1.设置MySQL密码,删除多余root账号
- [root@localhost ~]# mysql -uroot -p
- mysql>set password=password("111");
- mysql>use mysql;
- mysql>delete from `user` where user!="root";
- mysql>delete from `user` where user="root" and host!="localhost";
- mysql>exit;
2.设置网站访问目录权限
- vim /etc/httpd/conf/httpd.conf
- ServerSignature off //禁止显示操作系统的版本
- ServerTokens prod //显示版本号为apache
- 凡是有Options的全部加上-Index
- NameVirtualHost *:80
- <VirtualHost *:80>
- ServerName 11.22.33.44 #禁止用户通过IP访问网站根目录
- <Location />
- Order Allow,Deny
- Deny from all
- </Location>
- </VirtualHost>
- <VirtualHost *:80>
- ServerAdmin webmaster@abc.com
- DocumentRoot /var/www/html/test/
- ServerName www.abc.com
- </VirtualHost>
3.配置PHP.ini
- vim /etc/php.ini
- (1).magic_quotes_gpc = On //对写入数据库的字符串进行过滤处理
- (2).display_errors = Off //关闭错误报告
- (3).safe_mode = On //避免本地包含、文件打开、命令执行
- (4).disable_functions = phpinfo,exec,system,passthru,shell_exec,escapeshellarg
- ,escapeshellcmd,proc_close,proc_open
- //禁用一些系统函数
- (5).register_globals = Off //防止变量滥用
- (6).expose_php = Off //禁止显示php版本信息
4.mysql权限配置
- mysql>update user set File_priv='N' where User='root'