1. Prevent httpd.conf to prevent the web directory, if you only allow your PHP script to operate in a web directory, you can also modify the HTTPD.conf file to limit the PHP's operation path. For example, your web directory is / usr / local / apache / htdocs, then add such a few lines in httpd.conf: php_admin_value open_basedir / usr / local / apache / htdocs, if the script is read / usr / local / apache / Files other than HTDOCS will not be allowed, if the error is displayed, it will prompt this error: WARNING: OPEN_BASEDIR RESTRICTION IN Effect. File is in wrong directory in /usr/local/apache/htdocs/open.php on line 4, etc. Wait. 2. Prevent PHP Trojan from performing WebShell to open SAFE_MODE, set disable_functions = passthru, exec, shell_exec, system, or select 3. Prevent PHP Trojan read and write file directory in php.ini the rear disable_functions = passthru, exec, shell_exec, system file plus function php process mainly fopen, mkdir, rmdir, chmod, unlink, dirfopen, fread, fclose, fwrite, file_existsclosedir, is_dir, readdir.opendirfileperms.copy, unlink , delfile become disable_functions = passthru, exec, shell_exec, system, fopen, mkdir, rmdir, chmod, unlink, dir, fopen, fread, fclose, fwrite, file_exists, closedir, is_dir, readdir.opendir, fileperms.copy, unlink, Delfileok, PHP Trojan is not a matter, ^ _ ^ Unfortunately, those things that use the text database can not be used! If we are apache built under the WINDOS platform, we need to pay attention to a point, apache default It is very horrible, which is very horrible. This makes people feel very uncomfortable. Then we give apache drop permissions .Net User apache fuckmicrosoft / addnet localgroup users apache / delok. We have established a user APCHE that does not belong to any group. We open the computer manager, select the service, click the properties of the Apache service. We choose LOG ON, select this Account, we fill in the account and password established above, restart the Apache service, OK, Apache runs under low right. Actual We can also let the Apache users can do things we want to do by setting the permissions of each folder, and create a separate user who can read and write for each directory. This is also popular in many virtual host providers. The configuration method is, but this method is used to prevent a bit of a large material from being used here.
