Home > php教程 > php手册 > 安全攻略:PHP脚本木马的高级防范

安全攻略:PHP脚本木马的高级防范

WBOY
Release: 2016-06-13 10:11:08
Original
1108 people have browsed it

1、防止跳出web目录


首先修改httpd.conf,假如你只答应你的php脚本程序在web目录里操作,还可以修改httpd.conf文件限制php的操作路径。比如你的web目录是/usr/local/apache/htdocs,那么在httpd.conf里加上这么几行:


php_admin_value open_basedir /usr/local/apache/htdocs


这样,假如脚本要读取/usr/local/apache/htdocs以外的文件将不会被答应,假如错误显示打开的话会提示这样的错误:


Warning: open_basedir restriction in effect. File is in wrong directory in /usr/local/apache/htdocs/open.php on line 4 等等。


2、防止php木马执行webshell


打开safe_mode,


在,php.ini中设置


disable_functions= passthru,exec,shell_exec,system


二者选一即可,也可都选


3、防止php木马读写文件目录


在php.ini中的


disable_functions= passthru,exec,shell_exec,system


后面加上php处理文件的函数


主要有

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template