PHPCMS v9 super Security tutorial

Source: Internet
Author: User

PHPCMS v9 super Security tutorial

I. directory permission setting is very important: it can effectively prevent hackers from uploading trojan files.

If you use chmod 644 *-R, the PHP file has no access permission.
If you use chmod 755 *-R, the PHP file has higher permissions.

Therefore, you need to set the Directory and file permissions separately:

Linux Server permissions: Frequently Used commands:


Find/path-type f-exec chmod 644 {}\; // set the File Permission to 644
Find/path-type d-exec chmod 755 {}\; // set the directory permission to 755

After setting, run the command: chown root: root *-R to change the Directory and file owner to root.

This makes it safer.

The FTP user is sure to use the linux host. For windows, you need to log on to the server and set it.
Go to the phpcms installation root directory and select all files:
Set the number to 755, and select: Select recursive processing sub-directory to apply only to the directory
Similarly, select all files with a numeric value of 644. Select recursive processing sub-directories and apply them only to files.
If the setting is incorrect, you can set it again.


Ii. Search for suspicious trojan files using the Linux find command
Search: Files modified within 30 days
Find./-mtime-30-type f-exec ls-l {}\;
Find all txt files in the directory
Find./-name "*. txt"-print
Find all txt files in the directory and delete them.
Find./-name "*. txt"-exec rm-rf {}\;
Find all PHP files in the directory that have been modified for 30 days.
Find./-name "*. php"-mtime-30-typef-exec ls-l {}\;
Find all PHP files in the directory.
Find./-name "*. php"-mtime-30-mtime + 1-type f-execls-l {}\;

Iii. Restrictions through apache configuration:
1. Disable directory execution in apache
Restrict Permissions by placing the. htaccess file under the directory.
This method uses the PHP file as an attachment and downloads it. In addition, files can be accessed through a browser.
Php_flag engine off

Use Cases: Place
 

\uploadfile\ \statics\ \html\ \phpsso_server\uploadfile\ \phpsso_server\statics\

2. prohibit access to all files through a browser

Restrict Permissions by placing the. htaccess file under the directory.
RewriteEngine on
RewriteRule ^ (. *)/index.html

Use Cases:
\ Caches \
\ Phpsso_server \ caches \

3. Disable php cross-directory browsing permission Configuration:


VM configuration example:
 

<VirtualHost *:80> ServerAdmin root@phpip.com DocumentRoot /data/wwwroot/www ServerName www.phpip.com <Directory /data/wwwroot/www> Options FollowSymLinks AllowOverride Options FileInfo Order allow,deny Allow from all php_admin_value open_basedir /data/wwwroot/www/:/var/tmp/ DirectoryIndex index.htm index.html index.php </Directory> ErrorLog "| /usr/sbin/rotatelogs /data/logs/%m_%d_www.phpip.com-error_log 86400 480" CustomLog "| /usr/sbin/rotatelogs /data/logs/%m_%d_www.phpip.com-access_log 86400 480" common </VirtualHost>


4. Store apache logs by day:

Refer to the above configuration file:
ErrorLog "|/usr/sbin/rotatelogs/data/logs/% m _ % d_www.phpip.com-error_log 86400 480"
CustomLog "|/usr/sbin/rotatelogs/data/logs/% m _ % d_www.phpip.com-access_log 86400 480" common

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.