Strengthen the power of our army and the power of our country! Warm congratulations on the launch of my country's third aircraft carrier! Baogan shares enterprise-level security plug-ins to create all-round three-dimensional security protection. Go straight! ! !
Security software that needs to be installed:
1. Website firewall
2. Fort Tower enterprise-level tamper-proof-reconstructed version
3. Fort Tower PHP security protection
4. Fort defense against invasion
5. System reinforcement
Briefly explain the function of the software:
1. Website firewall, which works at the application layer, can prevent the website from being CC, penetrated, and SQL injection, and blocks threats at the entrance.
2. Fort Tower enterprise-level anti-tampering - a reconstructed version, based on driver protection, can prevent tampering before files are modified and block tampering before it occurs.
3. Fort PHP security guard, a PHP kernel-level protection module, can perform low-level filtering on projects, completely eliminating cross-site prevention, precise anti-penetration, and precise anti-rights escalation.
4. Fort defense against intrusion, defense against horse-mounting and mining caused by most intrusions and privilege escalation attacks, effectively intercepting WebShell execution of privilege escalation, and can cooperate with message notifications to generate timely notifications
5. The Pagoda system is reinforced to prevent abnormal processes from starting, Trojans being implanted in the system, and key system directories being tampered with.
The following is the actual combat content:
Firewall blocking:
Specifically upload a WebShell file to see if our firewall will intercept it:
First, let’s upload a normal file to my upload directory.
Simulate malicious upload of WebShell.php, which is intercepted by the firewall, as shown in the figure:
Fort Tower enterprise-level tamper-proof-reconstructed version
After the test is turned on and tampered with, upload the file and use FTP for testing by default.
When the upload permission is not authorized, it will prompt 553. Check the protection log:
Next enable FTP upload operation
Directory operations
When the tamper-proof directory whitelist is not enabled and the protected file type is opened, a prompt of no permission is displayed.
Next, put the directory into the directory whitelist and modify the test file a.php
What if my file type is not among the default protection types?
Just add to the protected file suffix
.txt is enough
Before adding:
Can be created and modified
After adding:
Cannot be created or modified
Fort Tower PHP Security Guard
PHP kernel-level defense can accurately prevent penetration for different projects, prevent cross-site prevention, and accurately prevent privilege escalation.
Fort Tower Party Invasion
It can prevent most intrusions from escalating privileges, causing malware installation and mining, effectively intercepts WebShell execution of privilege escalation, and pushes alarm notifications in a timely manner.
A simple test
1. Open the disabled function of php, delete system, and remember to add it back after testing.
Before opening:
After opening:
Pagoda system reinforcement
Prevent the system from being implanted with Trojans, modify key system files, add malicious scheduled tasks, and start malicious processes.
These five security software can protect your server security in different aspects from intrusion portals, implantation of malicious files, defects in PHP software and programs themselves, privilege escalation after intrusion, and malicious processes remaining after privilege escalation! Build an iron wall of security and protection. All imperialism is a paper tiger! Stop all intrusions, the tower panel will escort you!