Home  >  Article  >  Backend Development  >  Detailed explanation of DedeCms security problem solutions (security settings)

Detailed explanation of DedeCms security problem solutions (security settings)

黄舟
黄舟Original
2017-03-31 09:38:452889browse

Everyone on the Internet has also seen the DEDECMS program. Although it is convenient for grassroots webmasters to quickly build a website, security also has many problems. You need to set it up before you can use it, otherwise it will become a problem for others. Horse's website p>The following is for some novice webmaster friends who use DEDE (those with non-targeted technical skills)

dedecms template download address: www.php.cn/xiazai/code/dedecms

Everyone on the Internet has also seen the DEDECMS program. Although it is convenient for grassroots webmasters to quickly build a website, it also has many security issues. DEDE officials have stopped upgrading the system a long time ago. At most, they only have some patch repairs;

Okay, without further ado, here’s the summary Some commonly used solutions:

Step one:

When installing Dede, it is best to change the table prefix of the database, not Use the default prefix dede_ of dedecms, which can be changed to emtalk_, or any irregular and hard-to-guess prefix (if the site is running online, you can ask a technician to help modify it).

Second step:

Backend login must enable the Verification code function (or write a security mechanism by yourself), and the default Administrator admindelete and change it to a dedicated, more complex account. The administrator password must be long, at least 8 characters, and mixed with letters and numbers.

Step Three:

Be sure to delete the install directory after installing the program! ! !

Step 4:

Change the default directory name dede for dedecms background management, and change it to something that is hard to guess and irregular (change it from time to time).

Step 5:

Close (or eliminate/delete) all unused functions, such as members, comments, etc. If not necessary, close them all in the background. (If some functions require it and there is technical support, you can develop or modify the default success code yourself)

Step 6:

(1) The following are possible Deleted directories/functions (if you don’t use them):

member会员功能 
special专题功能 
company企业模块 
plusguestbook留言板

(2) The following are the files that can be deleted:

These files in the management directory are background file managers and belong to It is a redundant function and most affects security. Many HACKs are mounted through it.

file_manage_control.php 
file_manage_main.php 
file_manage_view.php 
media_add.php 
media_edit.php 
media_main.php

Furthermore:

If you do not need a SQL command runner, delete the dede/sys_sql_query.php file.

If you do not need the tag function, please delete tag.php in the root directory. Please delete digg.php and diggindex.php in the root directory if you don’t need to be an invoker.

Step 7:

Pay more attention to the security patches officially released by dedecms and apply them in time.

Step 8:

Download the publishing function (softxxx_xxx.php in the management directory), you can delete it if you don’t need it, this is also easierUpload小马的.

Step 9:

You can download third-party protection plug-ins, such as: "Dreamweaver CMS Security Package" produced by 360, Baidu's security "DedeCMS Stubborn Trojan Backdoor Killer" produced by the alliance;

Step 10:

(optional) The safest way: Publish html locally and then upload it to space. It does not contain any dynamic content files and is the safest in theory, but maintenance is relatively troublesome.

Supplement: You still have to check your website frequently. Being linked to a black link is a trivial matter, but being linked to a Trojan horse or deleting a program is very miserable. If you are unlucky, your ranking will also drop. . So remember to back up your data from time to time! ! !

So far, the malicious script files we have discovered are

plus/ac.php 
plus/config_s.php 
plus/config_bak.php 
plus/diy.php 
plus/ii.php 
plus/lndex.php 
data/cache/t.php 
data/cache/x.php 
data/config.php 
data/cache/config_user.php 
data/config_func.php等等

Most of the uploaded scripts are concentrated in the three directories of plus, data, and data/cache. Please check the three directories carefully. Are there any files that have been uploaded recently?

As for the server, if it is a WIN series server, you can install security dogs and other related protection tools;

What are the words of the webmaster friends of the virtual space? . . Just do a good job of site security. The server cannot be touched;

The above is the detailed content of Detailed explanation of DedeCms security problem solutions (security settings). For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn