所需要的程序:
apache
http://www.apache.org/dist/httpd/binarIEs/win32/
我們選用apache_1.3.28-win32-x86-no_src.msi,或者apache_2.0.47-win32-x86-no_ssl.msi
都可以,勿使用低版本的程序,它們有缺陷,很容易遭到internet上的攻擊
PHP
http://cn2.PHP.Net/get/PHP-4.3.3-Win32.zip/from/a/mirror
PHP-4.3.3
MySQL
http://www.MySQL.com/get/Downloa ... 5-win.zip/from/pick
MySQL-4.0.15
注:低於這個版本的MySQL,有缺陷,勿使用
ZendOptimizer-2[1].1.0a-Windows-i386.exe
php的優化器,支持加密PHP腳本
MySQL-Front
一個運行於ms平台的gui的MySQL的管理器,非常好用
phpMyAdmin-2.5.0-PHP.zip
基於PHP腳本的MySQL管理器
PHPencode.exe
PHP加密編譯器
install~
1.安裝apache
由於安裝很簡單,pass~!,只是要注意的是,請勿安裝到系統分區上
因為這樣,無論從備份,維護,災難性恢復上,都是有優勢的.
假設安裝到了d:\2.安裝PHP
具體安裝過程請參考PHP目錄裡的install.txt
需要注意的是,請勿使用CGI方式
以下為引用資料
------------------------------------------------------------------
Title 17/2/2002
PHP for Windows Arbitrary Files Execution (GIF, MP3)
Summary
Through PHP.EXE, an attacker can cause PHP to interpret any file as a PHP file,
even if its extensions are not PHP. This would enable the remote attacker to
execute arbitrary commands, leading to a system compromise.
Details
Vulnerable systems:
PHP version 4.1.1 under Windows
PHP version 4.0.4 under Windows
An attacker can upload innocent looking files (with mp3, txt or gif extensions)
through any uploading systems such as WebExplorer (or any other PHP program that
has uploading capabilitIEs), and then request PHP to execute it.
Example:
After uploading a file a \"gif\" extension (in our example huh.gif) that contains
PHP code such as:
#------------
PHPinfo();
?>
#------------
An attacker can type the following address to get in to cause the PHP file to be
executed:
http://www.example.com/php/PHP.exe/UPLOAD_DIRECTORY/huh.gif
Notice: php/PHP.exe is included in the URL.
Additional information
The information has been provided by CompuMe and RootExtractor.
ps:大部分版本都有這個毛病.包括一些最新版本,
