Webshell detection scans servers and web directories for webshells and trojans at regular intervals. Security Center runs webshell detection tasks and generates alerts only when webshell detection is enabled. This topic describes how to enable webshell detection for your servers.

Background information

Security Center uses engines developed by Alibaba Cloud to scan for common webshell files. Security Center supports scheduled scan tasks, provides real-time protection, and allows you to quarantine webshell files with a few clicks.

The following list describes the webshell detection feature:

  • Security Center scans an entire web directory early in the morning on a daily basis. If a file in the web directory changes, Security Center immediately scans for webshells.
  • You can specify the assets on which Security Center scans for webshells.
  • You can quarantine, restore, or ignore the detected trojan files.


Only the Enterprise and Ultimate editions of Security Center support this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.


  1. Log on to the Security Center console. In the left-side navigation pane, choose System Configuration > Feature Settings.
  2. In the Webshell Detection section of the General tab, click Manage.
  3. In the Configure Servers for Webshell Detection panel, select servers for which you want to enable webshell detection.
  4. Click Determine.

What to do next

After you enable webshell detection for your servers, you can view the alerts whose type is Webshell on the Alerts page. If you do not handle these alerts, they may pose threats to your servers. We recommend that you handle these alerts at the earliest opportunity. For more information, see View and handle alerts.