1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Drupal PHP Remote Code execution

Attack: Drupal PHP Remote Code execution

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects PHP shell uploads and PHP shell commands sent to web servers.

Additional Information

PHP Shell is a shell created in PHP script. This PHP script is uploaded into remote webservers which are later used as a tool to run arbitrary commands, upload arbitrary files to the compromised server.


  • Various webservers.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube