First, the directory permissions settings are important:Can effectively prevent hackers to upload trojan files.
If you pass chmod 644 *-R, the PHP file will not have access.
If you pass chmod 755 *-R, the permissions on the PHP file are higher.
So you need to set directory permissions and file permissions separately:
- Linux Server permissions: frequently used commands:
Find/path-type f-exec chmod 644 {} \; Set file permissions to 644
Find/path-type d-exec chmod 755 {} \; Set directory permissions to 755
After Setup is complete, change the directory and file owner to root by command: Chown Root:root *-R.
This makes it more secure.
- FTP user, make sure that you are using a Linux host. Windows needs to log on to the server settings.
Go to the PHPCMS installation root directory and select all files:
Set the numeric value to: 755, selected at the same time: Select the recursive processing subdirectory, apply only to the directory
Also select all files, the numeric value is: 644, select the recursive processing sub-directory, apply only to the file
If you set it wrong, reset it again.
Second,Linux Find command to find suspicious Trojan files
Find: Files modified within 30 days find./-mtime-30-type f-exec ls-l {} \; Find all txt files in directory found./-name "*.txt"-print find all txt files in the directory and delete fi nd./-name "*.txt"-exec rm-rf {} \; Find all of the PHP files in the directory and the modified files in the 30 days find./-name "*.php"-mtime-30-typef-exec ls-l {} \; Find all the PHP files in the directory, while satisfying 30 days, 1 days before the find./-name "*.php"-mtime-30-mtime +1-type f-execls-l {} \;
Third,with Apache configuration qualification:1, Apache under the ban Directory execution PHP Restrict permissions by placing the. htaccess file under the directory.This method willPHPfile as an attachment and download. At the same time, the file can be accessed through the browser. Php_flag engine offUsage Scenarios:place in the following directory\uploadfile\\statics\\html\\phpsso_server\uploadfile\\phpsso_server\statics\
2. Prohibit access to all files via browser
placed under the directory. htaccessfile to restrict permissions. Rewriteengine onrewriterule ^ (. *)/index.htmlUsage Scenarios:\caches\\phpsso_server\caches\3, Prohibit PHP cross-directory browsing permissions configuration:
Virtual Host Configuration Sample:
<virtualhost *:80>
ServerAdmin[email protected]
Documentroot/data/wwwroot/www
ServerName www.phpip.com
<Directory/data/wwwroot/www>
Options FollowSymLinks
AllowOverride Options FileInfo
Order Allow,deny
Allow from all
Php_admin_value open_basedir/data/wwwroot/www/:/var/tmp/
DirectoryIndex index.htm index.html index.php
</Directory>
errorlog "| /usr/sbin/rotatelogs/data/logs/%m_%d_www.phpip.com-error_log 86400 480 "
Customlog "| /usr/sbin/rotatelogs/data/logs/%m_%d_www.phpip.com-access_log 86400 480 "Common
</VirtualHost>
4. Store Apache logs by day:
Refer to the above configuration file:
errorlog "| /usr/sbin/rotatelogs/data/logs/%m_%d_www.phpip.com-error_log 86400 480 "
Customlog "| /usr/sbin/rotatelogs/data/logs/%m_%d_www.phpip.com-access_log 86400 480 "Common
Linux Server Environment Security protection tutorial
