phpstudy is a development kit provided to PHP developers and learners. It includes the common PHP website development tool php mysql apache/nginx/iis, and supports multiple platforms such as windows and linux. You can easily switch PHP versions and servers, quickly open the website root directory, modify configurations, etc.
Its convenient and fast functions have been favored by the majority of developers. There are nearly one million PHP language learners and developer users in China.
It is such a public welfare software. Since there are many users, it will inevitably lead to some risks due to user security settings. So how can we improve the security of using phpstudy as much as possible and avoid the website being hacked? Woolen cloth?
The following is a summary of phpstudy security issues and solutions:
1: phpStudy security setting issues
1 . Make sure to download the phpstudy software from the official website.
The programs released by the official website have all gone through security testing and do not contain any backdoor Trojans. If downloaded from a third-party website, criminals may tamper with the file and submit it to the third party. Third-party websites, and third-party websites upload and publish directly without testing, causing security risks.
phpstudy software official download address: https://www.xp.cn/
2. Do MD5 detection after downloading
In order to prevent the phpStudy software from being tampered with, phpStudy officially provides the MD5 code of each version of the phpstudy integrated environment software. Please pay attention to comparison and identification when downloading and using it.
MD5 of each version of phpstudy software: https://www.php.cn/phpstudy-430673.html
##3. Delete the probe after phpstudy is installed l.php
l.php, phpstudy probe, will display server parameters, php, mysql related parameters, user detection, criminals can easily find it through search engines and the title keyword phpstudy probe Websites exposed to the outside world that may have problems.4. Delete the phpinfo.php file in a timely manner. The phpinfo.php function of
php displays the configuration related to PHP. Get the absolute path to the website through phpinfo or the probe page. In addition, the mysql user and password use the default configuration root/root, then we can use phpmyadmin to directly export the webshell to the website by modifying the path of the general logfile, thereby obtaining the shell of the website, causing a great possibility of server collapse. .5. Change the MySQL password to a strong password in a timely manner
In the phpStudy integrated environment, after the installation is completed, the mysql username and password default to root and should be changed to strong Password (numbers, letters and symbols, mixed case, at least 8 characters)6. Do not deploy the website in the default WWW folder
Do not place the website in www , folders such as wwwroot, root, wwweb, website7. Set file access permissions
Set to prohibit the creation of files, The directory prohibits writing files, the setting prohibits downloading exe, zip, 7z, txt, sql, scans website files for Trojans, and deletes virus files.8. Back up the website program and database regularly
You can back up the website program and database regularly to ensure timely recovery after a disaster9. phpstudy security self-check repair program
phsptudy security self-check repair program, used for file security detection and repair of phpstudy2016/2018 version. Users who have installed phpstudy, please download and check by yourself! Tool download address:https://www.php.cn/xiazai/gongju/1521
##2: Server security settings (Windows)Change the administrator’s password promptly
Prohibit the ping command
Modify the server’s default port 3389
Close port 21
Open firewall
Update system patches in time
Install necessary network security software
Make cloud backup
Finally:In fact, there is no problem with phpstudy itself. It depends on how the user configures it.
Of course, in addition to the above two areas that need attention, the program security of the website itself is also very important, such as Open source programs such as Dreamweaver CMS and WordPress have many vulnerabilities and are easily invaded. Please make appropriate security repairs to reduce the risk of being invaded.
The above is the detailed content of Summary of phpstudy security issue settings (2019). For more information, please follow other related articles on the PHP Chinese website!