Web shells allow remote administration on web servers. They may be used for legitimate purposes, but they are often installed by cybercriminals and other adversaries to gain unauthorized access to systems and networks, including those at universities.
Our new risk advisory has more information about this threat and tactics for mitigating it.