Some case studies on PHP (1)

1. a PHP-based webshell attack is displayed on wooyun. The highly concealed webshell uses common php code to encrypt the real shell Content and save it to the image. Only one url is left and the url is encrypted, therefore, no features can be found externally.

1. a PHP-based webshell attack is displayed on wooyun. The highly concealed webshell uses common php code to encrypt the real shell Content and save it to the image. Only one url is left and the url is encrypted, therefore, no features can be found externally.

1. PHP-based webshell attacks

On the dark clouds, we can see a php-based webshell attack.

The highly concealed webshell uses common php code to encrypt the real shell Content and save it to the image. Only one url is left and the url is encrypted, therefore, no features can be found externally, making it hard to be found. When the above url is opened, 404 is displayed, and the 404 page is a trojan disguised as 404, change the title to 404 Not Found.

2. Do not use or use less else statements

For if else, it may seem good to have a complete structure and if else, but sometimes the code is cumbersome and may lead to logic confusion; you can use one result as the benchmark. if judgment is performed in other cases. That is, the default value is A. if an exception occurs, the value is B, as shown in the right figure below:

3. Single-page application)

A single page means that all operations and la s are performed under a single page. Different content is loaded according to different user requests without page Jump.

Advantages: simple page structure, small data size, bandwidth saving, fast response, good experience, easy to develop, maintain and optimize;

Disadvantage: the use of ajax technology is not conducive to seo.

4. Let the search engine capture ajax content

For the single page structure in the previous case, the program uses the # structure url to control the page content, but it will not be crawled by the search engine.

Method 1: twitter uses the "Well Number + exclamation point" structure, but the experience is poor and cumbersome;

Method 2: Use the History API to change the address displayed in the browser address bar without refreshing the page. The procedure is as follows:

A. Use the History API to replace the well number structure and change each # number to A normal URL. In this way, the search engine captures every webpage.

B. Define a JavaScript function to process the Ajax part and capture the content based on the URL.

C. Define the mouse click event. Use the popstate event of the History object to process the browser's "forward/backward" button.

D. Set the server side.

V. CURL_MULTI_INIT ()

I used curl_init () all the time. Recently I saw curl_multi_init (). I thought it would bring more efficient code. After reading the curl_multi step, I felt quite complicated, in addition, curl_multi may cause high cpu usage and fake webpage death. At the same time, compared with curl_init and curl_multi_init, multithreading is not necessarily faster than a single thread. multithreading can only process multiple tasks at the same time, the time cost is not necessarily low. The following describes how to use curl_multi:

Step 1: Call curl_multi_init;

Step 2: Call curl_multi_add_handle cyclically;

Note that the second parameter of curl_multi_add_handle is the sub-handle from curl_init;

Step 3: continuously call curl_multi_exec;

Step 4: Call curl_multi_getcontent cyclically to obtain the result as needed;

Step 5: Call curl_multi_remove_handle and call curl_close for each handle;

Step 6: Call curl_multi_close.

Vi. PHP strstr () function

Strstr (string, search) searches for the first occurrence of a string in another string. Returns the rest of the string (from the matching point ). If the searched string is not found, false is returned.

Search is required. Specifies the string to be searched. If this parameter is a number, search for characters that match the ASCII value of the number.

See http://www.w3cschool.cn/func_string_strstr.html. Therefore, we recommend that you add quotation marks if you want to match a number when giving the second parameter.

VII. Importance of Standardization

A long-running road near the home can be easily solved by dividing pedestrian passages, non-motorized lanes, and motor vehicle routes. Sometimes, flexibility leads to too many choices, and there are many problems. The same is true for applications. The flexibility of user input seems good. In fact, it requires more costs for background processing, why not normalize it in the early stage, and the bug stops at the source, instead of making up for it. Standardization makes all processes simple and efficient.

8. HHVM

HHVM (HipHop Virtual Machine) converts PHP code into high-level bytecode (usually called intermediate language ). Then, the bytecode is converted to x64 machine codes through the real-time (JIT) compiler at runtime.

Data shows that HHVM is more efficient than Zend, with lower CPU load and shorter average page loading time. HHVM exists to optimize the PHP running performance. Compared with php5, HHVM has some advantages. Let's wait for php7.

IX. PHP source code signature collector

When learning new and unfamiliar source code, it is very important to have an intuitive understanding of the code structure. You can obtain the punctuation from each source file line by line, that is, the file signature. This helps to consider the complexity of the Code. In fact, it is to extract the fixed symbols in the code file to present the structure of the file.

Reference: http://c2.com/doc/SignatureSurvey/

10. Collaborative Filtering recommendation Algorithms

1. The premise of the content-based recommendation algorithm is that if you like item a, you should also like items similar to item. The basic idea is to split the content attributes and extract the content with the same attributes for recommendation.

2. The premise of the collaborative filtering recommendation algorithm is that if user a and user B both like a series of identical items, user a is likely to like other items that user B prefers. The basic process is that the user first scores each item. By calculating the similarity between different user scores, the user can find the nearest neighbor and generate recommendations based on the recent neighbor rating.

The above algorithms use matrix modeling, cosine similarity, Pearson similarity, and other formulas. You can combine the two into one recommendation.