1. Change the prefix wildcard for a database table
The prefix wildcard is not the prefix of the database table name entered at the time of installation, but refers to the "#@_" string in the system source code.
I used to see a lot of unknown files in my own web site to write a lot of direct operation of the database code, which the operation of the table contains the "#@_" string, if we modify the source of the "#@_" string, then these unknown files will not work.
2, change the background management directory name
Hackers to invade a website, is generally through the SQL injection Hack site Administrator account password, and then log in to the background, upload Trojan, get Webshell right, until full control of the entire site. If we can modify the table name of the Administrator table and the management directory name of the background of the site, hackers will not be able to crack the site's administrator account, even if the administrator account, may also be unable to know the site management directory and can not log in to give up.
For administrator table name and background management directory modification, should try not to appear admin or manager keyword, this can greatly increase the hacker's crack difficulty. It is important to note that after modifying the name of the administrator table in the database, the corresponding table name in the source code should be modified. Weaving dream V5.7 in a total of 27 needs to be modified, you can search "dede_admin" to replace, I will not point out.
3. Initial connection configuration file of database repair
In the data/common.inc.php file of dream weaving, the database connection information is recorded, which is clear and unsafe. Here are two ways to make it relatively safe.
(1) Add a number of variables (dozens of or even hundreds), only six of these variables are really working, and others are used to disrupt the hacker's judgment.
(2) To encrypt data, but this need webmaster have certain programming technology. Either way, you need to make the appropriate modifications in the database initialization class, but the first method only needs to change a few variable names, which is relatively simple.
The above three methods to the Dream CMS system security can play a very important role, and many webmaster friends to enhance the security of the site methods are not able to start. Hope this article to the vast number of webmaster Friends of the Dream Web site security has helped!
There are also several points to be aware of:
1. Remove the member, special, and install folders from the root directory after the installation is complete.
2, set uploads, images, data, templets can be read writable non-executable
3, set include, plus, background files (default is Dede) readable executable non-writable
4. Set data/common.inc.php Read Only
5. Background watermark off
6, 404 Page Setup
Articles you may be interested in
http://www.bkjia.com/PHPjc/764141.html www.bkjia.com true http://www.bkjia.com/PHPjc/764141.html techarticle Web development Since the author often received to the people's website to do security upgrade this job, and received these jobs, most of them are through the weaving dream CMS build up the site, because of the attack guide ...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
