A website has recentlysport jerseybeen invaded by APACHE log analysis to find the reason, the background upload upload Trojan. Because the installation of a batch upload plug-in Easy Populate hockey jersey(I believe many people have to install some plug-ins). There are, file through record_company.php, the hackers is through the background post jerseys it here.
Solution:
1 can upload controlsnfl store
Easy Populate background can modify the upload directory,nfl jersey the dead to write code, can only be uploaded to the tempEP
2, delete out record_company.php nfl jerseyfile admin / record_company.php
Control images tempEP directory, php can not execute, if uploaded Trojan, Trojan horse programs can not be implemented.nfl jersey wholesale
4, the very focus point,nike jersey backstage access to user names and passwords to remember that you want to modify.custom nfl jersey Some may be former employees know the background of the login password. If the above three points to do, he knows the password will have to worry about.cheap nfl jersey
5, the control of index.php and include directory read-only. Be uploaded Trojan do not have to worry about to jump.nfl jersey customized
Other aspects:mlb jersey
Need to delete the directory
The root directory under: Docs,nba jersey extras, zc_install, install.txt, download, media, pub
Editors / fckeditornhl jersey
rm docs-fr
rm extras-frpersonalized nfl jersey
rm zc_install-fr
rm install.txt-fr
rm download-fr
rm media-fr
rm pub-fr
Delete the download directory should be subject to the implementation of this code to prohibit the download
update `zen_configuration` set configuration_value = 'false' where 'DOWNLOAD_ENABLED' = configuration_key
没有评论:
发表评论