Shulou(Shulou.com)06/02 Report--

The editor would like to share with you the method of setting anti-hanging horses on the Weaving Dream DEDECMS website. I hope you will gain a lot after reading this article. Let's discuss it together.

Many customers often encounter or worry about the website hanging up in use. This simple tutorial explains a series of security settings for the DEDE website, as long as you follow the following three points, you can avoid 99% of the website being suspended.

A simplified setting up:

All unwanted functions are deleted. For example, delete the member folder without needing a member. Removing redundant components is the best way to avoid being injected by hack. Add an empty index.html to each directory to prevent the directory from being accessed. (recommended study: dream weaving cms)

Dream weaving can be deleted directory list: member member function special special feature install installer (required) company enterprise module plus\ guestbook message board and other modules generally do not need to install or delete.

Second, password setting:

The administrator password must be long and mixed with letters and numbers, try not to use admin, delete admin after the first installation, and create a new administrator name is not too easy.

The password stored in the dream weaving system database is MD5. Generally, even if HACK gets the password of MD5 through injection, if your password is rigorous enough, the other party can't reverse it. It is also helpless.

But today's MD5 cracking sites are so advanced that 4T hard drives are full of MD5 passwords, even if your passwords are complicated and can sometimes be masked. That's how my previous site was hacked. So the password must be complicated enough.

List of files that can be deleted by dede:

Under the DEDE management directory

File_manage_control.php file_manage_main.php file_manage_view.php media_add.php media_edit.php media_main.php

These files are the stage manager (these two functions are the most redundant and have the greatest impact on security, and many HACK use it to hang up their horses. It is simply a small horse hanger, it is very convenient to upload and edit Trojans. Generally, it is not necessary to delete them all.

Delete the dede/sys_sql_query.php file without the SQL command runner. Avoid HACK utilization.

If the tag function is not needed, please delete the tag.php in the root directory. No need for the top guest, please delete the digg.php and diggindex.php in the root directory!

Do the above three points to ensure that your website is safe and reliable!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.