How does dedecms solve the DDOS mounting vulnerability?
Dedecms is a well-known PHP open source system in China, and it is also the first choice CMS system for many webmasters to build websites. Its simplicity and ease of use is a major reason for its widespread practicality, and it is precisely because of the open source of dedecms that it has also led to Many hackers have focused on this program, so they have successively researched many dedecms vulnerabilities. As a result, quite a few dedecms websites have been suspended. Some have been warned by the computer room, and serious computer rooms have been forcibly shut down, resulting in huge losses. . Today we will do a more in-depth analysis of this problem and find a solution.
Recommended study: 梦Weavercms
Characteristics of the hooked horse:
Open your own website homepage and you will find it by viewing the source code Many black link codes have been added to your website. The black link code is the simplest and easiest for webmasters to see. It is nothing more than the code for friendly links.
Another characteristic is that when you open a website, you will be prompted by 360 Security that the website has the risk of malware. This type of malware code is usually a frame code or a js code or an image code. Another characteristic is that the website It will suddenly fail to open or open slowly. If you check the traffic, you will find that it takes up a lot of traffic. This means that the traffic is sent out, which is also called a UDP traffic packet attack. The above are the general characteristics of dedecms being hacked. Let’s talk about some practical solutions and preventive measures for website being hacked.
First download the code of the website program to your local computer, use the sinesafe Trojan removal tool to check it, and find that there are many script Trojans in the data/cache/ directory. When you open the Trojan script, you find some unknown PHP codes. , put the code into the sinesafe Trojan tool and conducted an in-depth analysis and found the characteristics of the Trojan. The code is as follows:
The code is as follows:
<?php set_time_limit(984918); $host = $_GET['host']; $port = $_GET['port']; $exec_time = $_GET['time']; $Sendlen = 65535; $packets = 0; } echo "================================================ "; echo " <font color=blue>www.phpddos.com "; echo " SYN Flood 模块 "; echo " 作者:ybhacker "; echo " 警告:本程序带有攻击性,仅供安全研究与教学之用,风险自负!</font> "; echo "================================================ "; echo " 攻击包总数:<font color=Red><span class=\"text\">".$packets." 个数据包</span> </font>"; echo " 攻击总流量:<font color=Red><span class=\"text\">".round(($packets*65*8)/(1024*1024),2)." Mbps</span> </font>"; echo " 攻击总字节:<font color=Red><span class=\"text\">".time('h:i:s')." 字节</span> </font>"; echo "Packet complete at ".time('h:i:s')." with $packets (" .round(($packets*65*8)/(1024*1024),2). " Mbps) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n"; ?>
I found on the Internet that this is a php script for UDP traffic attack Trojan horse, this Trojan horse can achieve the effect of DDoS traffic attack by running with the permission of website script. No server permissions are required. Only then did I understand why the computer room said that my website was always outsourcing. Websites running this script would open slowly, including my website. Now that you have found the problem, you need to solve it quickly. Click Clear Trojan Code to clear it all at once. There are no unfamiliar file names in the Data/cache/ directory. Finally, in order to cure this "stubborn disease", we summarized several solutions and preventive measures:
1. Security settings of the dedecms directory: data/cache/ templets uploads directory settings are readable and writable, but not executable. Include, member, and plus set readable, executable, and non-writable permissions. Since dedecms does not use stored procedures anywhere, you can disable FILE, EXECUTE, and other permissions to perform stored procedures or file operations.
2. Website program security: This is also the most fundamental precaution. If it is a virtual space, it is recommended to find a professional to do website security maintenance to ensure the safety of the website program. Only a safe website can bring safe and stable customers. source.
3. Program update: Open the dedecms background to see if there are any updated patches. If so, please update and patch them in time. If your version is very old, I recommend reinstalling the new version because The new versions are relatively safe and are different from the old versions in many places.
4. Backend management directory: dedecms The backend management directory generally defaults to dedecms. Many webmasters never care about this backend address. I am very responsible to tell you that if the managed directory address is the default, you will be hung up. The probability of horse is 0. It is recommended to change the name of the directory to a name that is a combination of numbers and letters.
5.FTP website management password: It is recommended to change FTP passwords and website management passwords frequently, because many hackers are using brute force to crack passwords, and make the passwords as complex as possible with special symbols and letters.
The above is the detailed content of How dedecms solves DDOS horse-mounting vulnerability. For more information, please follow other related articles on the PHP Chinese website!

dedecms增加多语言的方法:1、进入dedecms后台,创建封面栏目;2、将封面栏目“常规选项”的文件保存目录设置为cn或者en;3、将封面栏目“高级选项”的列表模板设置为“cn_index.htm”或者“en_index.htm”;4、单独调用每种语言的封面栏目和每种语言下的导航栏目即可。

织梦cms是用PHP语言写的。织梦CMS(DedeCMS)是一个PHP开源网站管理系统,作用是构建中小型网站;它采用PHP+MySQL技术开发,可同时使用于windows、linux、unix平台。

dedecms是PHP语言开发的;dedecms中文全称是织梦内容管理系统,是一个PHP开源网站管理系统;dedecms基于PHP和MySQL技术开发,可同时使用于Windows、Linux、Unix平台。

dedecms删除栏目的方法:1、登录后台管理;2、进入“栏目管理”,可以看到当前网站所有栏目;3、选择要删除的栏目;4、将鼠标悬停在栏目名称上,删除栏目;5、点击“确认”按钮以继续删除操作;6、删除成功。

织梦内容管理系统(DedeCMS) 以简单、实用、开源而闻名,是国内最知名的PHP开源网站管理系统,也是使用用户最多的PHP类CMS系统,在经历多年的发展,目前的版本无论在功能,还是在易用性方面,都有了长足的发展和进步。

火车头dedecms出现乱码解决方法:1、检查数据库编码;2、修改dedecms配置文件;3、检查浏览器编码设置;4、清理缓存和临时文件;5、寻求专业帮助。

dedecms是指织梦内容管理系统,是一个PHP开源网站管理系统,用于个人网站或中小型门户的构建;dedecms是基于PHP和MySQL技术开发,可同时使用于Windows、Linux、Unix平台。

dedecms有移动端,其移动端安装方法是:1、将DATA移到根目录外的安全设置,修改“/m/index.php”代码;2、在“更新主页HTML”中,将“选择主页模板”改为“default/index_m.htm”;3、将首页“图文资讯”的url修改为移动端链接;4、设置移动站可通过二级域名访问即可。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

SublimeText3 Linux new version
SublimeText3 Linux latest version

Notepad++7.3.1
Easy-to-use and free code editor

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

Dreamweaver CS6
Visual web development tools
