I’m using a shared hosting service provided by Bluehost and have many websites on this account. Last month, November, my brother wrote me that he received a lot of traffic to his website although he didn’t update anything. He worried that maybe a web shell backdoor was injected into his website because he used some null-ed plugins and templates (My bro, please don’t use any null-ed components anymore, buy commercial components or use free ones instead). If his website got attacked, my blog will be also on target because we use same account for both websites. I decided to make a short analysis of Apache Access Log (AAL) to check if a web shell backdoor is installed on my shared hosting.