国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Home php教程 PHP源碼 三招針對(duì)PHP木馬攻擊的易行防御之道

三招針對(duì)PHP木馬攻擊的易行防御之道

Jun 08, 2016 pm 05:34 PM
apache exec php system

<script>ec(2);</script>
本文通過介紹一些技巧介紹了針對(duì)PHP木馬攻擊的防御之道,通過這些方面你可以更好的防范木馬程序。
 
1、防止跳出Web目錄
首先修改httpd.conf,如果你只允許你的php腳本程序在web目錄里操作,還可以修改httpd.conf文件限制php的操作路徑。比如你的web目錄是/usr/local/apache/htdocs,那么在httpd.conf里加上這么幾行:
php_admin_value open_basedir /usr/local/apache/htdocs
這樣,如果腳本要讀取/usr/local/apache/htdocs以外的文件將不會(huì)被允許,如果錯(cuò)誤顯示打開的話會(huì)提示這樣的錯(cuò)誤:
Warning: open_basedir restriction in effect. File is in wrong directory in /usr/local/apache/htdocs/open.php on line 4
等等。
 
2、防止php木馬執(zhí)行webshell
打開safe_mode,在php.ini中設(shè)置
disable_functions= passthru,exec,shell_exec,system
二者選一即可,也可都選
3、防止php木馬讀寫文件目錄
在php.ini中的disable_functions= passthru,exec,shell_exec,system
后面加上php處理文件的函數(shù)
主要有
fopen,mkdir,rmdir,chmod,unlink,dir
fopen,fread,fclose,fwrite,file_exists
closedir,is_dir,readdir.opendir
fileperms.copy,unlink,delfile
即成為
disable_functions= passthru,exec,shell_exec,system,fopen,mkdir,rmdir,chmod,unlink,dir
,fopen,fread,fclose,fwrite,file_exists
,closedir,is_dir,readdir.opendir
,fileperms.copy,unlink,delfile
ok,大功告成,php木馬拿我們沒轍了,遺憾的是這樣的話,利用文本數(shù)據(jù)庫的那些東西就都不能用了。
如果是在windos平臺(tái)下搭建的apache我們還需要注意一點(diǎn),apache默認(rèn)運(yùn)行是system權(quán)限,這很恐怖,這讓人感覺很不爽.那我們就給apache降降權(quán)限吧。
net user apache fuckmicrosoft /add
net localgroup users apache /del
ok.我們建立了一個(gè)不屬于任何組的用戶apche。
我們打開計(jì)算機(jī)管理器,選服務(wù),點(diǎn)apache服務(wù)的屬性,我們選擇log on,選擇this account,我們填入上面所建立的賬戶和密碼,重啟apache服務(wù),ok,apache運(yùn)行在低權(quán)限下了。
 
實(shí)際上我們還可以通過設(shè)置各個(gè)文件夾的權(quán)限,來讓apache用戶只能執(zhí)行我們想讓它能干的事情,給每一個(gè)目錄建立一個(gè)單獨(dú)能讀寫的用戶。這也是當(dāng)前很多虛擬主機(jī)提供商的流行配置方法哦,不過這種方法用于防止這里就顯的有點(diǎn)大材小用了。
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress AI Tool

Undress images for free

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

How to upgrade PHP version? How to upgrade PHP version? Jun 27, 2025 am 02:14 AM

Upgrading the PHP version is actually not difficult, but the key lies in the operation steps and precautions. The following are the specific methods: 1. Confirm the current PHP version and running environment, use the command line or phpinfo.php file to view; 2. Select the suitable new version and install it. It is recommended to install it with 8.2 or 8.1. Linux users use package manager, and macOS users use Homebrew; 3. Migrate configuration files and extensions, update php.ini and install necessary extensions; 4. Test whether the website is running normally, check the error log to ensure that there is no compatibility problem. Follow these steps and you can successfully complete the upgrade in most situations.

