A Trojan horse file of php***.tmp appears on the website server

  A station uses Apache、PHP、Windows Web Server built on MariaDB architecture,Joomla running on it,These programs will be updated to the latest version every six months,But ESET's real-time scan will trace Apache's httpd.exe in C every few days.:\WindowsTemp generates some Trojan horse files of php***.tmp,And scan the entire server,And did not scan out the abnormality。

 

   This problem was originally in the old Win Server 2003 + AppServ environment occurs,Later changed to a Win Server,Install Apache separately、PHP、MariaDB,Even the Joomla website has been rebuilt,And set up .htaccess file,Update each package regularly,And using complex passwords,But then the same problem happened again。

 

After   , please help the anti-virus manufacturer to understand the possible causes,The manufacturer recommends that we close the php file upload、After downloading the function,Finally did not happen again,Tried as follows:

◎ Open php.ini,Modify related parameters。

file_uploads = Off
allow_url_fopen = Off

 

   Our website is very simple,So you can set these two values ​​to Off,Wait until needed,Just open it temporarily,If you need to keep the upload function turned on,Consider setting to allow uploading only in certain file formats。

 

【參考連結】

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.