Version 1.32.3 of ISPProtect released today now also detects FoxAuto including different variants.

FoxAuto is a collection of tools that can be used to download and execute additional malicious scripts via vulnerabilities in a website (WordPress, its plugins, Joomla, etc.). Among other things, FoxAuto is used to send spam emails and run a web shell.

Parts of FoxAuto were already detected in previous versions of ISPProtect via heuristic analysis. In the latest version, special signatures have been added for further components of the tool.

What is a web shell?

A web shell is a (usually simple) web page that can be used to execute arbitrary console commands on the server. This is equivalent to access via SSH (depending on the server's security measures). Files can be read, edited, uploaded or deleted very easily. And such it is a high security threat.

ISPProtect version 1.32.3 with FoxAuto web shell detection