search
HomeCMS TutorialDEDECMSHow to set restrictions on DEDECMS execution of php scripts

How to set restrictions on DEDECMS execution of php scripts

How to set restrictions on DEDECMS execution of php scripts?

dedecms is a very good CMS program, and the latest version is 5.7. After many versions of upgrades and feature additions, dedecms still has many problems. This is not to say that DEDECMS is not good. Relatively speaking, dede is very good, simple and easy to use, and has benefited many small and medium-sized webmasters.

Recommended study: 梦Weavercms

I haven’t updated my blog for a long time, and today I want to talk about DEDECMS security settings. Friends who use dedecms must have encountered the website being hacked. Either a lot of links are added to each page or malicious redirects are added to the js.

A brief discussion on DEDECMS security settings:

1. Use the pure PHP space of the Linux host as much as possible. If the Windows host can run ASP, there will be more dangers.

2. Do not use admin as the username for backend login management. You can change it to something else.

3. The data/common.inc.php file attribute (Linux/Unix) is set to 644 or (Windows NT) is set to read-only.

4. Limit the execution of PHP scripts for the uploads, data, and templets directories.

5. Do not install templates from unknown sources or other files that need to be uploaded to FTP. You must first install anti-virus and then install.

6. Use the latest version of the program. Even if it is not the latest, you must always pay attention to the official patches and apply them in time.

7. It is best not to use the membership system if you can. You can directly delete the member folder and close the membership function in the background. If you really want to use it, you must set whether to allow members to upload non-image attachments. Set it to No to strictly limit users because there are many spam registration machines that register many user names a day. (Recommended by tourists: Delete the member membership folder without using the membership system)

Virtual host/space configuration directory execution php script restriction method: two setting methods of Apache environment and nginx environment

For uploads, The three directories of data and templets are restricted for executing PHP scripts. Even if Trojan files are uploaded to these folders, they will not be able to run, so this step is very important and must be set.

Before configuring, you need to confirm whether your space supports .htaccess and rewrite. This method is based on using rewrite in the .htaccess file to prevent the specified script from running.

The contents of the Apache environment rules are as follows: Apache executes php script restrictions. Add these rules to the .htaccess file

The code is as follows:

RewriteEngine on RewriteCond % !^$ 
RewriteRule uploads/(.*).(php)$ – [F] 
RewriteRule data/(.*).(php)$ – [F] 
RewriteRule templets/(.*).(php)$ –[F]

nginx environment rules contents are as follows: nginx execution PHP script restrictions

One disadvantage of LNMP is that it is not as good as Apache in setting directory permissions. Sometimes website programs have upload vulnerabilities or pathinfo-like vulnerabilities, which lead to PHP Trojans being uploaded, which brings greater harm to the website and server. Danger. It is recommended to remove the PHP permissions from the website directory. When accessing the PHP files in the upload directory, a 403 error will be returned.

First edit the virtual host configuration of nginx, and add the following content in front of the location statement of fastcgi:

The code is as follows:

location ~ /(data|uploads|templets)/.*\.(php|php5)?$ { 
deny all; 
}

Okay, that’s it, After doing this, there shouldn’t be any problems and it’s basically enough! It is recommended that friends who use dedecms take some time to set it up.

The above is the detailed content of How to set restrictions on DEDECMS execution of php scripts. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Chat Commands and How to Use Them
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor