driverless Cars. Consumer Communications and Networking Conference (CNCC) , 916-921
  13. Kim, D.W., Yan, P., & Zhang, J., 2015. Detecting fake anti-virus software distribution webpages. Computers & Security , 49, 95 - 106
  14. Li, Y., Huang, J., Ikusan, A., Mitchell, M., Zhang, J., & Dai, R., 2019. ShellBreaker: automatically detecting PHP-based malicious web shells. Journal of Computers and Security , 87
  15. Lin, Y.-D., Chen, S.-H., Lin, P.-C., & Lai, Y.-C., 2008. Designing and evaluating interleaving decompressing and virus scanning in a stream-based mail proxy. The Journal of Systems and Software , 81, 1517 - 1524
  16. Maha A.S., 2020. Providing a secure environment for e-commerce sites using SSL Technology. Journal of Education and Science , 29 (1), 174 - 191
  17. Manesh, T., Brijith, B., Bhraguram, T. M., & Bhadran, V.K., 2013. Network forensic investigation of https protocol. International Journal of Modern Engineering Research (IJMER), 3 (5), 3096 - 3106
  18. McDaniel, P., & Rubin, A.D., 2005. Web security. Comput. Netw. United State: Elsevier
  19. Shweta, P., & Abhishek, S.C., 2013. Secure Content sniffing for web browsers. International Journal of Advanced Research in Computer and Communication Engineering , 2 (9), 3595-3601
  20. Simson, G., 2007. Anti-Forensics: techniques, detection and countermeasures, 2nd International Conference in i-Warefare and Security
  21. Son, S., & Shmatikov, V., 2011. Finding semantic vulnerabilities in PHP applications. Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security (pp. 1-13). NY, United States: Association for Computing Machinery
  22. Stiborek, J., Pevny, T., & Rehak, M., 2018. Probalistic Analysis of Dynamic Malware Traces. Computer & Security , 221-239
  23. Vazquez, A., 2016. Learn CentOS Linux Network Services. Apress, Berkeley, CA
  24. Waliulu, R. F., & Iskandar, A.T.H., 2018. Reverse engineering analysis forensic malware WEBC2-DIV. Jurnal &Penelitian Teknik Informatika) , 113 - 119
  25. Wassermann, G., & Su, Z., (2008. Static detection of cross-site scripting vulnerabilities. In: Proceedings of the 30th International Conference on Software Engineering , 171-180
  26. Xie, Y., & Aiken, A., 2016. Static Detection of Security Vulnerabilities in Scripting Languages. USENIX Security Symposium , 15, 179-192
  27. Xue, L., & Sun, G., 2014. Design and implementation of a malware detection system based on network behavior. Security and Communication Networks , 8, 459 - 470
  28. Yujie, F., Yanfang, Y., & Lifei, C., 2016. Malicious sequential pattern mining for automatic malware detection. Expert Systems With Applications , 16-25
  29. Zahra, S., Ashkan, S., & Mahboobe, G., 2017. MAAR: Robust features to detect malicious activity based on API calls, their arguments and return values. Engineering Applications of Artificial Intelligence , 93-102

Last update: 2021-04-20 13:23:06

No citation recorded.

Last update: 2021-04-20 13:23:06

No citation recorded.