When you maintain many web applications on your server, sooner or later you may encounter a nasty surprise in the form of an unwanted addition to one of them. These additions are, of course, backdoors, and in the case of web applications the term “webshell” is used more often. Such a piece of code, uploaded to a server through an application vulnerability, allows unauthorized access to files on the server. In many cases, the attacker can also execute arbitrary commands on the compromised machine. The probability of such a situation rises dramatically when you maintain an application based on one of the popular CMSs, such as Joomla or WordPress. If you suspect that someone has gained unauthorized access to your server, how can you solve the problem, locate the threat, and remove it? This is explained in an article entitled “Webshells,” published in the Sekurak ZIN #4 and later on the sekurak.pl portal.