When you maintain a lot of web applications on your server, sooner or later you may encounter a nasty surprise in the form of an unwanted add-on included in an application. These add-ons are of course backdoors, and in the case of web applications, the term “webshell” is used more often. Such a code fragment, uploaded to a server through a vulnerability in an application, allows for unauthorized access to files on the server. The attacker can also usually execute any commands on the compromised server. The probability of such a situation rises dramatically when you maintain an application based on one of popular CMSs – Joomla or WordPress. If you suspect that someone has obtained unauthorized access to your server, how can you solve the problem, locate the threat and remove it? This is explained it in an article entitled “Webshells”, published in the Sekurak ZIN #4 and later on the sekurak.pl portal.