Description

This detects if the c99 web shell is installed on the system. The shell is often used by malicious parties to create a back door into the system.

Troubleshooting

False Positives

There are no known false positives with this rule. Please do not report this as a false positive if you allow the use of the c99 shell on your system.

If you believe this is a false positive, please report this following the process at the link below:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for more information if you wish to disable or modify this rule.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.