Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

B347K-Shell Detection Added To Ez Admin Helper Rate Topic   * * * * - 1 votes

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 9,818 posts

Posted 13 June 2017 - 10:47 PM #1

We have added detection and quarantine of any b347k-shell php files on your site.

Any found file will be quarantined to the ./app/addons/ez_maint/quarantine_files folder of your site.  Files in this folder should be removed after examination.

 

The b347k PHP file will allow remote execution of underlying shell commands (including PHP) that can be controlled remotely based on cookies and command line parameters.

 

Detection will occur with version 4.5.28 of EZ Admin Helper when the "Check security intrusions" action is either run automatically via cron or when the 'run once' link is clicked.   Current customers will be updated automatically to the new version.  We will continue to add new security vulnerability detection and resolution as they are brought to our attention.

 

If we can determine how this file was added to a site and it is somehow via cs-cart then we will add a solution for that root-cause condition.  But for now, we will detect and quarantine any b347k script that is present within your site in any directory.

 

Note that a webshell can have completely legitimate use or it can be used as malware.  We've chosen to assume that if it's in your cs-cart directory structure that it is being used as malware.  If you have a valid use of the b347k webshell on your site, please contact us and we will provide instructions for how to NOT have it detected.

 

For more details on b347k web shell google it or a pretty quick summary is here: https://malware.expe...or/b374k-shell/


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.