Terminology
Security Risk
Refers to the potential server and application vulnerabilities detected by the monitoring system. Once exploited by hackers, these vulnerabilities could lead to data breaches, service interruptions, or other severe security issues, thereby posing security risks.
Malicious Trojan
After infiltrating a server, hackers install malicious Trojan programs that allow them to remotely control the server, conduct arbitrary damage or steal files, or even completely take over the victim host. Malicious Trojans are commonly used for data theft, surveillance, and further attacks.
Malicious Communication
Refers to situations where hackers, after compromising a server, force the server to establish unauthorized communication connections with an IP address specified by the hacker. This communication is typically not expected in the normal business operation and is used for data theft, system control, or initiating other malicious activities.
Remote Login
When server login behavior occurs from an uncommon location, significantly different from the usual usage pattern, it should be considered as a potential risk of password cracking by hackers. For example, hackers may attempt to guess the password or steal credentials to log in from a remote location, which could be a sign of intrusion.
Brute Force Success
Hackers use brute-force methods to try many possible combinations of usernames and passwords until they successfully crack and log into the server. Brute-force attacks are usually automated, with attackers continuously testing different username and password combinations until the correct credentials are found.
Configuration Defect
Refers to improper or insecure settings in the server or application configurations that may lead to security vulnerabilities. For instance, unsecured default settings, weak passwords, or overly permissive access controls could expose the server to attacks. It is recommended that administrators regularly review and modify configurations to enhance server security.
Agent
An Agent typically refers to a monitoring plugin or program installed on a server to collect data such as server status, performance metrics, or security logs. This data is used for real-time monitoring, alerts, and analysis to ensure the server’s healthy operation and detect potential security threats.
Webshell
A Webshell is a malicious script or program uploaded and executed via a web application vulnerability. Typically, hackers exploit a website server’s vulnerabilities to gain access and upload an executable script file. With a Webshell, attackers can remotely execute commands, access sensitive data, or even take full control of the server. The presence of a Webshell is often hard to detect but poses a significant security threat to the server.
Reverse Shell
A Reverse Shell refers to a technique where hackers execute malicious code on a compromised server, prompting the server to actively connect to an attacker-controlled machine, establishing a reverse connection. This technique is often used to bypass firewalls or NAT (Network Address Translation) restrictions, allowing attackers to remotely control the victim server and carry out further attacks or data theft.