Website anti-injection and Trojan PHP. INI security settings

When we want to prevent page attacks, we can include attack files in the header of the page, just like General injection files. we can do this in three cases: 1. Reference in each file, this is acceptable, but it is inconvenient if a website contains hundreds of files .... when we want to prevent page attacks, we can include attack files in the header of the page, just like general anti-injection files. we can do this in three cases:

1. you can reference such a file in each file, but it is inconvenient if there are several hundred files in a website.

2. reference in a co-inclusion file, such as config. inc. php. this is a good method and a popular practice on the market.

3. in php. reference in ini, if referenced in the configuration file, will affect all websites, including all pages. this is like some popular free space providers in the past. when you activate an ftp space for free, after uploading a website, there will be advertisements in the space. I don't know if this method is the same, but the purpose is the same. the advantage of doing so is: if it is a company or an internal enterprise website, security and convenient maintenance.

The first two methods are clear to everyone. The third method is to find this section in php. ini:

;automatically add files before or after any php document. ;auto_prepend_file = "phpids.php" ;auto_append_file = "alert.php"

The default value is null. add the included files and find them:

;unix: "/path1:/path2"  ;include_path = ".:/php/includes"  ;  ;windows: "path1;path2"  include_path = ".;f:phpnowhtdocs"

Because I have a windows environment, I have enabled the windows option, including the path that can be freely modified. at the same time, such a function also makes it easier for us to attack, such as hanging horses, now there are a lot of Trojan horse-mounting techniques in the "market". we can use the auto_prepend_file option to batch Trojan Horse-mounting. we can mount the entire website on the server, with the advantages: does not affect the speed, does not modify the file, the method is novel, The disadvantage is: must be on php. ini has write permission.

Tutorial URL:

You are welcome to add your _ favorites to the Favorites folder, but please keep the link for this article.