These are just a few of the most commonly used file handling functions, and you can also combine the above command functions with this function,
will be able to resist most of the Phpshell.
(7) Close the PHP version information in the HTTP header leak
In order to prevent hackers from getting the PHP version of the server information, you can close the information ramp in the HTTP header:
expose_php = Off
For example, when the hacker in Telnet www.shilicn.com 80, then will not see the PHP information.
(8) Close registered global variables
Variables submitted in PHP, including those that use post or get commits, are automatically registered as global variables and can be accessed directly,
This is very insecure for the server, so we can't register it as a global variable, and turn off the Register global variables option:
Register_globals = Off
Of course, if this is set, then the corresponding variable should be taken in a reasonable way, such as get the variable var of get commit,
Then you need to use $_get[' var ' to get it, this PHP programmer should pay attention to.
(9) Open MAGIC_QUOTES_GPC to prevent SQL injection
SQL injection is a very dangerous problem, small site background was invaded, heavy the entire server fell,
So be sure to be careful. There is a setting in php.ini:
MAGIC_QUOTES_GPC = Off
This is off by default, and if it is turned on, it will automatically convert the query that the user commits to SQL.
For example, "switch to \" And so on, which is important to prevent SQL injection. So we recommend setting it to:
MAGIC_QUOTES_GPC = On
(10) Error Message control
In general, PHP is not connected to the database or in other cases there will be a prompt error, the general error message will contain PHP script when
Before the path information or query SQL statements and other information, such information provided to the hacker is not secure, so the general server recommends that you suppress the error prompt:
Display_errors = Off
If you are trying to display an error message, be sure to set the level of display errors, such as displaying only the information above the warning:
error_reporting = e_warning & E_error
Of course, I recommend turning off the error prompt.
(11) Error log
It is recommended to log the error message after closing the display_errors to find out why the server is running:
Log_errors = On
Also set the directory where the error log is stored, suggesting that the root Apache log exists together:
Note: The to file must allow Apache users and groups to have write permissions.
MySQL's Down right run
Create a new user such as Mysqlstart
NET user Mysqlstart ****microsoft/add
net localgroup users Mysqlstart/del
Does not belong to any group
If MySQL is installed in D:\mysql, then give Mysqlstart Full control of the permissions
Then set in the system service, MySQL service properties, in the login properties, select this user Mysqlstart and then enter the password, OK.
Restart the MySQL service, and then MySQL runs under low authority.
If the Apache is built under the WinDOS platform, we also need to note that Apache default operation is the system permission,
It's horrible, and it makes you feel uncomfortable. Let's give Apache permission to drop it.
NET user Apache ****microsoft/add
net localgroup users Apache/del
Ok. We have created a user apche that does not belong to any group.
We open the Computer Manager, select the service, point to the properties of the Apache service, we select Log on, choose this account, we fill in the accounts and passwords established above,
Restart the Apache service, Ok,apache running under low authority.
In fact, we can also set individual folder permissions, so that Apache users can only do what we want it to do, to each directory to create a separate read and write users.
This is also a popular configuration method for many current web hosting providers, but this method is used to prevent a bit of overkill here. (http://www.65066.com.cn)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.