????php?????????????????php???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????λ?????Щ????php???????????????????y??ɡ?
???????denyhost?????SSH???????????尲??????ο???denyhost???SSH??????????????linux??????
????1????????????Щ????????????i???
????????:
????????????
????# chattr +i /etc/passwd
????# chattr +i /etc/group
????# chattr +i /etc/shadow
????# chattr +i /etc/gshadow
????# chattr +i /etc/ssh/sshd_config
????2??nginx??php????
????(1)??discuz/attachments??uchome/attachment??ucenter/data/tmp??????????????????php????centos+nginx???????????????????????????webshell???????
??????nginx????????????????
????????????
????location ~ .*??.(php|php5)?$ {
????…….
????#——————————————
????rewrite ^/(uc??_client|templates|include|plugins|admin|attachments|images|
????forumdata)/.*??.(php|php5)?$ /50x.php last;
????#——————————————-
????}
????(2)???php.ini
?????????disable_functions
???????????=???????
????????????
????exec??system??passthru??error_log??ini_alter??dl??openlog??syslog??readlink??symlink??
????link??leak??fsockopen??proc_open??
????popepassthru??chroot??scandir??chgrp??chown??escapeshellcmd??escapeshellarg??
????shell_exec??proc_get_status??popen
??????????????php??????е????
????(3)???Щ?????????????????????i???????????1?????????????????????
????3????β?????????е?php???
????PHP???????????????????eval??base64_decode???????????????????????
????????????
????find /var/www/ -type f -name “*.php” | xargs grep “eval(” |more
??????????????????????????????????
????????????
????eval(base64_decode(…………..));
???????????????????windows???????????????????webshell?????????????php??????????php?????????????ú???????????????????????????????????????????Щ????????????????