标签:php 漏洞
php木马一般含有<?php eval($_POST[cmd]);?>或者<?php assert($_POST[cmd]);?>
find ./ -type f -name "*" | xargs grep "eval("
http://bbs.dianlan.cn/phpimg/bbs/upload/2731435152797.jpg/.php
37351437201717.jpg/.php
http://www.nginx.cn/316.html
http://blog.sina.com.cn/s/blog_4bf0ab590101mkm0.html
http://blog.sina.com.cn/s/blog_4bf0ab590101mkm0.html
http://www.server110.com/nginx/201309/1805.html
http://hx100.blog.51cto.com/44326/619925/
http://www.jb51.net/article/19292.htm
**************************************************
1.禁止某个目录执行执行php
【nginx】
location ~* ^/(upload|images)/.*\.(php|php5)$
{
deny all;
}
2.避免伪装其它后缀的脚本执行
【php.ini】
·关闭cgi.fix_pathinfo = 1→0
【nginx】
·判断
location ~* .*\.php($|/)
{
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
}
3.工程上传目录及cache目录以外,给只读权限
4.限制php执行权限
【php.ini】
·disable_functions =
phpinfo,system,passthru,shell_exec,exec,popen,proc_open,chroot,scandir,chgrp,chown
phpinfo,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
phpinfo,exec,system,passthru,popen,pclose,shell_exec,proc_open,dl,curl_exec,multi_exec,chmod,gzinflate,set_time_limit
标签:php 漏洞
原文地址:http://2385662.blog.51cto.com/2375662/1707569
