Shulou(Shulou.com)06/02 Report--

This article is about how to solve the security problems of dream weaving DedeCms. The editor thought it was very practical, so I shared it with you as a reference. Let's follow the editor and have a look.

How to solve the security problem of dream weaving DedeCms?

The following is for some novice webmasters who use DEDE (non-targeted people with technical skills)

On the Internet, you can also see the DEDECMS program, although it is convenient for grass-roots webmasters to build stations quickly, but there are also many security problems. DEDE officially stopped upgrading this system a long time ago, with some patches at the most.

Recommended study: dream weaving cms

OK, let's cut the crap and sort out some of the more commonly used treatment schemes:

Step one:

Install Dede when the database table prefix, it is best to change it, do not use dedecms default prefix dede_, can be changed to emtalk_, any irregular, difficult to guess prefix (if the site running online, you can ask the technician to help modify).

Step 2:

Login at the background must enable the CAPTCHA function (or write your own security mechanism), delete the default administrator admin and change it to your own private, complicated account. The administrator password must be long, at least 8 digits, and mixed with letters and numbers.

Step 3:

Be sure to delete the install directory after installing the program!

Step 4:

Change the default directory name of dedecms background management, dede, and change something that is hard to guess and irregular (change it from time to time).

Step 5:

All unneeded functions are turned off (or deleted / deleted), such as members, comments, etc., if it is not necessary to turn them off in the background. (if some functions are required and there is technical support, you can develop or modify the default success code by yourself)

Step 6:

(1) some of the following directories / features can be deleted (if you can't use them):

Member membership function special special feature company enterprise module plusguestbook message board

(2) the following files can be deleted:

These files under the management directory are stage managers, which are redundant functions and have the greatest impact on security. Many HACK use it to hang up their horses.

File_manage_control.php file_manage_main.php file_manage_view.php media_add.php media_edit.php media_main.php

Then there are:

Delete the dede/sys_sql_query.php file without the SQL command runner.

If the tag function is not needed, please delete the tag.php in the root directory. If you don't need a top guest, please delete digg.php and diggindex.php in the root directory.

Step 7:

Pay more attention to the security patch officially released by dedecms and put on the patch in time.

Step 8:

Download and release function (manage directory soft__xxx_xxx.php), if not, it can be deleted, this is also easier to upload pony.

Step 9:

Third-party protection plug-ins can be downloaded, such as "Weaving Dream CMS Security package" and "DedeCMS stubborn Trojan Horse back door Kill" produced by Baidu's Security Alliance.

Step 10:

(optional) the safest way: publish the html locally and upload it to the space. It does not contain any dynamic content files, which is the safest in theory, but it is relatively troublesome to maintain.

Add: or often have to check their own website, be hung black chain is a small matter, be hung Trojan horse or delete program is very miserable, bad luck, ranking will follow. So remember to back up the data frequently!

So far, the malicious script files we have found are

Plus/ac.php plus/config_s.php plus/config_bak.php plus/diy.php plus/ii.php plus/lndex.php data/cache/t.php data/cache/x.php data/config.php data/cache/config_user.php data/config_func.php, wait.

Most of the uploaded scripts are concentrated in the plus, data and data/cache directories. Please check carefully whether there are any recently uploaded files in the three directories.

As for servers, if it is a WIN series server, you can install security dogs and other related protection tools.

The words of the webmaster friends in the virtual space. Just do a good job of site security. You can't touch the server either.

Thank you for reading! This is the end of the way to solve the security problem of Weaving Dream DedeCms. I hope the above content can be helpful to you, so that you can learn more knowledge. If you think the article is good, you can share it and let more people see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.