Shulou(Shulou.com)06/02 Report--

Editor to share with you how to prevent Dedecms intrusion, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

How to prevent Dedecms from invading?

The most basic security settings: modify the dedecms default background directory / dede/ and modify the administrator account password

2. If the website does not need to use the membership system, it is recommended to delete the / member/ folder

3. Move the / data/ folder outside the Web access directory. This is the official recommendation of dedecms. The specific operation method is as follows:

1. Move the / data/ folder to a directory one level above the web root directory

two。 Modify the DEDEDATA variable in / include/common.inc.php to: define ('DEDEDATA', DEDEROOT.'/data'); change to define (' DEDEDATA', DEDEROOT.'/../data')

3. Modify / index.php and delete the following code (Note: this modification can be ignored if the home page generates static and the index.html index takes precedence over index.php. ):

The code is as follows:

If (! file_exists (dirname (_ FILE__).'/ data/common.inc.php')) {header ('Location:install/index.php'); exit ();}

4. Configure the tplcache cache file directory: log in to background > system > system basic parameters > performance options, and change the value of the template cache directory to /.. / data/tplcache

4. / plus/ is a directory with high incidence of dedecms vulnerabilities. Hiding the / plus/ path can prevent the exploitation of unknown vulnerabilities caused by files in this directory. If you need to use a file in this directory, you can add relevant rules in .htaccess to achieve whitelist function.

Example: assuming that the plus directory name is changed to / abcd9com/, website, you need to use the background column dynamic preview (path: http:// domain name / plus/list.php?tid= column number) and publish jump articles (path: http:// domain name / plus/view.php?aid= article number), you can add the following code to .htaccess:

The code is as follows:

RewriteEngine OnRewriteCond% {QUERY_STRING} ^ tid= (\ d +) RewriteRule ^ plus/list.php$ / abcd9com/list.php$1 [L] RewriteCond% {QUERY_STRING} ^ aid= (\ d +) RewriteRule ^ plus/view.php$ / abcd9com/view.php$1 [L] these are all the methods to prevent Dedecms intrusion. Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.