PHPCMS v9 super Security tutorial
I. directory permission setting is very important: it can effectively prevent hackers from uploading trojan files.
If you use chmod 644 *-R, the PHP file has no access permission.
If you use chmod 755 *-R, the PHP file has higher permissions.
Therefore, you need to set the Directory and file permissions separately:
Linux Server permissions: Frequently Used commands:
Find/path-type f-exec chmod 644 {}\; // set the File Permission to 644
Find/path-type d-exec chmod 755 {}\; // set the directory permission to 755
After setting, run the command: chown root: root *-R to change the Directory and file owner to root.
This makes it safer.
The FTP user is sure to use the linux host. For windows, you need to log on to the server and set it.
Go to the phpcms installation root directory and select all files:
Set the number to 755, and select: Select recursive processing sub-directory to apply only to the directory
Similarly, select all files with a numeric value of 644. Select recursive processing sub-directories and apply them only to files.
If the setting is incorrect, you can set it again.
Ii. Search for suspicious trojan files using the Linux find command
Search: Files modified within 30 days
Find./-mtime-30-type f-exec ls-l {}\;
Find all txt files in the directory
Find./-name "*. txt"-print
Find all txt files in the directory and delete them.
Find./-name "*. txt"-exec rm-rf {}\;
Find all PHP files in the directory that have been modified for 30 days.
Find./-name "*. php"-mtime-30-typef-exec ls-l {}\;
Find all PHP files in the directory.
Find./-name "*. php"-mtime-30-mtime + 1-type f-execls-l {}\;
Iii. Restrictions through apache configuration:
1. Disable directory execution in apache
Restrict Permissions by placing the. htaccess file under the directory.
This method uses the PHP file as an attachment and downloads it. In addition, files can be accessed through a browser.
Php_flag engine off
Use Cases: Place
\uploadfile\ \statics\ \html\ \phpsso_server\uploadfile\ \phpsso_server\statics\
2. prohibit access to all files through a browser
Restrict Permissions by placing the. htaccess file under the directory.
RewriteEngine on
RewriteRule ^ (. *)/index.html
Use Cases:
\ Caches \
\ Phpsso_server \ caches \
3. Disable php cross-directory browsing permission Configuration:
VM configuration example:
<VirtualHost *:80> ServerAdmin root@phpip.com DocumentRoot /data/wwwroot/www ServerName www.phpip.com <Directory /data/wwwroot/www> Options FollowSymLinks AllowOverride Options FileInfo Order allow,deny Allow from all php_admin_value open_basedir /data/wwwroot/www/:/var/tmp/ DirectoryIndex index.htm index.html index.php </Directory> ErrorLog "| /usr/sbin/rotatelogs /data/logs/%m_%d_www.phpip.com-error_log 86400 480" CustomLog "| /usr/sbin/rotatelogs /data/logs/%m_%d_www.phpip.com-access_log 86400 480" common </VirtualHost>
4. Store apache logs by day:
Refer to the above configuration file:
ErrorLog "|/usr/sbin/rotatelogs/data/logs/% m _ % d_www.phpip.com-error_log 86400 480"
CustomLog "|/usr/sbin/rotatelogs/data/logs/% m _ % d_www.phpip.com-access_log 86400 480" common