Just entered the job not how long time, the website has been uploaded trojan, the basic site has been in the state of attack, entanglements ah. have been busy solving the problem. Today, finally some achievements, take out and share with you, if you have any good method, you can teach me. These two days have been a headache for this thing.
The site is now the general situation is dede+smarty development of the blog system +dz, Baidu and Google's weight is about 5, so the number of visits is still relatively large.
Dede generally acknowledged that the loophole is more, and took over the Dede also two times developed. So a short time to find a loophole is not likely, if you have friends and so on, you can let them test together, after all, a person too troublesome, or add me QQ2387813033
1. Website Directory security
1> all the directories can be set 777 permissions, CSS and images files, CSS can be set to read and write permissions, do not give permission to execute, CSS often change the words to write permission, picture files only to read the permissions on it, remove all the need to change the php file Write permission, No opportunity for any attacker to write code to PHP
2> often scans for special suffixes or new uploaded files to see the source code, especially the INC suffix
2. Website Security inspection
1>360 site Security detection, this is still more convenient, but 360 have no other ideas do not know, haha detection has been repaired the hint.
2> himself to write a test site trojan file script, online also have, he is a Trojan horse, find a no back door and the like, upload up, their own detection. This is still very good. See the source code after the removal of Trojan files.
3> uses upload software such as DOMAIN3.5 to test the site yourself.
3. Modify server configuration to increase security
1> in the Apache configuration file to prohibit some directories to execute PHP file permissions, such as uploads/,html/. Here is an example:
|1 2 3 4 5 6||
2> Some people do not want to visit the directory is also directly prohibited.
3> Modify PHP.ini disable_functions Add prohibited functions, such as
System,exec,shell_exec,passthru,proc_open,proc_close, Proc_get_status,checkdnsrr,getmxrr,getservbyname, Getservbyport, Syslog,popen,show_source,highlight_file,dl,socket_listen,socket_create,socket_bind,socket_accept , Socket_connect, Stream_socket_server, Stream_socket_accept,stream_socket_client,ftp_connect, FTP_LOGIN,FTP_PASV, Ftp_get,sys_getloadavg,disk_total_space, DISK_FREE_SPACE,POSIX_CTERMID,POSIX_GET_LAST_ERROR,POSIX_GETCWD, Posix_ Getegid,posix_geteuid,posix_getgid, Posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid, Posix_getpgrp,posix_getpid, Posix_getppid,posix_getpwnam,posix_getpwuid, Posix_getrlimit, Posix_getsid,posix_ Getuid,posix_isatty, Posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, Posix_setpgid,posix_ Setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
4. Other ways
1. Patching, especially pit Dad's Dede
2. Often modify the server's account password, FTP account password, preferably with SFTP
3. It is best to shut down the file manager in the Dede background and restore the Dede database backup. And the article in the picture upload and so on all do filter, prohibit uploading other formats, especially PHP format files.
4. The Linux server is not particularly understood, so let's not say this. Later, I will discuss with you