Study on Remote File Attacking – Inclusion & Detection

Bhawna Sinha, Dr. D. K. Singh, Dr. Pankaj Kumar


Presently applications of web are increasing exponentially. We are almost totally dependent on Internet and associated technologies. Huge applications in all walk of lives are inviting attacks on them. Their usage are under constant by hackers that exploit their vulnerabilities to disrupt business and access confidential information. SQL Injection and Remote File Inclusion are the two most frequently used exploits and hackers prefer easier rather than complicated attack techniques. RFI is an overlooked menace. RFI attacks are more widespread than most assume. RFI attacks are today's most common security threat, accounting for more than 25% of all malicious sessions, far surpassing XSS (12%) and even exceeding SQLIs (23%). RFI uses the weakness of PHP language which in today’s world is the most widely used.


Security, Exploit, Vulnerability, RFI, Attack, File Inclusion


Michal Hubczyk, Adam Domanski, and Joanna Domanska, “Local and Remote file inclusion”, Springer 2012.

Documentation - “A Multi-Perspective View of PHP Remote File Include Attacks”, SANS Institute 2010.

José Fonseca, Marco Vieira, Henrique Madeira, “The Web Attacker Perspective – A Field Study”, IEEE 2010.

Chris Snyder, Thomas Myer, and Michael Southwell, “Preventing Remote Execution”, Springer 2010.

El-Bahlul Fgee, Ezzadean H. Elturki, A. Elhounie, “Security for Dynamic Websites in Educational Institution”, IEEE 2012 Sixth International Conference.

Robert Moskovitch, Dima Stopel, Clint Feher, Nir Nissim, Yuval Elovici, “Unknown Malcode Detection via Text Categorization”, IEEE 2008.

Hugo F. Gonz´alez Robledo, “Types of hosts on a Remote File

Inclusion(RFI) botnet”, IEEE 2008.

Jun-Hyung Park, Minsoo Kim, Bong-Nam Noh, James B D

Joshi, “A Similarity based Technique for Detecting Malicious Executable files for Computer Forensics”, IEEE 2006

Brad Wardman, Gaurang Shukla, Gary Warner, “Identifying Vulnerable Websites by Analysis of Common Strings in Phishing URLs” , IEEE 2009

Yuxin Meng, Lam-for Kwok, “A Generic Scheme for the Construction of Contextual Signatures with Hash Function in Intrusion Detection”, IEEE 2011

“ModSecurity Rule Writing Workshop” Ivan Ristic

Or Katz , Breach Security Inc. Documentation - “Detecting Remote File Inclusion Attack”, May 2009

Full Text: PDF [Full Text]


  • There are currently no refbacks.

Copyright © 2013, All rights reserved.|

Creative Commons License
International Journal of Science Engineering and Advance Technology is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJSEat , Permissions beyond the scope of this license may be available at