Logo of Trend Micro

Enable Webshell Protection

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the Webshell Protection feature is enabled in the Security Center settings in order to intercepts suspicious connections that are initiated by known webshells and quarantines related files. Once enabled, the Webshell Protection security feature applies protection for all your servers. The feature is available on the Enterprise Edition and Ultimate plans only.

Security

Enabling Webshell Protection in Alibaba Cloud Security Center shields your servers from malicious scripts (webshells). It automatically blocks suspicious connections and quarantines infected files, preventing attackers from gaining control or stealing data.

Audit

To determine if Webshell Protection is enabled in the Security Center settings, perform the following operations:

Getting the Webshell Protection feature status via Alibaba Cloud CLI (aliyun) is not currently supported.

Using Alibaba Cloud Console

01 Sign in to your Alibaba Cloud account.

02 Navigate to Security Center console available at https://yundun.console.aliyun.com/?p=sas#/overview/home.

03 In the top navigation bar, select the region where your servers reside (China or Outside China).

04 In the left navigation panel, under System Configuration, choose Feature Settings.

05 Choose the Settings tab, select Host Protection Settings, and check the Webshell Prevention setting status to determine if the Webshell Protection feature is enabled for your servers. If the Webshell Protection setting is disabled, the Webshell Protection security feature is not enabled for your Alibaba Cloud account. If the Webshell Protection setting is enabled without all your servers being included, the Webshell Protection security feature is not properly configured.

Remediation / Resolution

To ensure that the Webshell Protection security feature is enabled within your Alibaba Cloud account, perform the following operations:

Enabling the Webshell Protection feature status via Alibaba Cloud CLI (aliyun) is not currently supported.

Using Alibaba Cloud Console

01 Sign in to your Alibaba Cloud account.

02 Navigate to Security Center console available at https://yundun.console.aliyun.com/?p=sas#/overview/home.

03 In the top navigation bar, select the region where your servers reside (China or Outside China).

04 In the left navigation panel, under System Configuration, choose Feature Settings.

05 Choose the Settings tab, select Host Protection Settings, and turn on the Webshell Protection setting to enable the Webshell Protection feature for all your servers.

06 On the Configure Servers for Webshell Detection panel, select all your servers and choose OK to enable webshell detection and removal for all servers.

07 If your current Security Center plan does not support this feature, you must upgrade your plan to Enterprise Edition or Ultimate. On the Select a product version panel, select the Basic Services tab, and choose the necessary plan for upgrade. On the selected plan page you can configure quotas, advanced features, or auto-renewal settings. Once all the necessary settings are configured, select Buy Now, agree to terms and conditions, and choose Pay to finish the payment and upgrade your Security Center plan.

References

Publication date Apr 30, 2024

Related AlibabaCloud-SLS rules