我设置了一个支持php-fpm的Apache Web服务器。有人上传了一个PHP shell并浏览了我的服务器!我怎么能防止这种情况?我已经为每个vhost配置了池和套接字!如何完全保护我的网络服务器?
在我的vhost配置文件中:
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php-fpm/php5-fpm_test.com.sock|fcgi://test.com/"
</FilesMatch>
在/etc/php-fpm.d/test.conf中:
listen = /var/run/php-fpm/php5-fpm_test.com.sock
listen.allowed_clients = 127.0.0.1
user = test.com
group = test.com
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
php_admin_value[error_log] = /var/www/vhosts/test.com/logs/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
我也这样做了:
useradd -d /var/www/vhosts/test.com/ test.com
chown -R test.com:test.com /var/www/vhosts/test.com
但他们仍然可以浏览C99.php shell!