Attackers often use web shells to mimic legitimate files and compromise web servers. These best practices will lower your risk. One tool that bad guys use to go after your web servers is a web shell.