Shulou(Shulou.com)06/02 Report--

Xiaobian to share with you the method of modifying DEDECMS dream weaving template to prevent website hanging horse, I believe most people still do not know how, so share this article for everyone's reference, I hope you have a lot of harvest after reading this article, let's go to understand it together!

How to modify DEDECMS dream weaving template to prevent website hanging horse?

Detailed explanation simple modification DEDECMS dream weaving template to prevent the website from hanging horse tutorial

Web site security is the server configuration, file permissions control and site procedures with each other, if you want to DedeCms site procedures modified to improve security. "Executable files are not allowed to be modified, writable files are not allowed to be accessed" This is the fundamental principle of website permission control, and website programs can do a lot of work in terms of "writable files are not allowed to be accessed." We can protect it in several ways:

1. Renaming the data directory under the root directory, or moving it outside the website directory

The data directory is the most dirty place. The system often writes data to this directory. Any file under this directory can be accessed through URL. Therefore, in order for the browser to not access the files inside, you need to rename this directory or move it outside the directory of the website. These, even if others write a word trojan into the file through the loophole, he also cannot find the file path where this trojan is located, and cannot continue to launch attacks. Because DedeCMS program unreasonable, resulting in renamed data directory action will be relatively large, the specific approach is as follows:

a. Migrate public content to pub directory (or other custom directory), such as rss, sitemap, js, enum, etc. This step requires moving folders and modifying the generation paths of these files.

b. Modify the reference program directory

c. Modify the name of the data folder, and modify the value of "DEDEDATA" in the include/common.inc.php file, and then modify the template cache directory in the parameter settings of the background system settings. You can also change the data folder name later by following this procedure.

2, renamed "dede" management directory, and strengthen

If you hide the background, even if someone else obtains your administrator account and password, he will not be able to log in.

a. In/dede/config.php, find the following line:

//Verify user login status $cuserLogin = new userLogin(); if($cuserLogin->getUserID()==-1) { header("location:login.php? gotopage=".urlencode($dedeNowurl)); }

Replace the above code with:

//verify user login status $cuserLogin = new userLogin(); if($cuserLogin->getUserID()==-1) { //header("location:login.php? gotopage=".urlencode($dedeNowurl)); header("HTTP/1.0 404 Not Found"); exit(); }

b. Modify the file name of/dede/login.php, and modify the corresponding form submission address in/dede/templets/login.htm;

c. Modify the directory name of/dede/;

In this way, others can only access the renamed address of/dede/login.php before they log in, and access other addresses will get 404 errors.

Of course, after doing security reinforcement, there will be some trouble in upgrading DedeCMS in the future.

The above is to modify DEDECMS dream template to prevent the site from hanging horse method of all content, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.