The information herein is for educational purposes only and the reader is reminded that hacking a computer system is illegal in many countries and the responsibility lies with the person performing the hack.
Is antivirus necessary on a server? or even a Linux or BSD based server?
Linux or BSD are known to be extremely reliable systems, but there are strategies for attempting a hack.
Typically, a server hosts listening services ready to respond to user requests, and many of these strategies are geared toward forcing these services to perform unintended actions.
On this page we will show a possible situation of an http/https server (known as a web server or server hosting a website).
There are many sites where it is possible to upload a file and if this is possible without additional controls it exposes the server to a serious cyber threat: web shell.
Web shells aim to execute commands on the server, in Linux or BSD systems the most potentially dangerous commands are protected by administration passwords, but this does not make the server safe because:
1. there are commands that with execution privileges as a web server can delete, modify website files and thus this exposes website users to potential cyber, privacy or sensitive data acquisition threats.
2. even commands that require the administration password can be executed under circumstances that will not be examined on this page.
PHP web shell examples are Nano, Shellmon.
It is characterized by the fact that the PHP system function is not inside the PHP script, but is inserted through the GET.
And this makes it harder for an antivirus to identify, plus you can modify the GET with the here equivalent in Unicode.
$_GET[f]($GET_[c]);
PHP has a functions to execute system commands, one of them is the system function which is passed as a GET parameter.
Always through GET is passed the parameter of the function system that identifies the exact command to execute.