Sometimes we manage PHP applications to our surprise have been hacked, have replaced the home page, added code in the header of the page, malicious code inserted between the application files (for example sending email spam), etc. ..
Leave some pictures:
This type of attack is most likely suffer if our application is relatively popular, WordPress, Joomla, Drupal, etc …
The safety improvement plan includes the processes:
- Modify the Apache configuration, the idea is to minimize the published information.
- Modify the configuration of PHP, we will see some very interesting parameters.
- Changing the ownership of files that compose the application DocumentRoot
- Refuse to execute certain programs from the user running Apache.
We go step by step: