Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to modify the DEDECMS to prevent the website from hanging up the horse. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Simply modify DEDECMS to prevent the website from hanging up.

Website security is the cooperation of server configuration, file permission control and website program, if you want to modify the DedeCms website program to improve security. "executable files are not allowed to be modified, writable files are not allowed to be accessed" this is the fundamental principle of website permission control, website programs can do a lot of work in "writable files are not allowed to be accessed". We can protect in the following ways:

1. Rename the data directory under the root directory, or move it outside the website directory

The data directory is the most dirty place, the system often has to write data to this directory, and any file under this directory can be accessed through URL, so in order to make the browser can not access the files inside, you need to rename this directory or move outside the directory of the website. These, even if others wrote a word Trojan into the file through the loophole, he could not find the file path where the Trojan was located and could not continue to attack. Because the DedeCMS program is unreasonable, the action of renaming the data directory will be relatively large, as follows:

a. Migrate the exposed content to a pub directory (or other custom directories), such as rss, sitemap, js, enum, etc. This step requires moving folders and modifying the generation path of these files

b. Modify the referenced program directory

c. Modify the name of the data folder, modify the value of "DEDEDATA" in the include/common.inc.php file, and then modify the template cache directory in the background system Settings parameter settings. You can also follow this procedure to change the name of the data folder later.

2. Rename the "dede" management directory and strengthen it.

If you hide the background, even if someone else gets your administrator account and password, he will not be able to log in.

a. In / dede/config.php, find the following line:

/ / verify user login status $cuserLogin = new userLogin (); if ($cuserLogin- > getUserID () = =-1) {header ("location:login.php?gotopage=" .urlencode ($dedeNowurl));}

Change the above code to:

/ / verify user login status $cuserLogin = new userLogin (); if ($cuserLogin- > getUserID () = =-1) {/ / header ("location:login.php?gotopage=" .urlencode ($dedeNowurl)); header ("HTTP/1.0 404 Not Found"); exit ();}

b. Modify the file name of / dede/login.php and modify the form submission address in / dede/templets/login.htm accordingly

c. Modify the directory name of / dede/

In this way, others can only access the renamed address of / dede/login.php before logging in, and accessing other addresses will get a 404 error.

Of course, after security reinforcement, there will be some trouble with the upgrade of DedeCMS in the future.

On the modification of DEDECMS to prevent the site from hanging horse method to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.