Web shell | prevention and mitigation

Prevention and mitigation

A web shell is usually installed by taking advantage of vulnerabilities present in the web server's software. That is why removal of these vulnerabilities are important to avoid the potential risk of a compromised web server.

The following are security measures for preventing the installation of a web shell:[3][4]

  • Regularly update the applications and the host server's operating system to ensure immunity from known bugs
  • Deploy a demilitarized zone (DMZ) between the web facing servers and the internal networks
  • Secure configuration of the web server[3]
  • Ports and services which are not used should be closed or blocked[3]
  • Using user input data validation to limit local and remote file inclusion vulnerabilities[3]
  • Use a reverse proxy service to restrict the administrative URL's to known legitimate ones [3]
  • Frequent vulnerability scan to detect areas of risk and conduct regular scans using web security software (this does not prevent zero day attacks[3])
  • Deploy a firewall[3]
  • Disable directory browsing
  • Not using default passwords[3]