Website anti-injection and Trojan PHP. INI Security Settings

Source: Internet
Author: User

To prevent page attacks, you can include Attack Files in the header of the page, just like general anti-injection files. We can do this in three cases:
1. Reference in each file. This is acceptable, but it is inconvenient if a website contains hundreds of files.
2. Reference it in a co-inclusion file, such as the config. inc. php tutorial. This is a good solution and a popular practice in the market.
3. Reference in php. ini. Reference in the configuration file will affect all websites, including all pages. This is like some popular free space providers. When you activate an ftp space for free and upload the website, there will be advertisements in the same space. I don't know if this method is the same, but the purpose is the same. The benefit of doing so is: if it is a company or an enterprise's internal website, security and maintenance are also convenient.


The first two methods are clear to everyone. The third method is to find this section in php. ini:

; Automatically add files before or after any php document.
; Auto_prepend_file = "phpids. php"
; Auto_append_file = "alert. php"

The default value is null. Add the included files.
At the same time, find:

 

; Unix: "/path1:/path2"
; Include_path = ".:/php/shortdes"
;
Windows: "path1; path2"
Include_path = ".; f: phpnowhtdocs"


Because I have a windows environment, the windows option is enabled, and the path can be freely modified. At the same time, such features also make it easier for us to attack, such as Trojan. Now there are a lot of Trojan horse-mounting techniques in the market. We can use the auto_prepend_file option to mount Trojans in batches. We can mount websites on the entire server with the advantages of no speed impact, no file modification, and novel methods. Disadvantage: You must have write permission on php. ini.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.