Network Wrangler – Tech Blog

Web Server Security - Hackers

3 Signs Your Web Server’s Security has been Compromised

Web Server Security - HackersMore than ever, businesses have to be careful of attacks on servers and business networks to ensure that their data, and that of their customers’, are fully protected. This is especially true of sensitive data such as credit card and personal details, especially as a failure to protect this could incur a hefty fine when it comes to getting your audits carried out.

Tips to Help to Check out Web Server Integrity

Attacks on servers happen, and unfortunately, all too frequently – so for any anyone out there who is suspicious that the integrity of their web server may have been compromised – here are a few tips on how you can check it out.

Sitting Ducks

Generally speaking, web servers pose easy targets to hackers. They are online most of the time and they provide a gateway to the rest of the internal computer network. A piece of malware can be dumped anywhere in the network, do its evil deed and cause appropriate mayhem. Then it can be detected and removed. But if the way that the hacker got in via the server isn’t spotted, it’s oh so easy for the hacker to get in again to cause more trouble. Not to mention what he actually gets up to while he has the access.

#1: Beware of Web Shells

Web shells are a method that hackers use to get executable files into someone else’s computer network. They are “delivered” over the web and are usually text files that have an appropriate extension (php or cmd.aspx) that coincides with the extension(s) used by the host server. Once inserted into the server, by viewing the web shell, the hacker can then see the code he/she needs in order to be able to talk to the underlying system.

Compromised Web Shell Checks

Here are a few tell-tale signs to check for that will indicate your system has been tampered with by inserting web shells.

  • Run a scan in the web root looking for operating system calls
  • Look to see if there are any exe files or web app codes in the upload directories, or anywhere else you wouldn’t expect to find them
  • Check out the Parsing Web Server Logs looking for GET commands or POST requests in relation to any odd looking web scripts
  • Be on the alert for new processes imported via the web server process.

Continue to the rest of the article “3 Signs that your Web Server’s Security has been Compromised – Part 2” >>>

William Thompson is the Marketing Manager at Power Admin, a server monitoring software business in the Kansas City area. You can find him on Google+ and Twitter. William has been a professional in website design, digital marketing and 3D/graphic design for over 20 years.

Posted

in

, , ,

by

William Thompson

Tags: