Hey, I've got a web shell on my website. The server admin mentioned a vulnerability and recommended updating the CMS.



However, the site is solely built with HTML, without any PHP code, registration forms, or photo galleries. The only plugin it has is Highslide JS for image enlargement. Can anyone advise on how to handle this situation? Any thoughts or experiences to share?

To commence the resolution process, it's imperative to scrutinize the server logs and error messages to pinpoint the installation method of the web shell. Understanding whether the vulnerability is associated with the Highslide JS plugin or with the server itself is critical. If the issue is related to the plugin, it would be advisable to seek an updated version of Highslide JS or explore alternative plugins that offer similar image enlargement functionality.

Maintaining the software on your website, including plugins and libraries, up-to-date is essential for bolstering web security. If there is a known vulnerability in Highslide JS, updating the plugin or seeking a replacement could serve as the solution to the problem.

Moreover, consider implementing additional security measures such as a web application firewall to shield your website from potential future attacks. Regular monitoring for any anomalous activity on your website and backing up your website's files and database are imperative in the event of a compromise.

It is also crucial to collaborate closely with your server administrator throughout the resolution process. Seeking guidance and working in tandem with them will strengthen your website's security measures and mitigate the risk of future breaches. Open communication and a collaborative approach will be beneficial in resolving the issue and fortifying your website's defenses.

Can I inquire about your process of discovering that the website is purely coded in html? It's not always possible to access the source code for every page. Additionally, if I grasp your point correctly, you're referring to a hosting site, and in that case, it's not feasible for everything to be in html, as at least one server-side programming language is required.
In essence, it's possible to deploy various elements using diverse methods. Even if the website is built solely with html, but the server is compatible with php, all php-based content will function on the site.

Indeed, the option of injecting a shell is not out of the question. Assuming the server has been compromised, it's safe to assume that all sites on it have been affected by the web shell. Alternatively, it could have stemmed from a neighboring website. It's puzzling, though. If the site is straightforward, why would it be targeted for injection? Odd.

Chances are, it was infected from a neighboring site on the same server. However, the exact entry point needs to be clarified with the administrators. Seek their assistance. Besides, some hosting administrators lack technical expertise yet emphasize CMS. On a side note, consider re-uploading the site to the server.