1. Prevent it from jumping out of the web directory
Modify httpd.conf, if you only allow your PHP script to operate in a web directory, you can also modify the HTTPD.conf file to limit the PHP's operation path. ratio
If your web directory is / usr / local / apache / htdocs, then add such a few lines in httpd.conf:
PHP_ADMIN_VALUE OPEN_BASEDIR / USR / LOCAL / APACHE / HTDOCS
This way, if the script is read / usr / local / apache / htdoCs will not be allowed, if the error is displayed
Will prompt such an error:
Warning: Open_Basedir Restriction in Effect. File is in Wrong Directory in
/usr/local/apache/htdocs/open.php on line 4
and many more.
2. Prevent PHP Trojan to perform WebShell
Open SAFE_MODE,
Setting in pHP.INI
Disable_functions = passthru, exec, shell_exec, system
Options can be selected, or you can choose
3. Prevent PHP Trojan reading and writing documentation
In pHP.ini
Disable_functions = passthru, exec, shell_exec, system
After adding a function of PHP processing files
There are
Fopen, Mkdir, Rmdir, Chmod, Unlink, Dir
Fopen, Fread, Fclose, Fwrite, File_exists
CloseDir, is_dir, readdir.opendir
FILEPERMS.COPY, Unlink, Delfile
Be
Disable_functions = passthru, exec, shell_exec, system, fopen, mkdir, rmdir, chmod, unlink, DIR
, Fopen, Fread, Fclose, Fwrite, File_exists
, Closedir, IS_DIR, ReadDir.Opendir
Fileperms.copy, unlink, Delfile
OK, I am very gone, PHP Trojan is nothing, ^ _ ^
Unfortunately, the things that use the text database cannot be used!
If we need to pay attention to the Apache built under the Windos platform, Apache's default run is System permissions, which is terrible, which makes people feel very uncomfortable. Then we give apache to drop permission.
Net User Apache FuckMicrosoft / Add
Net localgroup users apache / del
We established a user APCHE that is not belonging to any group.
We open the computer manager, select the service, click the properties of the Apache service. We choose LOG ON, select this Account, we fill in the account and password established above, restart the Apache service, OK, and apache run in low rights.
In fact, we can also let the Apache users can do things we want to do, and create a separate user who can read and write users. This is also the current business provider of virtual host suppliers. The popular configuration method, but this approach is used to prevent a bit of a little large material from this.
