First modify httpd.conf, if you only allow your PHP script to operate in a web directory, you can also modify the HTTPD.conf file to limit the PHP's operation path. For example, your web directory is / usr / local / apache / htdocs, then plus such a few lines in httpd.conf:
PHP_ADMIN_VALUE OPEN_BASEDIR / USR / LOCAL / APACHE / HTDOCS
This way, if the script is read / usr / local / apache / htdoCs will not be allowed, if the error is displayed, this error is prompted:
Warning: Open_Basedir Restriction in Effect. File is in Wrong Directory in
/usr/local/apache/htdocs/open.php on line 4
and many more.
2. Prevent PHP Trojan to perform WebShell
Open SAFE_MODE,
Setting in pHP.INI
Disable_functions = passthru, exec, shell_exec, system
Options can be selected, or you can choose
3. Prevent PHP Trojan reading and writing documentation
In pHP.ini
Disable_functions = passthru, exec, shell_exec, system
After adding a function of PHP processing files
There are
Fopen, Mkdir, Rmdir, Chmod, Unlink, Dir
Fopen, Fread, Fclose, Fwrite, File_exists
CloseDir, is_dir, readdir.opendir
FILEPERMS.COPY, Unlink, Delfile
Be
Disable_functions = passthru, exec, shell_exec, system, fopen, mkdir, rmdir, chmod, unlink, DIR
, Fopen, Fread, Fclose, Fwrite, File_exists
, Closedir, IS_DIR, ReadDir.Opendir
Fileperms.copy, unlink, Delfile
OK, I am very gone, PHP Trojan is nothing, ^ _ ^
Unfortunately, this is what the text is used to use the text database.
If we need to pay attention to the Apache built under the Windos platform, Apache's default run is System permissions, which is terrible, which makes people feel very uncomfortable. Then we give apache to drop permission.
Net User Apache FuckMicrosoft / Add
Net localgroup users apache / del
We established a user APCHE that is not belonging to any group.
We open the computer manager, select the service, click the properties of the Apache service. We choose LOG ON, select this Account, we fill in the account and password established above, restart the Apache service, OK, and apache run in low rights.
In fact, we can also let the Apache users can do things we want to do, and create a separate user who can read and write users. This is also the current business provider of virtual host suppliers. The popular configuration method, but this method is used to prevent a bit large material from which it will be used.
