The site was hacked, found that the other party uploaded some names such as xxx.php.jpg files, the editor found that there Such code is inserted inside the file.
I want to know how the other party can make such a file execution? How to protect?
Software Environment: CentOS 6.5, Apache 2.x, PHP 5.x, Web site for the old version of Drupal two times development
Reply content:
The site was hacked, found that the other side uploaded some names such as xxx.php.jpg files, the editor found that there is such a code is inserted inside the file.
I want to know how the other party can make such a file execution? How to protect?
Software Environment: CentOS 6.5, Apache 2.x, PHP 5.x, Web site for the old version of Drupal two times development
' IIS 7.0/iis 7.5/nginx <8.03 Malformed Parsing vulnerability
In the default fast-cgi, upload a name of a.jpg, the content is
');? >
The file and then access a.jpg/.php, in this directory will generate a sentence of Trojan shell.php '
When uploading, judge the file type, do not just judge the extension
The eval of PHP is a dangerous function to be heard by others. Not only to disable in php.ini, but also to install plug-ins to disable this function.
First scan the Trojan to confirm that there are those Trojans and then through the Trojan name to confirm that the first successful access from the file, not necessarily have this picture file is to parse the vulnerability, there may be file contains it, Apache seems to be very old version of the version has this parsing vulnerability, 1. Php.xxx will be executed, you this is Apache words as if very first floor said is not the same type, the first floor said that only exist in iis7.x and Nginx, repair the upgrade version of the word.
is a sentence script
This kind of analytic vulnerability upgrade Web Servser, can also be patched to solve.
Prevention, if it is a picture, upload and remember to compress the compression function, the location of the coding structure can play a certain prevention.
In addition, do upload file execution permissions. Or turn on PHP's strict mode to block out high-risk functions.
Of course, more is from the programmer's own negligence caused by the loopholes, this can only look at personal level.