Shulou(Shulou.com)06/02 Report--

What are the security details in Dedecms? This problem may be our daily study or work often see. I hope you learned something from this question. The following is the reference content brought to you by Xiaobian. Let's take a look together!

What are the security details in Dedecms?

With the popularity of CMS, more and more netizens began to join the industry of personal webmaster, perhaps many netizens think, as long as buy a domain name, rent a space, then resolve the domain name, then FTP upload program, after the program installation can publish content, publish content began to do everywhere outside the chain, do outside the chain is the real webmaster.

Recommended Learning: Weaving Dreams CMS

Just, do stationmaster really be so simple? For most webmasters, Dedecms is a very convenient open source CMS, because of the large number of people using it, so the security of Dedecms has been criticized, not only is the website using Dedecms vulnerable to attacks, even the official website of Dream Weaving often cannot be opened, which can be described as a typical tree attracting wind. However, even so, there are still a lot of netizens support, after all, it is very easy to use, rookies can learn to operate in a very short time; but if you really like dedecms, then in the process of using should pay attention to the following seven easy to ignore security issues.

Download and use other people's templates.

Dedecms is popular, a very important reason is that there are many templates, and the template is very beautiful, many netizens are directly downloaded the official program, and then find a template set, so that you can complete a lot of websites. However, when downloading the template, it is best to check whether there is a black chain or other advertising code on the template, which may affect the security of the website.

Second, there is no limit to folder script running

This is official advice, because dedecms are vulnerable, and if you accidentally upload files, they won't work if your folder has permissions that restrict scripts from running. Currently uploads, data, templets these three directories are to prohibit php files to run, while common.inc.php to be set to read-only.

III. Failure to upgrade patches or versions in time

No matter what open source program, there will be different versions, the current dedecms is very popular version 5.6 or 5.7, but the previous version will update the vulnerability patch; use dedecms to build a station, then from time to time in the background upgrade patch, this and the use of windows system, no patch can not guarantee security, no matter how busy you have to go to the background upgrade patch.

IV. No restrictions on file formats uploaded by members

Dedecms is still very powerful, not only can do content sites, but also can do community, support contributions, support and forum data together; however, because it involves registered members to contribute something, then pay special attention to the format of member upload files, to set clear attachments and pictures allowed to upload in the background, many vulnerabilities are the use of member upload file attacks.

V. No modification of administrator account and nickname

The administrator account of Dedecms is admin, and the default administrator nickname is also admin. The nickname here is the publisher displayed when publishing articles. In order to avoid the disclosure of the administrator account, you must modify the nickname. The nickname can be modified in the account management. It is recommended to change it to Chinese. As for the administrator account, modify it in the database to avoid others from breaking the password violently.

VI. No background address modification or robots.txt

Use this kind of CMS with background, then be sure to modify the background address, and patch it at the same time; however, many novices speculate that search engines may include the background address, so it is forbidden to include the background directory in robots.txt, so instead there is no silver here, so that those who are not good intentions can take advantage of it. How to write robots.txt can refer to webmaster network.

Seven, the website has problems easily given the background

As a webmaster, more or less will encounter website revision or website poisoning problems, encounter such problems, it is inevitable to find someone to solve the problem, the forum will have a lot of people dedicated to solving such problems, but these people are good or bad, many people on Q directly said that they can solve the problem, then ask the background address and password, this time webmaster must not be excited, to check the other party's information first, Many dishonest people will easily control your website at this time to add black chains or potential vulnerabilities.

In any case, no matter how other CMS propaganda security and stability, or can not stop the majority of webmasters using dedecms, after all, simple ah, simple and easy to use is king, but in the convenient time do not forget these easy clothing security issues oh.

Thank you for reading! After reading the above, what do you know about the security details in Dedecms? I hope the content of this article is helpful to everyone. If you want to know more about related articles, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.