A station uses Apache、PHP、Windows Web Server built on MariaDB architecture,Joomla running on it,These programs will be updated to the latest version every six months,But ESET's real-time scan will trace Apache's httpd.exe in C every few days.:\WindowsTemp generates some Trojan horse files of php***.tmp,And scan the entire server,And did not scan out the abnormality。
This problem was originally in the old Win Server 2003 + AppServ environment occurs,Later changed to a Win Server,Install Apache separately、PHP、MariaDB,Even the Joomla website has been rebuilt,And set up .htaccess file,Update each package regularly,And using complex passwords,But then the same problem happened again。
After , please help the anti-virus manufacturer to understand the possible causes,The manufacturer recommends that we close the php file upload、After downloading the function,Finally did not happen again,Tried as follows:
◎ Open php.ini,Modify related parameters。
file_uploads = Off allow_url_fopen = Off
Our website is very simple,So you can set these two values to Off,Wait until needed,Just open it temporarily,If you need to keep the upload function turned on,Consider setting to allow uploading only in certain file formats。
【參考連結】
- Trojan Attacks – General PHP Help – PHPHelp