http://www.rising.com.cn/newsletter/news/2013-03-20/13380.html
https://www.trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Inside-the-Attacker-s-Toolbox--Webshell-Usage-Logging/
http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/5411
[Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging
https://www.trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Inside-the-Attacker-s-Toolbox--Webshell-Usage-Logging/
Command:
python scalp-0.4.py –l
/var/log/apache2/access
.log –f filter.xml –o output –html