Shulou(Shulou.com)06/02 Report--

How to set the limit for DEDECMS to execute php scripts? This problem may be often seen in our daily study or work. I hope you can gain a lot from this question. The following is the reference content that the editor brings to you, let's take a look at it!

How do I set the limit for DEDECMS to execute php scripts?

Dedecms is a very good CMS program, and the latest version is 5.7. After many version upgrades and feature additions, dedecms still has a lot of problems. This is not to say that DEDECMS is not good, relatively speaking, dede is still very good, simple and easy to use, benefiting many small and medium-sized webmasters.

Recommended study: dream weaving cms

I haven't updated my blog for a long time. Today I'd like to talk about DEDECMS security settings. Friends who use dedecms must have encountered the website being hung up, either a lot of links were added to each page or malicious redirection was added to the js.

Talking about DEDECMS security settings:

1. Use the pure PHP space of the Linux host as much as possible, and it will be more dangerous if the Windows host can run ASP.

2. Do not use admin for background login management. You can change the user name to something else.

3. The data/common.inc.php file property (Linux/Unix) is set to 644 or (Windows NT) is set to read-only.

4. Restrict the execution of php scripts for uploads, data and templets.

5. Do not install templates from unknown sources, or other files that need to be uploaded to FTP. Antivirus should be installed before installation.

6. With the latest version of the program, you must always pay attention to the official patches if not the latest ones.

7. If you don't need the membership system, you'd better not use it. You can delete the member member folder directly and close the membership function in the background. It is necessary to set whether members are allowed to upload non-picture attachments or not to impose strict restrictions on users because there are a lot of junk registrants registering a lot of user names in a day. (recommended by Youzi: delete member member folder without membership system)

Virtual host / space configuration directory execution php script restriction method: two setting methods of Apache environment and nginx environment

Restrict the execution of php scripts to the uploads, data and templets directories. Even if the Trojan files are uploaded to these folders, they cannot be run, so this step is very important and must be set.

Before configuration, you need to make sure that your space supports .htaccess and rewrite, which is based on the use of rewrite in the .htaccess file to disable the execution of specified scripts.

The Apache environment rules are as follows: Apache executes php scripts to restrict the addition of these rules to .htaccess files

The code is as follows:

RewriteEngine on RewriteCond%! ^ $RewriteRule uploads/ (. *). (php) $- [F] RewriteRule data/ (. *). (php) $- [F] RewriteRule templets/ (. *). (php) $- [F]

The nginx environment rules are as follows: restrictions on nginx execution of php scripts

One disadvantage of LNMP is that directory permissions are not as good as Apache. Sometimes website programs have upload vulnerabilities or loopholes similar to pathinfo, which lead to uploaded php Trojans, which brings great danger to websites and servers. It is recommended that the PHP permission of the website directory be removed. 403 errors will be returned when accessing the php file in the uploaded directory.

To start by editing the virtual host configuration for nginx, add the following before the location statement of fastcgi:

The code is as follows:

Location ~ / (data | uploads | templets) /. *\. (php | php5)? ${deny all;}

All right, that's it. There should be no problem after doing this. It's basically enough! It is recommended that friends who use dedecms take some time to set it up.

Thank you for reading! After reading the above, do you have a general idea of how to set DEDECMS's restrictions on executing php scripts? I hope the content of the article will be helpful to all of you. If you want to know more about the relevant articles, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.