Source:Prince InfoGuard,called iGuard,commonly known as the page file to prevent tampering,yesterday night was the stuff of the head,a good study,found a solution,record it.
First give a This something to the effect of,just lost a webshell in,not killed,on the server is there,but the access time becomes out of this tire stupid look:
Isn't it a little depressing...but it doesn't matter. We can find InfoGuard directory,I here is C:\Tercel\iGuard\SyncServer\ Here are a a. conf File Open he look at the
Vaguely be able to catch something,but also not very clear. After some effort,finally put this configuration file parameters ever understand.
[System] SignDB=C:\Tercel\iGuard\SyncServer\signdb\iguard. db vid=BV8CcwNN6iH3dEAw [dirs] D:\Inetpub\gameto
Wherein the meanings are as follows:
SignDB: watermark library directory; vid: watermark library initialization vector, with the publisher ID file iguard. dat first row remains the same; [dirs]: need to scan a watermark to the files and directories, with each directory/file a line of the way filled in.
This should be clear. We put inside the dirs part into our webshell where the path,but this is not yet finished. iGuard after installation,连同 这个 配制 文件 一起 的 还有 个 wmktool.exe this app is used to file watermark,is to determine he is not to be modified,of course we Upload a new file without the watermark,so it will of course be unable to use. 在 a.conf 同一 目录 下 找到 这个 wmktool.exe,and performs his
You can see the files have been processed. Then open we shell see
Is it ok