http://www.rising.com.cn/newsletter/news/2013-03-20/13380.html

https://www.trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Inside-the-Attacker-s-Toolbox--Webshell-Usage-Logging/

http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/5411

[Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging

https://www.trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Inside-the-Attacker-s-Toolbox--Webshell-Usage-Logging/

Command:

python scalp-0.4.py –l /var/log/apache2/access.log –f filter.xml –o output –html
05-04 08:31