Version 1.32.3 of ISPProtect released today now also detects FoxAuto including different variants.
FoxAuto is a collection of tools that can be used to download and execute additional malicious scripts via vulnerabilities in a website (WordPress, its plugins, Joomla, etc.). Among other things, FoxAuto is used to send spam emails and run a web shell.
Parts of FoxAuto were already detected in previous versions of ISPProtect via heuristic analysis. In the latest version, special signatures have been added for further components of the tool.
What is a web shell?
A web shell is a (usually simple) web page that can be used to execute arbitrary console commands on the server. This is equivalent to access via SSH (depending on the server's security measures). Files can be read, edited, uploaded or deleted very easily. And such it is a high security threat.
Marius Burkard has been working as a software developer for 20 years and has several years of experience as a server administrator. As one of the lead developers of the ISPConfig control panel and technical contact for several hundred web hosting customers, he has extensive experience with malware, hacked websites and the analysis of vulnerabilities.