A solution that prevents injection and invalidates the existing & quot; one-sentence Trojan

1. Anti-SQL Injection Baidu has written a PHP script against SQL Injection in 360.cn. Use GPC for detection. Some code: $ getfilter = "'| (and | or) \ B. +? (>|<|=| In | like) |\/\\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE) "; $ postfilter =" \ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | alte r | DROP | TRUNCATE) \ s + (TABLE | DATABASE) "; $ cookiefilter =" \ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | al ter | DROP | TRUNCATE) \ s + (TABLE | DATABASE) "; foreach ($ _ GET as $ key => $ value) {StopAttack ($ key, $ value, $ getfilter);} foreach ($ _ POST as $ key => $ value) {StopAttack ($ key, $ value, $ postfilter);} foreach ($ _ COOKIE as $ key = >$ value) {StopAttack ($ key, $ value, $ cookiefilter);} download this script. Put this script out of the web directory. Then modify PHP. ini: auto_prepend_file = 360_safe3.php. Note: however, it may conflict with the previous Code filtering and conversion part of the code. modify the code as needed. After doing so. All existing PHP files on the server are automatically protected .. You do not need ~ Blocked. The Code of Ji Li is protected .. O & M and development can be completed with peace of mind. The only problem with this is that the server load will be % 30-% 60. But for user data and security .. You are worth it. 2. Make the existing "one-sentence Trojan" invalid. There should be many one-sentence trojans on the server .. I have seen all the white hats upload webshells .. The kitchen knife is on. The kitchen knife uses php base64 encoding for POST requests to execute PHP scripts (I have captured packets myself ), therefore, even if you add the 360 security script according to my first step, the existing WEBSHELL cannot be prevented. We need to find a way to invalidate the existing WEBSHELL. Determine whether there is a base64_decode decryption function in POST or GET, and % 99 is the request. In this case, modify the code at the StopAttack of the first 360 security script. Add another sentence: preg_match ("/base64_decode/is", $ StrFiltValue) & exit ('_ stop attack'); some codes: function StopAttack ($ StrFiltKey, $ StrFiltValue, $ ArrFiltReq) {global $ attack_360_log; if (is_array ($ StrFiltValue) {$ StrFiltValue = implode ($ StrFiltValue);} preg_match ("/base64_decode/is", $ StrFiltValue) & exit ('_ stop attack'); if (preg_match ("/". $ ArrFiltReq. "/is", $ StrFiltValue) = 1 ){