Login
      Contents x
      Webshell Behavior Detector prerequisites
        • Print
        • PDF
        Contents

        Webshell Behavior Detector prerequisites

          • Print
          • PDF
          Article summary

          The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.

          Available in VPC

          Check the information in advance including supported environments and precautions before starting to use the Webshell Behavior Detector service.

          Service environment

          Webshell Behavior Detector can be used in the following environments:

          VM environment

          ClassificationSpecifications
          OS
        • CentOS 6.3 or later
        • Ubuntu 16.04 or later
        • Oracle Linux 7.4 or later
        • Red Hat Enterprise Linux 7.6 or later
        • Windows Server 2017 or later
          • Web Server
        • (Linux) Apache
        • (Linux) Tomcat
        • (Linux) Nginx
        • (Windows) IIS

          • Kubernetes environment

          ClassificationSpecifications
          Base OS for Container
        • CentOS 6.3 or later
        • Ubuntu 16.04 or later
        • Oracle Linux 7.4 or later
        • Red Hat Enterprise Linux 7.6 or later
          • Web Server
        • Apache
        • Tomcat
        • Nginx

          • Cautions for use

          When using Webshell Behavior Detector, please note the following:

          • Make sure that the agent is enabled from the NAVER Cloud Platform console after installation.
            The agent must be enabled to be able to detect web shell behaviors. If the agent is not enabled, change its status.
          • When installing the agent, check the user guide and make sure that it is configured correctly to your server environment.
            It must be configured according to the server environment to be able to detect web shell behaviors. If strange detections are collected or a confirmation is required whether it is successfully configured, see the user guide.
          • Be careful when taking measures such as isolating files suspected to be web shells or blocking suspicious attacker IPs.
            The list of files suspected to be web shells and suspicious attacker IP show the targets with high probability of being threats. The provided list of suspicious files and IPs is made by collecting various information, such as file creation time and access logs. It is provided for your reference when responding. Make sure to review carefully before isolating files or blocking IPs since isolating normal web service files or blocking normal IPs may cause service failure.
          • Webshell Behavior Detector needs time to adapt to customers' web service environment.
            Intended task behaviors (normal behaviors) may be detected and flagged as suspicious for about a month in the early stage of service use. If you apply exception rules for the normal behaviors, the detection will become more focused on web shell behaviors. You can adjust the notification cycle settings during this adaptation period to stop receiving too many detection notifications.

          Usage fee

          Webshell Behavior Detector is serviced on a pay-as-you-go pricing plan.
          For more information about Webshell Behavior Detector's pricing standards, see the Portal > Services > Webshell Behavior Detector page.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout