Scanning found that there are 3 web backdoors on the server, among which the web backdoor files are as follows:
1. PHP one-sentence Trojan, path: c:/phpstudy/phptutorial/www/phpMyAdmin/libraries/Config.class.php
2. PHP one-sentence Trojan, path: c:/phpstudy/phptutorial/www/phpMyAdmin/libraries/schema/User_Schema.class.php
3. PHP execution Trojan, path: c:/phpstudy/phptutorial/www /phpMyAdmin/libraries/sysinfo.lib.php
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Or download a new file again and compare the differences.
Open the file and take a look