The Webshell Audit module is to manually detect and eliminate webshells. In future updates, additional features such as "illegal content scanning, blacklink detection, and malicious code (backdoor/drive-by download) scanning" will be incorporated.

Scan Path:

All Websites: The system automatically analyzes and scans each website on the server, currently supporting Apache, Nginx, and IIS.

Specified Path: Scan a designated path, such as the main directory where websites are stored. Note: Do not scan system directories to prevent accidental deletion that could lead to system crashes, e.g., C:\windows, \usr.

Extreme Mode:

Utilizes a stricter scanning approach. This mode can detect more Webshells (especially one-liner Trojans and their variants). However, it also comes with significant side effects. All results from this mode must be manually reviewed before taking any action.

Scan All File Types:

By default, the Webshell Audit module only scans file types specified in "Webshell Protection - Protection Settings". To scan all file types, please check this option.

Scan Whitelist:

By default, the Webshell Audit module does not scan files listed in the "Webshell Protection - Protection Settings" whitelist. To scan these files, please check this option.

Handling of Scanning Results:

Detected Webshells can be "quarantined, deleted, or whitelisted".

Friendly Reminder: Processing may fail because the Webshell Protection module may automatically scan and handle these files.

Quarantine: Move Webshells to a quarantine directory. This is the recommended option.

Delete: Delete Webshells. This option has significant side effects and is not recommended.

Whitelist: Add Webshells to the "Path Whitelist" so they will not be scanned in the future.