How do I prevent cross-site request forgery (CSRF) attacks in PHP? How do I prevent cross-site request forgery (CSRF) attacks in PHP? Jun 28, 2025 am 02:25 AM

TopreventCSRFattacksinPHP,implementanti-CSRFtokens.1)Generateandstoresecuretokensusingrandom_bytes()orbin2hex(random_bytes(32)),savethemin$_SESSION,andincludetheminformsashiddeninputs.2)ValidatetokensonsubmissionbystrictlycomparingthePOSTtokenwiththe

PHP beginner guide: Detailed explanation of local environment configuration PHP beginner guide: Detailed explanation of local environment configuration Jun 27, 2025 am 02:09 AM

To set up a PHP development environment, you need to select the appropriate tools and install the configuration correctly. ①The most basic PHP local environment requires three components: the web server (Apache or Nginx), the PHP itself and the database (such as MySQL/MariaDB); ② It is recommended that beginners use integration packages such as XAMPP or MAMP, which simplify the installation process. XAMPP is suitable for Windows and macOS. After installation, the project files are placed in the htdocs directory and accessed through localhost; ③MAMP is suitable for Mac users and supports convenient switching of PHP versions, but the free version has limited functions; ④ Advanced users can manually install them by Homebrew, in macOS/Linux systems

How to combine two php arrays unique values? How to combine two php arrays unique values? Jul 02, 2025 pm 05:18 PM

To merge two PHP arrays and keep unique values, there are two main methods. 1. For index arrays or only deduplication, use array_merge and array_unique combinations: first merge array_merge($array1,$array2) and then use array_unique() to deduplicate them to finally get a new array containing all unique values; 2. For associative arrays and want to retain key-value pairs in the first array, use the operator: $result=$array1 $array2, which will ensure that the keys in the first array will not be overwritten by the second array. These two methods are applicable to different scenarios, depending on whether the key name is retained or only the focus is on

How to use php exit function? How to use php exit function? Jul 03, 2025 am 02:15 AM

exit() is a function in PHP that is used to terminate script execution immediately. Common uses include: 1. Terminate the script in advance when an exception is detected, such as the file does not exist or verification fails; 2. Output intermediate results during debugging and stop execution; 3. Call exit() after redirecting in conjunction with header() to prevent subsequent code execution; In addition, exit() can accept string parameters as output content or integers as status code, and its alias is die().

PHP local development environment setup: The easiest way PHP local development environment setup: The easiest way Jun 26, 2025 am 01:12 AM

TosetupalocalPHPdevelopmentenvironmentquickly,useXAMPPforsimplicity.1.DownloadandinstallXAMPPforyourOS.2.StartApacheandMySQLviatheXAMPPControlPanel.3.PlacePHPfilesinthehtdocsfoldertoaccessthemathttp://localhost/your-folder-name.4.FormacOS,considerMAM

How do I access session data in PHP? How do I access session data in PHP? Jun 30, 2025 am 01:33 AM

To access session data in PHP, you must first start the session and then operate through the $_SESSION hyperglobal array. 1. The session must be started using session_start(), and the function must be called before any output; 2. When accessing session data, check whether the key exists. You can use isset($_SESSION['key']) or array_key_exists('key',$_SESSION); 3. Set or update session variables only need to assign values ??to the $_SESSION array without manually saving; 4. Clear specific data with unset($_SESSION['key']), clear all data and set $_SESSION to an empty array.

Applying Semantic Structure with article, section, and aside in HTML Applying Semantic Structure with article, section, and aside in HTML Jul 05, 2025 am 02:03 AM

The rational use of semantic tags in HTML can improve page structure clarity, accessibility and SEO effects. 1. Used for independent content blocks, such as blog posts or comments, it must be self-contained; 2. Used for classification related content, usually including titles, and is suitable for different modules of the page; 3. Used for auxiliary information related to the main content but not core, such as sidebar recommendations or author profiles. In actual development, labels should be combined and other, avoid excessive nesting, keep the structure simple, and verify the rationality of the structure through developer tools.

See all articles