Apache, PHP and filesystem security

0 投票
最新提问 用户: (120 分)

In one of my servers I found a PHP file. A file that contains compressed and encoded code in base64, an operation that is nested two or more times.

I need to know what configuration I need to add to Apache, php.ini and filesystem to prevent or minimize the impact of it in the future. And how prevent upload of this file again if possible. Apparently it's a problem on the net, but I only care about this server.

I block some funcions I don't use like: ini_set, set_time_limit, set_magic_quotes_runtime, error_reporting, posix_getpwuid, posix_getgrgid

Do I need to change all my passwords frequently too? Limit terminal access users? Change some file modes?

发表于 用户: (2.1k 分)
you don't use error_reporting?
发表于 用户: (2.1k 分)
This is far too broad a topic. You need to establish how the breach occurred and then you need to use a Search Engine to find other very similar questions on this and other more relevant Stack Exchange sites. Cheers
发表于 用户: (2.1k 分)
Did you write this PHP file yourself? It doesn't look harmful as such, it just looks coded to probe the site it's running on. It links to exploit-db.com
发表于 用户: (120 分)
Not now. I set error_reporting for all sites to: E_ALL & ~E_DEPRECATED
发表于 用户: (120 分)
No, I undecode and unzip the file two times. Just need to limit the script just in case this happen again. I block user uploaded files execution with apache directive: php_flag engine off

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。