Last update at :2024-04-24,Edit by888u
This may be unknown to many IDCs, especially small IDCs or some free providers. Users only need to upload a file using ftp to easily control the entire server. We tested several IDCs (the money was gone like water forever), and except for Jing'an, all the other small IDCs got the permissions directly without exception. The West and Alibaba Cloud have not been tested and cannot be afforded. This proves that it is better not to touch the small IDC as much as possible.
It originated from a friend who provided some free space. There was a loophole in a user's website and a file was uploaded. Then the other party took control of the entire server. Of course, this so-called control means that files and folders can be uploaded, downloaded, and deleted. . The entire server and any directory can be uploaded, downloaded and deleted.
Let’s first talk about how to do it. This requires a tool called [Chinese Kitchen Knife] (complain about this deceptive name). The download address is not provided. Let’s take PHP as an example and talk about how to do bad things.
First of all, you need to buy a space with an IDC. Large IDCs usually have security measures in place, but many small IDCs are still available, especially some that are free of charge. Then bind the domain name to the domain name, such as a.cn, and then upload the a.php file in the Chinese Chopper using ftp. Assume that the path after uploading is [a.cn/a.php].
Open Chinese Chopper, right-click, and select Add. If you have not changed anything in that file, fill in [as] on the right. If you have changed it, change it here.
Of course, you can also fill in more things in the configuration file, mainly the user name and password of the database, which is roughly as follows:
Username
Password
It doesn’t matter if you don’t fill it out. Then click [Add].
You can see that there is one more URL.
Double click to enter.
As you can see, we can now enter any directory at will and do what we want.
Of course, there are far more things that can be done, so we won’t go into details. Now let’s talk about how to solve this problem.
We only know PHP, so we will only talk about how to solve it in PHP, and aspx will not be considered.
The solution is also very simple. This tool just uses the eval function of php. We just need to disable this function. Of course, I won't tell you to use php.ini to disable it. It's too untechnical, and php.ini can't disable it at all. So we use a sophisticated solution and install a third-party extension called [Suhosin].
We shamelessly plagiarized someone’s blog:
This is the apache installation under linux:
Suhosin is the transliteration of "Guardian Saint" in Korean. It is a patch specially developed by a specialized security team for security reinforcement of PHP. It has been included in the ports system of FreeBSD Gentoo. The effect is very good.
Suhosin is a PHP enhanced security patch that can be compiled into a static kernel or a PHP dynamic extension. I personally strongly recommend static linking. Next, let’s talk about the static installation steps. Of course, you can also compile it into a dynamic extension of PHP after installing it.
# cd /usr/local/src
# wget http://cn.php.net/get/php-5.2.5.tar.gz/from/this/mirror
wget http://www.hardened-php.net/suhosin/_media/suhosin-patch-5.2.5-0.9.6.2.patch.gz //Download the patch from the official
# tar zxvf php-5.2.5.tar.gz
# gunzip suhosin-patch-5.2.5-0.9.6.2.patch.gz // Unzip the patch
# cd php-5.2.5
# patch -p 1 -i ../suhosin-patch-5.2.5-0.9.6.2.patch // Patch php
# ./buildconf --force //Be sure to execute this step.
# CHOST="i686-pc-linux-gnu" CFLAGS="-O3 -msse2 -mmmx -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer" CXXFLAGS="-O3 -msse2 - mmmx -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer" ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/ apache2/bin/apxs --with-zlib-dir --with-bz2 --with-tiff-dir --with-libxml-dir=/usr/local/libxml2 --with-gd=/usr/local/gd2 --with-freetype-dir --with-jpeg-dir --with-png-dir --with-ttf --enable-mbstring --with-mysql=/usr/local/mysql --with-mysqli=/ usr/local/mysql/bin/mysql_config --with-config-file-path=/etc --with-iconv --disable-ipv6 --enable-static --enable-maintainer-zts --enable-memory-limit --enable-zend-multibyte --enable-sockets --enable-soap --enable-suhosin // Configuration options
# make
# make install
Restart apachectl and check phpinfo information, it will appear
This server is protected with the Suhosin Patch 0.9.6.2
Copyright (c) 2006 Hardened-PHP Project
Wait for many Suhosin messages then you will be successful. hehe.
By the way, here is how to install suhosin as a dynamic extension of php.
wget http://download.suhosin.org/suhosin-0.9.23.tgz
tar zxvfsuhosin-0.9.23.tgz
cd suhosin-0.9.23
/usr/local/php/bin/phpize //This step cannot be omitted
./configure --with-php-config=/usr/local/php/bin/php-config //The absolute path where php-config is located must be specified here.
make
make install
You will be prompted for the directory where the compiled module exists, remember it.
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
Then add the following line to php.ini.
extension=suhosin.so
suhosin.executor.disable_eval = on
================================================== ==
Summary: The security mechanisms of Linux and Windows are different. Some servers may not be able to upload and delete files after leaving the web directory, especially deletion. But downloading is still possible.
What's more troublesome is that after a user uploads it, he can also upload the file to other websites under the same server and then disguise it. So, even if you delete this malicious user, your other users may not be safe anymore. The best solution is to disable the eval function on all servers.
Recommended site searches: registration-free virtual host, 6 yuan per year cloud server, registration-free virtual space, ip168, which is the best foreign server rental company, Korean server recommendation, free cloud host, foreign server, yellow pages , Which high-defense game server is the best?
发表评论