打开php.ini,查找disable_functions,按如下设置禁用一些函数
disable_functions =phpinfo,exec,passthru,shell_exec,system,...proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
request_filename ~* (.*)\.php) {...set php_url 1; } if (!...PHP配置
禁用危险函数:
dl,eval,exec,passthru,system,popen,shell_exec,proc_open,proc_terminate,curl_exec,curl_multi_exec...查杀木马、后门
常见的一句话后门:
grep -r –include=*.php ‘[^a-z]eval($_POST’ . > grep.txt
grep -r –include=*.php