How to set restrictions on DEDECMS execution of php scripts?
dedecms is a very good CMS program, and the latest version is 5.7. After many versions of upgrades and feature additions, dedecms still has many problems. This is not to say that DEDECMS is not good. Relatively speaking, dede is very good, simple and easy to use, and has benefited many small and medium-sized webmasters.
Recommended study: 梦Weavercms
I haven’t updated my blog for a long time, and today I want to talk about DEDECMS security settings. Friends who use dedecms must have encountered the website being hacked. Either a lot of links are added to each page or malicious redirects are added to the js.
A brief discussion on DEDECMS security settings:
1. Use the pure PHP space of the Linux host as much as possible. If the Windows host can run ASP, there will be more dangers.
2. Do not use admin as the username for backend login management. You can change it to something else.
3. The data/common.inc.php file attribute (Linux/Unix) is set to 644 or (Windows NT) is set to read-only.
4. Limit the execution of PHP scripts for the uploads, data, and templets directories.
5. Do not install templates from unknown sources or other files that need to be uploaded to FTP. You must first install anti-virus and then install.
6. Use the latest version of the program. Even if it is not the latest, you must always pay attention to the official patches and apply them in time.
7. It is best not to use the membership system if you can. You can directly delete the member folder and close the membership function in the background. If you really want to use it, you must set whether to allow members to upload non-image attachments. Set it to No to strictly limit users because there are many spam registration machines that register many user names a day. (Recommended by tourists: Delete the member membership folder without using the membership system)
Virtual host/space configuration directory execution php script restriction method: two setting methods of Apache environment and nginx environment
For uploads, The three directories of data and templets are restricted for executing PHP scripts. Even if Trojan files are uploaded to these folders, they will not be able to run, so this step is very important and must be set.
Before configuring, you need to confirm whether your space supports .htaccess and rewrite. This method is based on using rewrite in the .htaccess file to prevent the specified script from running.
The contents of the Apache environment rules are as follows: Apache executes php script restrictions. Add these rules to the .htaccess file
The code is as follows:
RewriteEngine on RewriteCond % !^$ RewriteRule uploads/(.*).(php)$ – [F] RewriteRule data/(.*).(php)$ – [F] RewriteRule templets/(.*).(php)$ –[F]
nginx environment rules contents are as follows: nginx execution PHP script restrictions
One disadvantage of LNMP is that it is not as good as Apache in setting directory permissions. Sometimes website programs have upload vulnerabilities or pathinfo-like vulnerabilities, which lead to PHP Trojans being uploaded, which brings greater harm to the website and server. Danger. It is recommended to remove the PHP permissions from the website directory. When accessing the PHP files in the upload directory, a 403 error will be returned.
First edit the virtual host configuration of nginx, and add the following content in front of the location statement of fastcgi:
The code is as follows:
location ~ /(data|uploads|templets)/.*\.(php|php5)?$ { deny all; }
Okay, that’s it, After doing this, there shouldn’t be any problems and it’s basically enough! It is recommended that friends who use dedecms take some time to set it up.
The above is the detailed content of How to set restrictions on DEDECMS execution of php scripts. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

SublimeText3 Chinese version
Chinese version, very easy to use

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

Zend Studio 13.0.1
Powerful PHP integrated development environment

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Atom editor mac version download
The most popular open source editor