Build a Windows PHP + MySQL + IIS Security Platform

Currently, more PHP websites are available. The CERT 365 team has studied PHP's network attack and defense technology, the team analyzed the principles of PHP Webshell backdoors, analyzed Php Webshell encryption, decrypted and analyzed a Webshell, cleared Webshell programs, PHP injection tools, and the essence of Php manual injection, more than 20 security questions, such as the classic practice of PHP injection, privilege escalation of PHP injection, comprehensive utilization of PHP injection database, and cross-site exploitation of PHP injection, were studied, for more information about the study, visit:Http://www.antian365.com/bbs/viewthread.php? Tid = 2890 & extra = page % 3D1View.

It has been almost a month since we came to CERT 365. For many reasons, we have not been able to bring any good articles to the CERT team in a timely manner. Just as soon as you are free, hurry up and devote yourself to it-(experience, thank you) Don't think it's a body ah Hey! I am not talking nonsense about our articles. I hope you can learn from this article what other articles can't learn. It's not a matter of writing this article. It's not just a brag. Even if Webshell is provided to you, you can't do anything about it. These things are not passed out in some security companies. Let's write them out and share them with you, provide security technology together. Welcome to CERT 365 (Www.antian365.com/bbs) The Forum will communicate with me. My ID is cnbird.
Part 1 Basic Environment Configuration

1. Brief Introduction

With the popularity and popularity of network marketing, especially the benefits and profits brought to enterprises through the network, more and more people are aware that in addition to the traditional sales and promotion modes, if the use of network resources to bring profits to enterprises has become an urgent problem for enterprises, many enterprises and individuals have now set up their own servers. The current server market is divided into several systems: the first is the Windows platform, the second is the Linux platform, and the remaining is mainly the BSD platform. First, we will introduce the advantages and disadvantages of various platforms:

The Windows platform is easy to build and has high maintainability. after a short period of training, you can build various services you need. The disadvantage is that Windows has many security vulnerabilities. If you do not have any security-aware administrators to maintain the server, it will soon be compromised, and the stability of the server is not flattering.

The advantage of Linux and BSD is that the permissions are carefully divided and the server stability is well known. Therefore, many large enterprises prefer Linux and BSD platforms. However, the disadvantage is that the maintenance is difficult and not suitable for small and medium enterprises. It takes a lot of money and time to train an all-powerful Linux and BSD system administrator.

I wrote this article to help some administrators configure the www Service on the Windows platform to ensure high security. Because I have studied many Linux and BSD systems, we will release some articles on Linux security configuration.

Ii. Build a Windows PHP + MySQL + IIS Security Platform

(1) install IIS

1. Install IIS

After installing the system, we may not install IIS by default, so we need to install IIS. First, place the system disk in the optical drive. Then, click "start"> "All Programs"> "Management Tools"> "manage your servers ".

2. Add a role

In the "manage your servers" window, you can see three main functional modules: "add and delete roles", "Manage File Servers", and "add Shared Folders", as shown in 1, click Add and delete roles to configure and manage servers.

498) this. style. width = 498; "border = 0>

Figure 1 use add and delete roles to manage servers

3. Configure the server role

In the displayed dialog box, click "Next". The Configuration Wizard starts to find some installed environments on your local machine, as shown in figure 2, you can configure file servers, print servers, application servers, email servers, terminal servers, VPN servers, DHCP servers, streaming media servers, and WINS servers, in short, Microsoft Windows 2003Server is much better than Windows 2000 Server in terms of management, making the configuration easier. In Figure 2, you can see which servers have been configured.

498) this. style. width = 498; "border = 0>

Figure 2 configure a server role

4. Configure the Application Server

Here, we select the Application Server (IIS, asp.net) and click "Next". There are two options in the interface shown in 3, the first "FrontPage Server Extension" is generally unavailable. We recommend that you do not select it for security reasons. The second "enable Asp.net" is to enable asp.net support. If your program is asp.net, select "enable asp.net" and click "Next" to install the program. The installation speed is very fast. After the installation is complete, we can run IIS. Click "start" menu> "All Programs"> "Management Tools ", an "IIS Server Manager" is added to the management tool, which indicates that the installation is successful. If this option is not available, repeat the preceding steps to continue or reinstall the tool.

498) this. style. width = 498; "border = 0>

Figure 3 Support for Asp.net enabled on the server

(2) download and install the latest mysql and php

1. Download Mysql

FromWww.mysql.orgDownload the latest version 6.0.8 and Mysql:Http://dev.mysql.com/get/Downloads/MySQL-6.0/mysql-6.0.8-alpha-win32.zip/from/http://mysql.ntu.edu.tw/.

2. Download Php

If PHP is not available locally, you can download it from Php:

Http://cn2.php.net/get/php-5.2.8-Win32.zip/from/cn.php.net/mirror

Why do we need to download the latest version? The hacker research of the latest version is relatively secure. The installation process is very simple. Simply follow the default installation instructions. Here, I will install php in the d: php Directory, and I will explain in detail how to configure Mysql later.

(3) Basic PHP preparation

1. Select to configure the PHP. ini file.

After the PHP installation is complete (in fact, the compressed package is decompressed, and there is also the kind of step-by-step installation of Microsoft msi, which I have not tried), we first come to the php installation directory, here we can see two php. ini file, that is, php. ini-dist and php. ini-recommended. We 'd better choose php. ini-recommended, because this file is an officially optimized php file. Change the name of this file to php. ini and copy it to the C: windows directory.

2. Copy the Libmysql. dll library file to the system.

Copy libmysql. dll to the system directory to allow the PHP program to connect to the MYSQL database. If mysql is not used, you do not need to copy it. Here, copy the Libmysql. dll file under the "D: php" directory to the "C: windowssystem32" directory.

3. Configure the php. ini file

Go to "C: windows" and find the php. ini file. We need to edit several parameters so that php can find the required components such as mysql library and gd library.

(1) modify the extension_dir parameter. 4. First, find extension_dir = ". /"change it to extension_dir =" D:/php/ext ". You must change it to your own configuration environment. Otherwise, it will not succeed.