Shulou(Shulou.com)06/02 Report--

This article mainly introduces the method to solve the problem that Dedecms is often hung up. It is very detailed and has certain reference value. Friends who are interested must finish reading it.

What if Dedecms is often hung up?

Dedicated to the stationmaster who is often linked to the horse, be careful not to hang the horse at every step

Such as the title:

I often see some friends say, "there is a security problem with the DEDECMS program, and my website has been hung up again."

However, I think there should be no problem with DedeCms. According to the source code of the user form that views dede, it is all filtered.

There are so many users using dedecms, if there are really security vulnerabilities, I'm afraid I won't just use a few friends.

Here are the SQL injection methods commonly used by hackers and what you should pay attention to.

1.。 Use tools, hacker tools to check the loopholes of your website ~ of course, don't abuse it ~ just check your website with some hacker software injected into SQL (such as ah, D injector, etc., I have used it, no Dede loopholes can be found, you can also test if you don't believe it, of course, I don't know does not mean no, but you should also know how many friends are using dede. If there is a loophole that is easy to catch, the number of websites to be linked will be terrifying)

two。 The background address must be changed, do not use DEDE this folder as your background, some friends even do not know that Dede this background folder can be renamed!?

3. It is better to add CAPTCHA in the background, although it is a bit troublesome, it can prevent many small hackers from using social engineering to crack your website (I have tried, many friends' passwords are often mobile phone number, domain name, qq, etc.)

4. If you add fields to your site (such as requiring users to enter birthdays when applying, etc.) to filter, don't blame DEDE for your own problems. (it is recommended that friends with certain PHP technology modify it. In order to achieve the function, it is not as simple as adding forms in the foreground, adding published forms in the background, and then adding database fields. To prevent XSS attacks, you should pay attention to adding htmlspecialchars,mysql_escape_string ().)

5. There are a lot of friends in their own space in order to add functions also use some Mini Program (those programs I also used to forget to delete, the result was listed) such as: photo albums, registration and other programs, the authors of these programs are unknown, their programs basically have a certain risk, some hackers can take advantage of this, upload blackeyes ponies (that is, Trojans), get the right to use your virtual space Then use the tools to hang the horses in batches.

6. Don't ignore the risk of IDC server vendors, oh, I tell you, for hackers, in order to connect your station, often do not use peer-to-peer cracking, but choose the side injection method, their method is to crack other websites on the same server with you, do not believe it, others should know what is easy for your website's neighbors (check all the sites under the same ip by entering this site Just enter your ip address and https://www.xx.net), it's easy to crack other users on the same server and let you hang up the horse (I used this method to hang up other people's websites). For some good servers, this limitation is still severe, so this problem will not occur.

7. There is that you open the user upload column had better strictly control, this is also more critical, if the hacker is not to crack your background, it will be much more difficult to hang your horse, because they need to upload a horse tool, if you have been hung up the horse, be sure to check your website is not allowed to upload html.php.asp and other files.

8. Always pay attention to the security patch officially released by Dede. I have studied several security patches last time, and some loopholes may be exploited by others because of double reasons. (Dede unexpectedly paid attention to it, so it can be seen that DEDE is still concerned about security issues. I remember that member patch seemed to be released in January. In February, some hacker websites released articles aimed at websites that did not hit this patch. Unexpectedly, there are still some friends who have won ~ I am very speechless. I hope you will pay attention to the official security patch at any time.

9. Some friends often upload the files after winning the horse to this forum and hope that everyone will study it together. I would like to say, "even if that thing is uploaded, there is no way to prevent it, because that JS or iframe is not the key. When you upload it, you can only crack the Trojan horse under the encrypted file." What others leave behind is an end, not a tool.

10. Irresistible natural factors, such as a super top hacker to hang up your website, I am afraid that a lot of things that are not wrong will go wrong. Believe me, the hackers who hang up the horse are all rookie hackers and tool hackers.

These are all the ways to solve the problem that Dedecms is often hung up. Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.